Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.03.2013, 20:28   #1
Kopernikus29
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Hallo,
von Google kam heute der Hinweis "Ungewöhnlich hoher Datenverkehr im Netzwerk"
Ist so was prophylaktisch oder muss ich mir da Gedanken machen.
Was wollen die von mir?
Es geht hier um einen Windows 7 PC mit GDATA, der eigentlich tadellos läuft.

Hijack This hat bis auf "MSIE: Internet Explorer v10.0 (10.00.9200.16521)" nichts auffälliges gezeigt.
Defogger habe ich schon mal runter geladen, im log stand folgendes
" defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:10 on 27/03/2013 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-"
Was es auch immer heißen soll, ich weiß es nicht.
OTL mache ich noch, so weit bis jetzt
Thomas

so hier der erste LogOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.03.2013 20:30:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 70,03% Memory free
7,96 Gb Paging File | 6,27 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 57,73 Gb Free Space | 57,73% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 187,82 Gb Free Space | 93,91% Space Free | Partition Type: NTFS
Drive E: | 165,66 Gb Total Space | 165,57 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSTIER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.27 20:26:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.11.29 05:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 15:03:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 20:56:29 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll
MOD - [2013.01.10 20:56:29 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll
MOD - [2013.01.10 18:52:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 18:52:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 18:52:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 18:51:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 18:51:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 18:51:52 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 18:51:40 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.13 20:06:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.10 10:26:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.29 05:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.10 19:13:34 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.10 19:13:34 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.09 18:26:10 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.09 18:24:56 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.09 18:24:56 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.12.23 11:02:07 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.12.23 11:02:07 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.04.03 11:22:07 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.02 10:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 10:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.05.20 06:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.07.09 12:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Programme\MIFcom\Support\pcwiz_x64.sys -- (cpuz134)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Bing [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 D1 03 39 1E 0F CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 10:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 20:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 10:26:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 20:03:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.15 20:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.03.10 10:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5i5anelm.default\extensions
[2013.02.05 07:53:06 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5i5anelm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.10.15 07:16:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5i5anelm.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.03.10 10:22:32 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5i5anelm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.19 17:52:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5i5anelm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.15 20:42:47 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5i5anelm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.03.10 10:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.10 10:26:32 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013.03.10 10:26:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:20:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26AC523-5D0B-4C81-882C-2672C46F99B2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26AC523-5D0B-4C81-882C-2672C46F99B2}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c00e7d77-4cdb-11e2-968e-5404a666d043}\Shell - "" = AutoRun
O33 - MountPoints2\{c00e7d77-4cdb-11e2-968e-5404a666d043}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.21 19:44:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\OneNote-Notizbücher
[2013.03.21 19:32:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.21 19:01:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neuer Ordner (2)
[2013.03.21 18:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.03.21 18:31:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.21 18:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.03.13 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.10 10:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.01 19:18:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2013.03.01 19:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.27 20:07:34 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.03.27 20:06:11 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe
[2013.03.27 20:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.27 19:16:48 | 001,024,350 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.03.27 19:16:48 | 000,053,428 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.03.27 19:15:53 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.27 19:15:53 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.27 19:15:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.27 19:15:07 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.27 19:15:07 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.27 19:15:07 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.27 19:15:07 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.27 19:08:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.27 19:08:36 | 3206,463,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.21 19:44:53 | 000,001,344 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.21 18:35:29 | 000,474,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.13 20:08:07 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 20:08:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.01 19:18:36 | 000,001,326 | ---- | M] () -- C:\Users\Admin\Desktop\PC Inspector File Recovery.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.27 20:07:34 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.03.27 20:06:11 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe
[2013.03.21 19:44:53 | 000,001,344 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.13 20:08:07 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 20:08:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.01 19:18:36 | 000,001,326 | ---- | C] () -- C:\Users\Admin\Desktop\PC Inspector File Recovery.lnk
[2012.02.16 18:33:05 | 001,024,350 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.02.14 09:51:15 | 000,046,837 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.02.14 09:49:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.14 09:49:24 | 000,031,736 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.19 10:53:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2013.03.19 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\korAccount
[2012.02.16 20:24:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\pdfforge
[2012.02.15 22:06:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2012.02.19 10:53:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

und jetzt der zweiteOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.03.2013 20:30:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 70,03% Memory free
7,96 Gb Paging File | 6,27 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 57,73 Gb Free Space | 57,73% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 187,82 Gb Free Space | 93,91% Space Free | Partition Type: NTFS
Drive E: | 165,66 Gb Total Space | 165,57 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSTIER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB9F2F3-3BFC-4B29-85D8-F17EFF91DE03}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0C00F865-3333-4126-8E4D-5C5761E408DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{101124E1-D05B-4802-A705-718011E3D00E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B579A6E-D5EF-4392-984B-6709F0F2B73D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1EA097B8-4B92-4A08-B322-9DD5C04D7936}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{31D136CD-5552-4242-A5EA-5F3E2DEA456E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{389D992F-F58F-4032-A614-DC980546D7E4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3AAE8ACC-A708-46C2-9BE4-AC294430B972}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{42DD0095-704A-4DB4-BBC0-926BC76AAB7A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{46012B0F-9F08-4A0E-89AF-B9AD25AE456E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{55323631-962F-4DD1-BC61-1D5AE0C074C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61C946E0-2470-4EAF-B9B2-319727817EEA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7BE40B27-50D9-4C57-A4A3-D66AC58E5285}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B626C98-0B19-4258-835A-2E3291398B35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B7E1E659-7A7C-4219-98C7-A95741642322}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B94D6943-61B6-4D59-8746-366F31F93802}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CDAAD2BD-EF31-4E14-BAF5-75C8E1533CFC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CE58CAD6-5E79-4F34-A74B-EC3BFFB77372}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D2AFCD13-2A40-4A2A-AF18-84F1E7AFB1DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D83FAE2F-F7B9-49F8-AE8A-3CB3168EF210}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E14CCE85-D797-4DF9-B161-945BDB2A7CCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E62B115B-570D-44AF-8E8A-11505872C8FC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E8438705-20EF-4DA4-ACA5-F6766013B402}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F728CBEC-CC3C-4D03-8158-BD91C1DBDB4F}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E72E10-1D08-46E3-8F4E-EFC3BC09B1EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{208FECE6-2834-4AC1-9E8E-E29F05C2873D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2263D356-7873-4A68-87B4-43B076FB4982}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{2738F825-F7BA-4683-BCE1-89B736F95E9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EF7643F-7139-4718-A26B-FEB3FF3F4EB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3AF6A648-DB9B-4804-868C-E46D85CCC363}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3B893949-9B98-4E3C-A6A7-289DA8FDDE72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{44599C5B-C22E-4A7D-B9BF-8A87514AE453}" = protocol=6 | dir=out | app=system | 
"{5897AA97-8D8C-4943-B314-58212C20D868}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5D93F489-B721-4E68-868D-085285B8559B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6438DD74-1910-429D-86BE-D2CAC623FA1C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{674FB827-01FA-4676-8975-9BEDDB8BC4B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68F078D2-CE06-4DFD-87D8-1CD042374DE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76984223-F4EF-4100-AFC9-2850427BF201}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{83F53087-AEAB-4268-9AF3-A9784AFA2B1E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{900A6D80-3087-426F-8FCB-F4CCB49C7842}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{924FB4A6-F475-4C7D-9008-55A2E69A8601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A60FDB30-C5E1-4912-931E-C37097866D0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B090D608-A04B-4F2D-802F-8C291B6D2184}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B9739D8E-AD83-4012-8C49-8AA8B09EE9FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C195A8D9-7AAF-448C-AE2C-A120B963D721}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C784C354-32AF-48EF-B096-51D9A8544AED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F69C2320-639B-4C34-BC66-D7C7B052374D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B914F2C-6CC2-4328-B84E-411A81B50FA4}" = Steuer-Sparer 2013
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{53166A4F-E59A-4A91-B520-3D4F124D9CD7}" = Steuer-Sparschwein 2012
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.STANDARD" = Microsoft Office Standard 2010
"Pixelspeed_Layouter" = Pixelspeed Layouter 
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.2
"XnView_is1" = XnView 1.98.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.03.2013 10:41:16 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.03.2013 12:43:17 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.03.2013 13:04:40 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 02:38:19 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 11:22:46 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 13:29:14 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 13:32:36 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 13:37:07 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 14:25:58 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 14:43:06 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.03.2013 02:44:44 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.03.2013 02:44:44 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 26.03.2013 03:05:37 | Computer Name = Arbeitstier | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 26.03.2013 11:48:53 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.03.2013 11:48:53 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 26.03.2013 11:51:00 | Computer Name = Arbeitstier | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2013 14:23:24 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.03.2013 14:23:24 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 27.03.2013 14:10:50 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 27.03.2013 14:10:50 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
--- --- ---

und jetzt der zweiteOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.03.2013 20:30:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 70,03% Memory free
7,96 Gb Paging File | 6,27 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 57,73 Gb Free Space | 57,73% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 187,82 Gb Free Space | 93,91% Space Free | Partition Type: NTFS
Drive E: | 165,66 Gb Total Space | 165,57 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSTIER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB9F2F3-3BFC-4B29-85D8-F17EFF91DE03}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0C00F865-3333-4126-8E4D-5C5761E408DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{101124E1-D05B-4802-A705-718011E3D00E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B579A6E-D5EF-4392-984B-6709F0F2B73D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1EA097B8-4B92-4A08-B322-9DD5C04D7936}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{31D136CD-5552-4242-A5EA-5F3E2DEA456E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{389D992F-F58F-4032-A614-DC980546D7E4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3AAE8ACC-A708-46C2-9BE4-AC294430B972}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{42DD0095-704A-4DB4-BBC0-926BC76AAB7A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{46012B0F-9F08-4A0E-89AF-B9AD25AE456E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{55323631-962F-4DD1-BC61-1D5AE0C074C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61C946E0-2470-4EAF-B9B2-319727817EEA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7BE40B27-50D9-4C57-A4A3-D66AC58E5285}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B626C98-0B19-4258-835A-2E3291398B35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B7E1E659-7A7C-4219-98C7-A95741642322}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B94D6943-61B6-4D59-8746-366F31F93802}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CDAAD2BD-EF31-4E14-BAF5-75C8E1533CFC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CE58CAD6-5E79-4F34-A74B-EC3BFFB77372}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D2AFCD13-2A40-4A2A-AF18-84F1E7AFB1DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D83FAE2F-F7B9-49F8-AE8A-3CB3168EF210}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E14CCE85-D797-4DF9-B161-945BDB2A7CCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E62B115B-570D-44AF-8E8A-11505872C8FC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E8438705-20EF-4DA4-ACA5-F6766013B402}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F728CBEC-CC3C-4D03-8158-BD91C1DBDB4F}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E72E10-1D08-46E3-8F4E-EFC3BC09B1EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{208FECE6-2834-4AC1-9E8E-E29F05C2873D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2263D356-7873-4A68-87B4-43B076FB4982}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{2738F825-F7BA-4683-BCE1-89B736F95E9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EF7643F-7139-4718-A26B-FEB3FF3F4EB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3AF6A648-DB9B-4804-868C-E46D85CCC363}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3B893949-9B98-4E3C-A6A7-289DA8FDDE72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{44599C5B-C22E-4A7D-B9BF-8A87514AE453}" = protocol=6 | dir=out | app=system | 
"{5897AA97-8D8C-4943-B314-58212C20D868}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5D93F489-B721-4E68-868D-085285B8559B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6438DD74-1910-429D-86BE-D2CAC623FA1C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{674FB827-01FA-4676-8975-9BEDDB8BC4B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68F078D2-CE06-4DFD-87D8-1CD042374DE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76984223-F4EF-4100-AFC9-2850427BF201}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{83F53087-AEAB-4268-9AF3-A9784AFA2B1E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{900A6D80-3087-426F-8FCB-F4CCB49C7842}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{924FB4A6-F475-4C7D-9008-55A2E69A8601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A60FDB30-C5E1-4912-931E-C37097866D0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B090D608-A04B-4F2D-802F-8C291B6D2184}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B9739D8E-AD83-4012-8C49-8AA8B09EE9FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C195A8D9-7AAF-448C-AE2C-A120B963D721}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C784C354-32AF-48EF-B096-51D9A8544AED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F69C2320-639B-4C34-BC66-D7C7B052374D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B914F2C-6CC2-4328-B84E-411A81B50FA4}" = Steuer-Sparer 2013
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{53166A4F-E59A-4A91-B520-3D4F124D9CD7}" = Steuer-Sparschwein 2012
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.STANDARD" = Microsoft Office Standard 2010
"Pixelspeed_Layouter" = Pixelspeed Layouter 
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.2
"XnView_is1" = XnView 1.98.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.03.2013 10:41:16 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.03.2013 12:43:17 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.03.2013 13:04:40 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 02:38:19 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 11:22:46 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 13:29:14 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 13:32:36 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 13:37:07 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 14:25:58 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 14:43:06 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.03.2013 02:44:44 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.03.2013 02:44:44 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 26.03.2013 03:05:37 | Computer Name = Arbeitstier | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 26.03.2013 11:48:53 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.03.2013 11:48:53 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 26.03.2013 11:51:00 | Computer Name = Arbeitstier | Source = bowser | ID = 8003
Description = 
 
Error - 26.03.2013 14:23:24 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 26.03.2013 14:23:24 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 27.03.2013 14:10:50 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 27.03.2013 14:10:50 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
--- --- ---

auf die Antworten bin ich gespannt,
wie gesagt PC hat eigentlich keine Auffälligkeiten.
Thomas

Hallo,
ich habe noch mal ein wenig im Netz gesucht und bin auf diese Seiten gestoßen.
Google fordert Captcha-Eingabe von Suchmaschinennutzern | heise Security

und hier im Forum von chip online
hxxp://forum.chip.de/rund-um-online/google-suche-captcha-meldung-1655159.html

Das Problem scheint an Google zu liegen und es trifft neu aufgesetzte windows PC und Linux PC. Das jemand mit dem Hinweis von Google einen Virus auf dem PC hatte, war nicht der Fall.
Thomas

Hallo,
ich habe noch mal ein wenig im Netz gesucht und bin auf diese Seiten gestoßen.
hxxp://www.heise.de/security/meldung/Google-fordert-Captcha-Eingabe-von-Suchmaschinennutzern-1653821.html

und hier im Forum von chip online
hxxp://forum.chip.de/rund-um-online/google-suche-captcha-meldung-1655159.html

Das Problem scheint an Google zu liegen und es trifft neu aufgesetzte windows PC und Linux PC. Das jemand mit dem Hinweis von Google einen Virus auf dem PC hatte, war eigentlich nicht der Fall.
Thomas

kann mir bitte jemand helfen die doppelten posts weg zu bekommen.
Danke

kann mir bitte jemand helfen die doppelten posts weg zu bekommen.
Danke
__________________
Windows 7
GDATA

Alt 28.03.2013, 16:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 29.03.2013, 10:36   #3
Kopernikus29
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Hallo Cosinus,
Danke erst mal für Deine Antwort. Logs hatte ich nur von Defogger und OTL.
Einen habe ich noch von GDATA, den wöchentlichen scann.
Code:
ATTFilter
Virenprüfung mit G Data InternetSecurity 2013
Version 23.1.0.2 (16.01.2013)
Virensignaturen vom 23.03.2013
Job: komplett
Startzeit: 23.03.2013 08:53:34
Engine(s): Engine A (AVA 22.8595), Engine B (AVL 22.1604)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein

Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 23.03.2013 09:29:43
    130936 Dateien überprüft
    0 infizierte Dateien gefunden
    0 verdächtige Dateien gefunden


Die folgenden Dateien sind Passwortgeschützt:
C:\Users\Internet\AppData\Roaming\Thunderbird\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\$RECYCLE.BIN\S-1-5-21-1516007715-2464333816-3581123430-1002\$R37Y9MO\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\$RECYCLE.BIN\S-1-5-21-1516007715-2464333816-3581123430-1002\$RDN8TE3\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\$RECYCLE.BIN\S-1-5-21-1516007715-2464333816-3581123430-1002\$RXEGNUW\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\$RECYCLE.BIN\S-1-5-21-1516007715-2464333816-3581123430-1002\$RXO7VON\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\$RECYCLE.BIN\S-1-5-21-1516007715-2464333816-3581123430-1002\$RZWMYHV\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\sicherung\Thunderbird\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\sicherung\Thunderbird_6\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\sicherung\Thunderbird_7\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
D:\sicherung\Thunderbird_8\Profiles\wmxdms6l.default\Mail\pop.gmx.net\Inbox.sbd\Autoversicherung
         
Da war aber nichts auffälliges.
Gab es denn bei OTL auffällige Sachen?
Ich geh eigentlich davon aus, dass der Rechner Sauber ist.
Da FF mit Noscript und Adblockolus abgesichert ist, ins Netz geht es bei mir nur im eingeschenkten Modus.
Was ich bei Chip gelesen habe, dieser Hinweis von Google trifft so gar Linux Rechner
Aber richtig sicher ist man eigentlich nie
Thomas
__________________
__________________

Alt 29.03.2013, 20:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Das sind nur Fund in den Mailboxdateien. Hüte dich davor, solche Dateien zu löschen, weil solche Dateien als Speicherort für alle E-Mails verwendet werden

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.04.2013, 16:25   #5
Kopernikus29
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Hallo Cosinus,
ich hoffe Du hattest ein schönes Ostern. Hier die beiden logs.
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-01 15:54:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500DM0 rev.KC45 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pgtoiaow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077071465 2 bytes [07, 77]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000770714bb 2 bytes [07, 77]
.text  ...                                                                                                                                        * 2

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Admin :: ARBEITSTIER [administrator]

01.04.2013 16:10:15
mbar-log-2013-04-01 (16-10-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28877
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
MBAR brauchte keinen Neustart und GMER war auch sehr schnell fertig.
Was meinst Du mit
Zitat:
"Das sind nur Fund in den Mailboxdateien"
War dort etwas in Thunderbird was da nicht sein sollte?
Die Startseite von Firefox habe ich erst mal geändert. Es gibt ja noch alternativen.
Thomas

__________________
Windows 7
GDATA

Alt 01.04.2013, 22:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Zitat:
War dort etwas in Thunderbird was da nicht sein sollte?
Ich hab doch erkärt was Mailboxdateien sind, was hast du daran nicht verstanden?


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> "Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google

Alt 02.04.2013, 10:12   #7
Kopernikus29
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Hallo Cosinus
hier das log von MBR. Ich musste das Programm noch einmal mit " None " Starten, dann lief es.
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-02 09:34:50
-----------------------------
09:34:50.003    OS Version: Windows x64 6.1.7601 Service Pack 1
09:34:50.003    Number of processors: 4 586 0x2A07
09:34:50.003    ComputerName: ARBEITSTIER  UserName: Admin
09:34:50.737    Initialize success
09:34:57.320    AVAST engine defs: 13040101
09:35:13.185    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:35:13.185    Disk 0 Vendor: ST500DM0 KC45 Size: 476940MB BusType: 3
09:35:13.294    Disk 0 MBR read successfully
09:35:13.294    Disk 0 MBR scan
09:35:13.310    Disk 0 Windows 7 default MBR code
09:35:13.310    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:35:13.325    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       102399 MB offset 206848
09:35:13.357    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       204800 MB offset 209920000
09:35:13.388    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       169639 MB offset 629350400
09:35:13.528    Disk 0 scanning C:\Windows\system32\drivers
09:35:23.341    Service scanning
09:35:40.532    Modules scanning
09:35:40.532    Disk 0 trace - called modules:
09:35:41.047    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
09:35:41.047    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006821060]
09:35:41.062    3 CLASSPNP.SYS[fffff88000c7743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003ff0050]
09:35:41.062    Scan finished successfully
09:36:35.194    Disk 0 MBR has been saved successfully to "C:\Users\Admin\Downloads\MBR.dat"
09:36:35.210    The log file has been saved successfully to "C:\Users\Admin\Downloads\aswMBR.txt"
         
Das Log von TDSSKiller ist zu lang, ich soll es als Anhang hoch laden.
Gefunden hat das Programm nichts.
Thomas
__________________
Windows 7
GDATA

Alt 02.04.2013, 12:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Zitat:
09:43:15.0029 2468 Scan started
09:43:15.0029 2468 Mode: Manual;
Du hast den tdsskiller falsch eingestellt, bitte die Anleitungen sorgfältiger lesen und umsetzen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.04.2013, 17:14   #9
Kopernikus29
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Alles klar, ich habe nach gesessen.
Hier das Log.
Code:
ATTFilter
17:04:32.0778 3216  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:04:33.0590 3216  ============================================================
17:04:33.0590 3216  Current date / time: 2013/04/02 17:04:33.0590
17:04:33.0590 3216  SystemInfo:
17:04:33.0590 3216  
17:04:33.0590 3216  OS Version: 6.1.7601 ServicePack: 1.0
17:04:33.0590 3216  Product type: Workstation
17:04:33.0590 3216  ComputerName: ARBEITSTIER
17:04:33.0590 3216  UserName: Admin
17:04:33.0590 3216  Windows directory: C:\Windows
17:04:33.0590 3216  System windows directory: C:\Windows
17:04:33.0590 3216  Running under WOW64
17:04:33.0590 3216  Processor architecture: Intel x64
17:04:33.0590 3216  Number of processors: 4
17:04:33.0590 3216  Page size: 0x1000
17:04:33.0590 3216  Boot type: Normal boot
17:04:33.0590 3216  ============================================================
17:04:34.0260 3216  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:04:34.0276 3216  ============================================================
17:04:34.0276 3216  \Device\Harddisk0\DR0:
17:04:34.0276 3216  MBR partitions:
17:04:34.0276 3216  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:04:34.0276 3216  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7FF800
17:04:34.0276 3216  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC832000, BlocksNum 0x19000000
17:04:34.0276 3216  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x25832000, BlocksNum 0x14B53800
17:04:34.0276 3216  ============================================================
17:04:34.0307 3216  C: <-> \Device\Harddisk0\DR0\Partition2
17:04:34.0338 3216  D: <-> \Device\Harddisk0\DR0\Partition3
17:04:34.0370 3216  E: <-> \Device\Harddisk0\DR0\Partition4
17:04:34.0370 3216  ============================================================
17:04:34.0370 3216  Initialize success
17:04:34.0370 3216  ============================================================
17:05:22.0979 3988  ============================================================
17:05:22.0979 3988  Scan started
17:05:22.0979 3988  Mode: Manual; SigCheck; TDLFS; 
17:05:22.0979 3988  ============================================================
17:05:23.0135 3988  ================ Scan system memory ========================
17:05:23.0135 3988  System memory - ok
17:05:23.0135 3988  ================ Scan services =============================
17:05:23.0245 3988  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:05:23.0354 3988  1394ohci - ok
17:05:23.0447 3988  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\AAVUpdateManager\aavus.exe
17:05:23.0463 3988  AAV UpdateService - ok
17:05:23.0479 3988  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:05:23.0510 3988  ACPI - ok
17:05:23.0525 3988  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:05:23.0572 3988  AcpiPmi - ok
17:05:23.0681 3988  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:05:23.0713 3988  AdobeFlashPlayerUpdateSvc - ok
17:05:23.0744 3988  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:05:23.0775 3988  adp94xx - ok
17:05:23.0791 3988  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:05:23.0806 3988  adpahci - ok
17:05:23.0806 3988  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:05:23.0822 3988  adpu320 - ok
17:05:23.0837 3988  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:05:23.0931 3988  AeLookupSvc - ok
17:05:23.0993 3988  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:05:24.0040 3988  AFD - ok
17:05:24.0071 3988  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:05:24.0087 3988  agp440 - ok
17:05:24.0103 3988  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:05:24.0149 3988  ALG - ok
17:05:24.0165 3988  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:05:24.0165 3988  aliide - ok
17:05:24.0181 3988  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:05:24.0181 3988  amdide - ok
17:05:24.0196 3988  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:05:24.0227 3988  AmdK8 - ok
17:05:24.0227 3988  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:05:24.0243 3988  AmdPPM - ok
17:05:24.0274 3988  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:05:24.0290 3988  amdsata - ok
17:05:24.0305 3988  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:05:24.0321 3988  amdsbs - ok
17:05:24.0337 3988  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:05:24.0337 3988  amdxata - ok
17:05:24.0368 3988  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:05:24.0399 3988  AppID - ok
17:05:24.0430 3988  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:05:24.0477 3988  AppIDSvc - ok
17:05:24.0493 3988  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:05:24.0524 3988  Appinfo - ok
17:05:24.0555 3988  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
17:05:24.0586 3988  arc - ok
17:05:24.0602 3988  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:05:24.0617 3988  arcsas - ok
17:05:24.0633 3988  [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
17:05:24.0680 3988  asmthub3 - ok
17:05:24.0711 3988  [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
17:05:24.0758 3988  asmtxhci - ok
17:05:24.0773 3988  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:05:24.0820 3988  AsyncMac - ok
17:05:24.0867 3988  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:05:24.0883 3988  atapi - ok
17:05:24.0929 3988  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:05:24.0976 3988  AudioEndpointBuilder - ok
17:05:24.0992 3988  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:05:25.0023 3988  AudioSrv - ok
17:05:25.0132 3988  [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
17:05:25.0163 3988  AVKProxy - ok
17:05:25.0210 3988  [ 68F93849B4197243E8454E704B063F9B ] AVKService      C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
17:05:25.0241 3988  AVKService - ok
17:05:25.0288 3988  [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl         C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
17:05:25.0335 3988  AVKWCtl - ok
17:05:25.0397 3988  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:05:25.0444 3988  AxInstSV - ok
17:05:25.0460 3988  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:05:25.0507 3988  b06bdrv - ok
17:05:25.0522 3988  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:05:25.0538 3988  b57nd60a - ok
17:05:25.0585 3988  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:05:25.0631 3988  BDESVC - ok
17:05:25.0631 3988  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:05:25.0663 3988  Beep - ok
17:05:25.0709 3988  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:05:25.0772 3988  BFE - ok
17:05:25.0787 3988  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:05:25.0834 3988  BITS - ok
17:05:25.0850 3988  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:05:25.0881 3988  blbdrive - ok
17:05:25.0912 3988  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:05:25.0959 3988  bowser - ok
17:05:25.0990 3988  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:05:26.0006 3988  BrFiltLo - ok
17:05:26.0021 3988  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:05:26.0037 3988  BrFiltUp - ok
17:05:26.0068 3988  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:05:26.0084 3988  Browser - ok
17:05:26.0099 3988  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:05:26.0146 3988  Brserid - ok
17:05:26.0162 3988  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:05:26.0177 3988  BrSerWdm - ok
17:05:26.0193 3988  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:05:26.0209 3988  BrUsbMdm - ok
17:05:26.0224 3988  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:05:26.0240 3988  BrUsbSer - ok
17:05:26.0240 3988  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:05:26.0271 3988  BTHMODEM - ok
17:05:26.0287 3988  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:05:26.0333 3988  bthserv - ok
17:05:26.0349 3988  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:05:26.0380 3988  cdfs - ok
17:05:26.0411 3988  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:05:26.0427 3988  cdrom - ok
17:05:26.0443 3988  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:05:26.0489 3988  CertPropSvc - ok
17:05:26.0505 3988  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
17:05:26.0536 3988  circlass - ok
17:05:26.0567 3988  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:05:26.0583 3988  CLFS - ok
17:05:26.0630 3988  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:05:26.0630 3988  clr_optimization_v2.0.50727_32 - ok
17:05:26.0661 3988  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:05:26.0677 3988  clr_optimization_v2.0.50727_64 - ok
17:05:26.0723 3988  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:05:26.0739 3988  clr_optimization_v4.0.30319_32 - ok
17:05:26.0786 3988  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:05:26.0801 3988  clr_optimization_v4.0.30319_64 - ok
17:05:26.0833 3988  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:05:26.0864 3988  CmBatt - ok
17:05:26.0864 3988  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:05:26.0879 3988  cmdide - ok
17:05:26.0911 3988  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:05:26.0926 3988  CNG - ok
17:05:26.0942 3988  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:05:26.0957 3988  Compbatt - ok
17:05:26.0973 3988  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:05:27.0004 3988  CompositeBus - ok
17:05:27.0004 3988  COMSysApp - ok
17:05:27.0051 3988  [ 17719A7F571D4CD08223F0B30F71B8B8 ] cpuz134         C:\Program Files\MIFcom\Support\pcwiz_x64.sys
17:05:27.0067 3988  cpuz134 - ok
17:05:27.0113 3988  cpuz135 - ok
17:05:27.0145 3988  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:05:27.0160 3988  crcdisk - ok
17:05:27.0191 3988  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:05:27.0223 3988  CryptSvc - ok
17:05:27.0254 3988  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:05:27.0301 3988  DcomLaunch - ok
17:05:27.0332 3988  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:05:27.0363 3988  defragsvc - ok
17:05:27.0379 3988  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:05:27.0410 3988  DfsC - ok
17:05:27.0425 3988  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:05:27.0457 3988  Dhcp - ok
17:05:27.0488 3988  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:05:27.0535 3988  discache - ok
17:05:27.0550 3988  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
17:05:27.0566 3988  Disk - ok
17:05:27.0597 3988  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:05:27.0644 3988  Dnscache - ok
17:05:27.0659 3988  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:05:27.0706 3988  dot3svc - ok
17:05:27.0722 3988  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:05:27.0753 3988  DPS - ok
17:05:27.0784 3988  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:05:27.0800 3988  drmkaud - ok
17:05:27.0831 3988  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:05:27.0847 3988  DXGKrnl - ok
17:05:27.0862 3988  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:05:27.0909 3988  EapHost - ok
17:05:27.0956 3988  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:05:28.0049 3988  ebdrv - ok
17:05:28.0081 3988  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:05:28.0096 3988  EFS - ok
17:05:28.0143 3988  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:05:28.0190 3988  ehRecvr - ok
17:05:28.0205 3988  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:05:28.0237 3988  ehSched - ok
17:05:28.0252 3988  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:05:28.0268 3988  elxstor - ok
17:05:28.0283 3988  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:05:28.0299 3988  ErrDev - ok
17:05:28.0330 3988  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:05:28.0361 3988  EventSystem - ok
17:05:28.0393 3988  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:05:28.0408 3988  exfat - ok
17:05:28.0424 3988  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:05:28.0455 3988  fastfat - ok
17:05:28.0486 3988  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:05:28.0517 3988  Fax - ok
17:05:28.0533 3988  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
17:05:28.0549 3988  fdc - ok
17:05:28.0564 3988  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:05:28.0595 3988  fdPHost - ok
17:05:28.0627 3988  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:05:28.0658 3988  FDResPub - ok
17:05:28.0673 3988  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:05:28.0673 3988  FileInfo - ok
17:05:28.0689 3988  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:05:28.0736 3988  Filetrace - ok
17:05:28.0736 3988  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:05:28.0736 3988  flpydisk - ok
17:05:28.0751 3988  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:05:28.0767 3988  FltMgr - ok
17:05:28.0814 3988  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:05:28.0829 3988  FontCache - ok
17:05:28.0876 3988  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:05:28.0876 3988  FontCache3.0.0.0 - ok
17:05:28.0892 3988  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:05:28.0907 3988  FsDepends - ok
17:05:28.0939 3988  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:05:28.0939 3988  Fs_Rec - ok
17:05:28.0970 3988  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:05:28.0985 3988  fvevol - ok
17:05:29.0001 3988  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:05:29.0017 3988  gagp30kx - ok
17:05:29.0048 3988  [ 330A3B41D6FFC434561CBDD73FF6715B ] GDBehave        C:\Windows\system32\drivers\GDBehave.sys
17:05:29.0063 3988  GDBehave - ok
17:05:29.0157 3988  [ 98024F808C6A12FA9160AEF9C8344FAB ] GDFwSvc         C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
17:05:29.0219 3988  GDFwSvc - ok
17:05:29.0219 3988  [ BAF8516F1D119C56EA5E8A4CEBEFD669 ] GDMnIcpt        C:\Windows\system32\drivers\MiniIcpt.sys
17:05:29.0235 3988  GDMnIcpt - ok
17:05:29.0266 3988  [ 4392B0D685141724526FB48CF162DDD1 ] GDPkIcpt        C:\Windows\system32\drivers\PktIcpt.sys
17:05:29.0282 3988  GDPkIcpt - ok
17:05:29.0344 3988  [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
17:05:29.0375 3988  GDScan - ok
17:05:29.0391 3988  [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd         C:\Windows\system32\drivers\gdwfpcd64.sys
17:05:29.0407 3988  gdwfpcd - ok
17:05:29.0438 3988  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
17:05:29.0438 3988  ggflt - ok
17:05:29.0469 3988  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
17:05:29.0485 3988  ggsemc - ok
17:05:29.0516 3988  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:05:29.0563 3988  gpsvc - ok
17:05:29.0563 3988  GPU-Z - ok
17:05:29.0609 3988  [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD             C:\Windows\system32\drivers\GRD.sys
17:05:29.0625 3988  GRD - ok
17:05:29.0641 3988  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:05:29.0687 3988  hcw85cir - ok
17:05:29.0719 3988  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:05:29.0765 3988  HdAudAddService - ok
17:05:29.0781 3988  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:05:29.0797 3988  HDAudBus - ok
17:05:29.0812 3988  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:05:29.0828 3988  HidBatt - ok
17:05:29.0843 3988  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:05:29.0859 3988  HidBth - ok
17:05:29.0890 3988  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:05:29.0906 3988  HidIr - ok
17:05:29.0906 3988  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:05:29.0937 3988  hidserv - ok
17:05:29.0968 3988  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:05:29.0984 3988  HidUsb - ok
17:05:29.0999 3988  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:05:30.0046 3988  hkmsvc - ok
17:05:30.0062 3988  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:05:30.0077 3988  HomeGroupListener - ok
17:05:30.0093 3988  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:05:30.0109 3988  HomeGroupProvider - ok
17:05:30.0140 3988  [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre      C:\Windows\system32\drivers\HookCentre.sys
17:05:30.0155 3988  HookCentre - ok
17:05:30.0171 3988  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:05:30.0171 3988  HpSAMD - ok
17:05:30.0202 3988  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:05:30.0249 3988  HTTP - ok
17:05:30.0265 3988  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:05:30.0265 3988  hwpolicy - ok
17:05:30.0280 3988  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:05:30.0296 3988  i8042prt - ok
17:05:30.0311 3988  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
17:05:30.0327 3988  iaStor - ok
17:05:30.0405 3988  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:05:30.0405 3988  IAStorDataMgrSvc - ok
17:05:30.0452 3988  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:05:30.0467 3988  iaStorV - ok
17:05:30.0499 3988  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:05:30.0530 3988  idsvc - ok
17:05:30.0545 3988  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:05:30.0545 3988  iirsp - ok
17:05:30.0577 3988  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:05:30.0623 3988  IKEEXT - ok
17:05:30.0701 3988  [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:05:30.0748 3988  IntcAzAudAddService - ok
17:05:30.0764 3988  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:05:30.0779 3988  intelide - ok
17:05:30.0795 3988  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:05:30.0826 3988  intelppm - ok
17:05:30.0842 3988  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:05:30.0904 3988  IPBusEnum - ok
17:05:30.0904 3988  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:05:30.0935 3988  IpFilterDriver - ok
17:05:30.0982 3988  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:05:31.0029 3988  iphlpsvc - ok
17:05:31.0045 3988  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:05:31.0076 3988  IPMIDRV - ok
17:05:31.0076 3988  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:05:31.0123 3988  IPNAT - ok
17:05:31.0138 3988  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:05:31.0169 3988  IRENUM - ok
17:05:31.0185 3988  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:05:31.0201 3988  isapnp - ok
17:05:31.0216 3988  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:05:31.0232 3988  iScsiPrt - ok
17:05:31.0263 3988  [ DBC83F59D9741734F9575DA4E3345B2C ] JRAID           C:\Windows\system32\drivers\jraid.sys
17:05:31.0310 3988  JRAID - ok
17:05:31.0325 3988  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:05:31.0341 3988  kbdclass - ok
17:05:31.0357 3988  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:05:31.0372 3988  kbdhid - ok
17:05:31.0372 3988  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:05:31.0388 3988  KeyIso - ok
17:05:31.0419 3988  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:05:31.0435 3988  KSecDD - ok
17:05:31.0450 3988  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:05:31.0450 3988  KSecPkg - ok
17:05:31.0466 3988  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:05:31.0497 3988  ksthunk - ok
17:05:31.0528 3988  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:05:31.0575 3988  KtmRm - ok
17:05:31.0591 3988  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:05:31.0637 3988  LanmanServer - ok
17:05:31.0653 3988  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:05:31.0715 3988  LanmanWorkstation - ok
17:05:31.0747 3988  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:05:31.0778 3988  lltdio - ok
17:05:31.0809 3988  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:05:31.0856 3988  lltdsvc - ok
17:05:31.0871 3988  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:05:31.0903 3988  lmhosts - ok
17:05:31.0918 3988  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:05:31.0934 3988  LSI_FC - ok
17:05:31.0949 3988  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:05:31.0965 3988  LSI_SAS - ok
17:05:31.0965 3988  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:05:31.0981 3988  LSI_SAS2 - ok
17:05:31.0981 3988  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:05:31.0996 3988  LSI_SCSI - ok
17:05:32.0012 3988  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:05:32.0043 3988  luafv - ok
17:05:32.0074 3988  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:05:32.0090 3988  Mcx2Svc - ok
17:05:32.0090 3988  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:05:32.0105 3988  megasas - ok
17:05:32.0121 3988  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:05:32.0137 3988  MegaSR - ok
17:05:32.0168 3988  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
17:05:32.0168 3988  MEIx64 - ok
17:05:32.0199 3988  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:05:32.0246 3988  MMCSS - ok
17:05:32.0246 3988  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:05:32.0293 3988  Modem - ok
17:05:32.0324 3988  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:05:32.0339 3988  monitor - ok
17:05:32.0355 3988  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:05:32.0371 3988  mouclass - ok
17:05:32.0386 3988  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:05:32.0417 3988  mouhid - ok
17:05:32.0433 3988  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:05:32.0449 3988  mountmgr - ok
17:05:32.0495 3988  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:05:32.0511 3988  MozillaMaintenance - ok
17:05:32.0527 3988  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:05:32.0542 3988  mpio - ok
17:05:32.0558 3988  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:05:32.0589 3988  mpsdrv - ok
17:05:32.0620 3988  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:05:32.0651 3988  MpsSvc - ok
17:05:32.0667 3988  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:05:32.0683 3988  MRxDAV - ok
17:05:32.0714 3988  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:05:32.0745 3988  mrxsmb - ok
17:05:32.0745 3988  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:05:32.0776 3988  mrxsmb10 - ok
17:05:32.0776 3988  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:05:32.0792 3988  mrxsmb20 - ok
17:05:32.0823 3988  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:05:32.0839 3988  msahci - ok
17:05:32.0839 3988  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:05:32.0854 3988  msdsm - ok
17:05:32.0870 3988  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:05:32.0885 3988  MSDTC - ok
17:05:32.0917 3988  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:05:32.0948 3988  Msfs - ok
17:05:32.0963 3988  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:05:33.0010 3988  mshidkmdf - ok
17:05:33.0026 3988  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:05:33.0026 3988  msisadrv - ok
17:05:33.0041 3988  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:05:33.0088 3988  MSiSCSI - ok
17:05:33.0088 3988  msiserver - ok
17:05:33.0104 3988  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:05:33.0151 3988  MSKSSRV - ok
17:05:33.0166 3988  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:05:33.0197 3988  MSPCLOCK - ok
17:05:33.0213 3988  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:05:33.0244 3988  MSPQM - ok
17:05:33.0260 3988  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:05:33.0275 3988  MsRPC - ok
17:05:33.0291 3988  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:05:33.0291 3988  mssmbios - ok
17:05:33.0307 3988  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:05:33.0338 3988  MSTEE - ok
17:05:33.0338 3988  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:05:33.0353 3988  MTConfig - ok
17:05:33.0369 3988  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:05:33.0369 3988  Mup - ok
17:05:33.0400 3988  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:05:33.0431 3988  napagent - ok
17:05:33.0447 3988  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:05:33.0478 3988  NativeWifiP - ok
17:05:33.0525 3988  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:05:33.0541 3988  NDIS - ok
17:05:33.0556 3988  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:05:33.0587 3988  NdisCap - ok
17:05:33.0619 3988  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:05:33.0634 3988  NdisTapi - ok
17:05:33.0650 3988  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:05:33.0697 3988  Ndisuio - ok
17:05:33.0712 3988  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:05:33.0743 3988  NdisWan - ok
17:05:33.0759 3988  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:05:33.0790 3988  NDProxy - ok
17:05:33.0790 3988  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:05:33.0821 3988  NetBIOS - ok
17:05:33.0837 3988  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:05:33.0868 3988  NetBT - ok
17:05:33.0899 3988  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:05:33.0899 3988  Netlogon - ok
17:05:33.0931 3988  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:05:33.0962 3988  Netman - ok
17:05:33.0977 3988  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:05:34.0009 3988  netprofm - ok
17:05:34.0024 3988  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:05:34.0040 3988  NetTcpPortSharing - ok
17:05:34.0071 3988  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:05:34.0087 3988  nfrd960 - ok
17:05:34.0102 3988  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:05:34.0149 3988  NlaSvc - ok
17:05:34.0165 3988  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:05:34.0196 3988  Npfs - ok
17:05:34.0211 3988  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:05:34.0243 3988  nsi - ok
17:05:34.0258 3988  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:05:34.0289 3988  nsiproxy - ok
17:05:34.0336 3988  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:05:34.0383 3988  Ntfs - ok
17:05:34.0399 3988  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:05:34.0445 3988  Null - ok
17:05:34.0477 3988  [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
17:05:34.0492 3988  NVHDA - ok
17:05:34.0711 3988  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:05:34.0898 3988  nvlddmkm - ok
17:05:34.0929 3988  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:05:34.0945 3988  nvraid - ok
17:05:34.0960 3988  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:05:34.0960 3988  nvstor - ok
17:05:35.0007 3988  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:05:35.0038 3988  nvsvc - ok
17:05:35.0069 3988  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:05:35.0101 3988  nvUpdatusService - ok
17:05:35.0116 3988  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:05:35.0132 3988  nv_agp - ok
17:05:35.0147 3988  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:05:35.0163 3988  ohci1394 - ok
17:05:35.0225 3988  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:05:35.0241 3988  ose - ok
17:05:35.0397 3988  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:05:35.0475 3988  osppsvc - ok
17:05:35.0491 3988  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:05:35.0522 3988  p2pimsvc - ok
17:05:35.0537 3988  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:05:35.0553 3988  p2psvc - ok
17:05:35.0584 3988  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:05:35.0600 3988  Parport - ok
17:05:35.0631 3988  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:05:35.0647 3988  partmgr - ok
17:05:35.0662 3988  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:05:35.0709 3988  PcaSvc - ok
17:05:35.0725 3988  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:05:35.0740 3988  pci - ok
17:05:35.0756 3988  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:05:35.0771 3988  pciide - ok
17:05:35.0787 3988  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:05:35.0803 3988  pcmcia - ok
17:05:35.0818 3988  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:05:35.0834 3988  pcw - ok
17:05:35.0834 3988  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:05:35.0896 3988  PEAUTH - ok
17:05:35.0943 3988  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:05:35.0974 3988  PerfHost - ok
17:05:36.0021 3988  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:05:36.0099 3988  pla - ok
17:05:36.0146 3988  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:05:36.0193 3988  PlugPlay - ok
17:05:36.0208 3988  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:05:36.0224 3988  PNRPAutoReg - ok
17:05:36.0239 3988  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:05:36.0271 3988  PNRPsvc - ok
17:05:36.0302 3988  [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64         C:\Windows\system32\DRIVERS\point64.sys
17:05:36.0317 3988  Point64 - ok
17:05:36.0333 3988  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:05:36.0380 3988  PolicyAgent - ok
17:05:36.0395 3988  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:05:36.0427 3988  Power - ok
17:05:36.0473 3988  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:05:36.0520 3988  PptpMiniport - ok
17:05:36.0520 3988  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
17:05:36.0536 3988  Processor - ok
17:05:36.0567 3988  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:05:36.0598 3988  ProfSvc - ok
17:05:36.0614 3988  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:05:36.0614 3988  ProtectedStorage - ok
17:05:36.0629 3988  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:05:36.0676 3988  Psched - ok
17:05:36.0707 3988  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:05:36.0770 3988  ql2300 - ok
17:05:36.0770 3988  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:05:36.0785 3988  ql40xx - ok
17:05:36.0817 3988  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:05:36.0832 3988  QWAVE - ok
17:05:36.0848 3988  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:05:36.0863 3988  QWAVEdrv - ok
17:05:36.0879 3988  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:05:36.0910 3988  RasAcd - ok
17:05:36.0941 3988  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:05:36.0973 3988  RasAgileVpn - ok
17:05:36.0988 3988  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:05:37.0035 3988  RasAuto - ok
17:05:37.0035 3988  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:05:37.0082 3988  Rasl2tp - ok
17:05:37.0097 3988  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:05:37.0129 3988  RasMan - ok
17:05:37.0129 3988  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:05:37.0175 3988  RasPppoe - ok
17:05:37.0191 3988  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:05:37.0222 3988  RasSstp - ok
17:05:37.0238 3988  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:05:37.0269 3988  rdbss - ok
17:05:37.0300 3988  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:05:37.0300 3988  rdpbus - ok
17:05:37.0316 3988  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:05:37.0347 3988  RDPCDD - ok
17:05:37.0363 3988  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:05:37.0394 3988  RDPENCDD - ok
17:05:37.0409 3988  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:05:37.0441 3988  RDPREFMP - ok
17:05:37.0456 3988  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:05:37.0487 3988  RDPWD - ok
17:05:37.0503 3988  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:05:37.0519 3988  rdyboost - ok
17:05:37.0534 3988  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:05:37.0565 3988  RemoteAccess - ok
17:05:37.0612 3988  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:05:37.0675 3988  RemoteRegistry - ok
17:05:37.0690 3988  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:05:37.0706 3988  RpcEptMapper - ok
17:05:37.0737 3988  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:05:37.0737 3988  RpcLocator - ok
17:05:37.0753 3988  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:05:37.0784 3988  RpcSs - ok
17:05:37.0815 3988  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:05:37.0846 3988  rspndr - ok
17:05:37.0862 3988  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:05:37.0877 3988  RTL8167 - ok
17:05:37.0893 3988  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:05:37.0893 3988  SamSs - ok
17:05:37.0909 3988  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:05:37.0924 3988  sbp2port - ok
17:05:37.0940 3988  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:05:37.0971 3988  SCardSvr - ok
17:05:37.0971 3988  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:05:38.0018 3988  scfilter - ok
17:05:38.0033 3988  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:05:38.0065 3988  Schedule - ok
17:05:38.0080 3988  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:05:38.0111 3988  SCPolicySvc - ok
17:05:38.0127 3988  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:05:38.0143 3988  SDRSVC - ok
17:05:38.0158 3988  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:05:38.0189 3988  secdrv - ok
17:05:38.0189 3988  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:05:38.0221 3988  seclogon - ok
17:05:38.0236 3988  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:05:38.0283 3988  SENS - ok
17:05:38.0299 3988  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:05:38.0330 3988  SensrSvc - ok
17:05:38.0345 3988  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:05:38.0377 3988  Serenum - ok
17:05:38.0392 3988  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:05:38.0423 3988  Serial - ok
17:05:38.0423 3988  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:05:38.0439 3988  sermouse - ok
17:05:38.0455 3988  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:05:38.0486 3988  SessionEnv - ok
17:05:38.0501 3988  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:05:38.0517 3988  sffdisk - ok
17:05:38.0517 3988  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:05:38.0533 3988  sffp_mmc - ok
17:05:38.0533 3988  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:05:38.0564 3988  sffp_sd - ok
17:05:38.0579 3988  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:05:38.0595 3988  sfloppy - ok
17:05:38.0611 3988  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:05:38.0657 3988  SharedAccess - ok
17:05:38.0689 3988  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:05:38.0720 3988  ShellHWDetection - ok
17:05:38.0751 3988  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:05:38.0767 3988  SiSRaid2 - ok
17:05:38.0782 3988  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:05:38.0798 3988  SiSRaid4 - ok
17:05:38.0829 3988  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:05:38.0860 3988  Smb - ok
17:05:38.0876 3988  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:05:38.0876 3988  SNMPTRAP - ok
17:05:38.0938 3988  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
17:05:38.0969 3988  Sony PC Companion ( UnsignedFile.Multi.Generic ) - warning
17:05:38.0969 3988  Sony PC Companion - detected UnsignedFile.Multi.Generic (1)
17:05:38.0969 3988  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:05:38.0985 3988  spldr - ok
17:05:39.0016 3988  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:05:39.0032 3988  Spooler - ok
17:05:39.0094 3988  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:05:39.0172 3988  sppsvc - ok
17:05:39.0188 3988  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:05:39.0219 3988  sppuinotify - ok
17:05:39.0235 3988  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:05:39.0281 3988  srv - ok
17:05:39.0297 3988  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:05:39.0313 3988  srv2 - ok
17:05:39.0344 3988  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:05:39.0359 3988  srvnet - ok
17:05:39.0375 3988  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:05:39.0406 3988  SSDPSRV - ok
17:05:39.0422 3988  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:05:39.0453 3988  SstpSvc - ok
17:05:39.0515 3988  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:05:39.0547 3988  Stereo Service - ok
17:05:39.0578 3988  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:05:39.0578 3988  stexstor - ok
17:05:39.0609 3988  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:05:39.0656 3988  stisvc - ok
17:05:39.0671 3988  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:05:39.0671 3988  swenum - ok
17:05:39.0687 3988  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:05:39.0734 3988  swprv - ok
17:05:39.0781 3988  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:05:39.0843 3988  SysMain - ok
17:05:39.0843 3988  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:05:39.0874 3988  TabletInputService - ok
17:05:39.0874 3988  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:05:39.0921 3988  TapiSrv - ok
17:05:39.0937 3988  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:05:39.0968 3988  TBS - ok
17:05:40.0015 3988  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:05:40.0093 3988  Tcpip - ok
17:05:40.0124 3988  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:05:40.0171 3988  TCPIP6 - ok
17:05:40.0186 3988  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:05:40.0202 3988  tcpipreg - ok
17:05:40.0217 3988  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:05:40.0249 3988  TDPIPE - ok
17:05:40.0264 3988  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:05:40.0280 3988  TDTCP - ok
17:05:40.0295 3988  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:05:40.0327 3988  tdx - ok
17:05:40.0327 3988  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:05:40.0342 3988  TermDD - ok
17:05:40.0373 3988  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:05:40.0405 3988  TermService - ok
17:05:40.0420 3988  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:05:40.0436 3988  Themes - ok
17:05:40.0436 3988  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:05:40.0467 3988  THREADORDER - ok
17:05:40.0483 3988  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:05:40.0514 3988  TrkWks - ok
17:05:40.0545 3988  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:05:40.0592 3988  TrustedInstaller - ok
17:05:40.0623 3988  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:05:40.0654 3988  tssecsrv - ok
17:05:40.0670 3988  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:05:40.0701 3988  TsUsbFlt - ok
17:05:40.0717 3988  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:05:40.0732 3988  TsUsbGD - ok
17:05:40.0763 3988  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:05:40.0826 3988  tunnel - ok
17:05:40.0841 3988  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:05:40.0841 3988  uagp35 - ok
17:05:40.0857 3988  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:05:40.0904 3988  udfs - ok
17:05:40.0935 3988  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:05:40.0951 3988  UI0Detect - ok
17:05:40.0966 3988  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:05:40.0982 3988  uliagpkx - ok
17:05:40.0997 3988  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:05:41.0013 3988  umbus - ok
17:05:41.0029 3988  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:05:41.0044 3988  UmPass - ok
17:05:41.0060 3988  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:05:41.0091 3988  upnphost - ok
17:05:41.0138 3988  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:05:41.0153 3988  usbccgp - ok
17:05:41.0153 3988  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:05:41.0169 3988  usbcir - ok
17:05:41.0185 3988  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:05:41.0200 3988  usbehci - ok
17:05:41.0216 3988  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:05:41.0231 3988  usbhub - ok
17:05:41.0247 3988  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:05:41.0278 3988  usbohci - ok
17:05:41.0294 3988  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:05:41.0325 3988  usbprint - ok
17:05:41.0356 3988  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:05:41.0356 3988  usbscan - ok
17:05:41.0372 3988  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:05:41.0419 3988  USBSTOR - ok
17:05:41.0434 3988  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:05:41.0450 3988  usbuhci - ok
17:05:41.0481 3988  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:05:41.0543 3988  UxSms - ok
17:05:41.0543 3988  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:05:41.0559 3988  VaultSvc - ok
17:05:41.0575 3988  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:05:41.0590 3988  vdrvroot - ok
17:05:41.0606 3988  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:05:41.0653 3988  vds - ok
17:05:41.0668 3988  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:05:41.0684 3988  vga - ok
17:05:41.0684 3988  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:05:41.0715 3988  VgaSave - ok
17:05:41.0746 3988  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:05:41.0762 3988  vhdmp - ok
17:05:41.0777 3988  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:05:41.0777 3988  viaide - ok
17:05:41.0793 3988  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:05:41.0809 3988  volmgr - ok
17:05:41.0824 3988  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:05:41.0840 3988  volmgrx - ok
17:05:41.0855 3988  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:05:41.0871 3988  volsnap - ok
17:05:41.0887 3988  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:05:41.0902 3988  vsmraid - ok
17:05:41.0949 3988  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:05:42.0043 3988  VSS - ok
17:05:42.0058 3988  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:05:42.0074 3988  vwifibus - ok
17:05:42.0105 3988  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:05:42.0136 3988  W32Time - ok
17:05:42.0152 3988  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:05:42.0167 3988  WacomPen - ok
17:05:42.0199 3988  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:05:42.0245 3988  WANARP - ok
17:05:42.0245 3988  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:05:42.0277 3988  Wanarpv6 - ok
17:05:42.0308 3988  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:05:42.0386 3988  wbengine - ok
17:05:42.0401 3988  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:05:42.0417 3988  WbioSrvc - ok
17:05:42.0433 3988  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:05:42.0464 3988  wcncsvc - ok
17:05:42.0479 3988  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:05:42.0511 3988  WcsPlugInService - ok
17:05:42.0542 3988  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
17:05:42.0557 3988  Wd - ok
17:05:42.0589 3988  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:05:42.0635 3988  Wdf01000 - ok
17:05:42.0667 3988  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:05:42.0745 3988  WdiServiceHost - ok
17:05:42.0745 3988  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:05:42.0760 3988  WdiSystemHost - ok
17:05:42.0791 3988  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:05:42.0823 3988  WebClient - ok
17:05:42.0838 3988  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:05:42.0869 3988  Wecsvc - ok
17:05:42.0885 3988  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:05:42.0916 3988  wercplsupport - ok
17:05:42.0932 3988  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:05:42.0947 3988  WerSvc - ok
17:05:42.0979 3988  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:05:43.0010 3988  WfpLwf - ok
17:05:43.0025 3988  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:05:43.0025 3988  WIMMount - ok
17:05:43.0041 3988  WinDefend - ok
17:05:43.0041 3988  WinHttpAutoProxySvc - ok
17:05:43.0072 3988  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:05:43.0103 3988  Winmgmt - ok
17:05:43.0150 3988  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:05:43.0213 3988  WinRM - ok
17:05:43.0259 3988  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:05:43.0291 3988  WinUsb - ok
17:05:43.0337 3988  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:05:43.0369 3988  Wlansvc - ok
17:05:43.0400 3988  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:05:43.0400 3988  WmiAcpi - ok
17:05:43.0431 3988  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:05:43.0462 3988  wmiApSrv - ok
17:05:43.0493 3988  WMPNetworkSvc - ok
17:05:43.0509 3988  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:05:43.0540 3988  WPCSvc - ok
17:05:43.0556 3988  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:05:43.0587 3988  WPDBusEnum - ok
17:05:43.0618 3988  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:05:43.0649 3988  ws2ifsl - ok
17:05:43.0665 3988  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:05:43.0696 3988  wscsvc - ok
17:05:43.0696 3988  WSearch - ok
17:05:43.0759 3988  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:05:43.0821 3988  wuauserv - ok
17:05:43.0852 3988  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:05:43.0883 3988  WudfPf - ok
17:05:43.0899 3988  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:05:43.0930 3988  WUDFRd - ok
17:05:43.0946 3988  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:05:43.0977 3988  wudfsvc - ok
17:05:43.0993 3988  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:05:44.0024 3988  WwanSvc - ok
17:05:44.0024 3988  ================ Scan global ===============================
17:05:44.0039 3988  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:05:44.0071 3988  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:05:44.0086 3988  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:05:44.0102 3988  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:05:44.0117 3988  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:05:44.0117 3988  [Global] - ok
17:05:44.0117 3988  ================ Scan MBR ==================================
17:05:44.0133 3988  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:05:44.0336 3988  \Device\Harddisk0\DR0 - ok
17:05:44.0336 3988  ================ Scan VBR ==================================
17:05:44.0336 3988  [ 5CDB9B8E5D5B208437BD5004D2422672 ] \Device\Harddisk0\DR0\Partition1
17:05:44.0336 3988  \Device\Harddisk0\DR0\Partition1 - ok
17:05:44.0351 3988  [ 00D31545F070FA90540BA7B41C1A2E63 ] \Device\Harddisk0\DR0\Partition2
17:05:44.0351 3988  \Device\Harddisk0\DR0\Partition2 - ok
17:05:44.0367 3988  [ B085528B76C2FF30E027E16256A31FB1 ] \Device\Harddisk0\DR0\Partition3
17:05:44.0383 3988  \Device\Harddisk0\DR0\Partition3 - ok
17:05:44.0398 3988  [ CD9EDC7871B97B3D1E026C3DCDF6863E ] \Device\Harddisk0\DR0\Partition4
17:05:44.0398 3988  \Device\Harddisk0\DR0\Partition4 - ok
17:05:44.0398 3988  ============================================================
17:05:44.0398 3988  Scan finished
17:05:44.0398 3988  ============================================================
17:05:44.0414 3768  Detected object count: 1
17:05:44.0414 3768  Actual detected object count: 1
17:08:09.0088 3768  Sony PC Companion ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:09.0088 3768  Sony PC Companion ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:08:37.0402 3952  Deinitialize success
         
Thomas
__________________
Windows 7
GDATA

Alt 02.04.2013, 20:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2013, 09:31   #11
Kopernikus29
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Hallo Cosinus,
Der Wächter von GDATA war aus, trotzdem und es kam trotzdem eine Warnmeldung von GDATA die ich leider mit ok beantwortet habe. Combofix ist wohl in der Quarantäne gelandet.
Nach einem Neustart funktionierte Firefox, Internetexplorer und GDATA nicht mehr.
Das war jedenfalls das erste was ich festgestellt habe.
Ich mußte einen alten Systemwiederherstellungspunkt nehmen, jetzt funktioniert erst mal wieder alles.
Mir ist da eben etwas komisch geworden. Welche Bedrohung vermutest Du auf dem PC?
Thomas
__________________
Windows 7
GDATA

Alt 03.04.2013, 16:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Dann hast du GDATA nicht richtig abgestellt.
Bitte CF wiederholen, GDATA vorher wirklich richtig abstellen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2013, 17:42   #13
Kopernikus29
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Bei G DATA gibt es
-Wächter ausschalten
-Firewall ausschalten
-Autopilot ausschalten
mehr finde ich nicht.
Reichen die drei oder läuft dann doch noch die Systemüberwachung im Hintergrund?
Dann kommt nur noch deinstallieren.

Habe fertig!
G DATA lässt sich wohl nicht so leicht ausschalten.
Ich muste bei G DATA jede menge Ausnahme Genehmigungen bestätigen.
Aber dann lief es ohne Probleme.
Hier das Log und
Code:
ATTFilter
ComboFix 13-04-02.01 - Admin 03.04.2013  19:10:04.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4077.2592 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-03 bis 2013-04-03  ))))))))))))))))))))))))))))))
.
.
2013-04-03 17:38 . 2013-04-03 17:38	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-03 17:38 . 2013-04-03 17:38	--------	d-----w-	c:\users\Internet\AppData\Local\temp
2013-04-03 17:38 . 2013-04-03 17:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-01 13:56 . 2013-04-01 13:56	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-21 17:31 . 2013-03-21 17:31	--------	d-----w-	c:\windows\PCHEALTH
2013-03-21 17:28 . 2013-03-21 17:28	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2013-03-13 19:05 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-13 19:03 . 2013-03-13 19:03	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-03-10 10:44 . 2013-03-10 10:44	--------	d-----w-	c:\users\Internet\AudacityPortable
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 19:06 . 2012-03-31 09:15	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 19:06 . 2012-02-15 20:29	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 07:56 . 2012-02-15 19:57	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 06:42	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 06:42	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 06:42	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 06:42	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 06:42	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 06:42	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 17:31	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 17:31	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 17:31	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 17:31	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 17:31	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 17:31	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 17:31	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 17:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 17:31	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 17:31	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 17:31	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 17:31	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 17:31	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 17:31	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 17:31	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 17:31	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 17:31	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 17:31	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 17:31	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 17:31	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 17:31	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 17:31	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 17:31	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 17:31	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 17:31	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 17:31	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 17:31	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 17:31	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 17:32	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 17:31	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 17:31	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 17:31	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 17:31	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 17:31	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 17:31	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 17:31	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 17:31	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 17:31	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 17:31	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 17:31	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 17:32	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 17:31	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 17:31	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 17:31	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 17:31	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 17:32	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 17:31	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 17:32	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 17:31	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 17:31	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 17:31	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-01-10 18:13 . 2012-04-03 10:12	64416	----a-w-	c:\windows\system32\drivers\HookCentre.sys
2013-01-10 18:13 . 2012-02-15 19:46	65008	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2013-01-10 13:35 . 2012-05-14 17:33	11240	----a-w-	c:\windows\SysWow64\GdScrSv.de.dll
2013-01-09 17:26 . 2012-02-15 19:46	62368	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2013-01-09 17:24 . 2012-02-15 19:46	54176	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2013-01-09 17:24 . 2012-02-15 19:46	126880	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2013-01-05 05:53 . 2013-02-15 06:52	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-15 06:52	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-15 06:52	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 17:32	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 17:32	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-15 06:52	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-15 06:52	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-15 06:52	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-15 06:52	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-15 06:52	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-15 06:52	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-15 06:52	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-15 06:52	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-05-20 36864]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2013-01-09 1035216]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-11-29 1475096]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\program files\MIFcom\Support\pcwiz_x64.sys [2010-07-09 21480]
R3 cpuz135;cpuz135;c:\users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-12-23 14448]
R3 GPU-Z;GPU-Z;c:\users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-01-09 54176]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-01-09 126880]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2013-01-10 65008]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-04-03 106648]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-01-10 64416]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-11-29 1548312]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-11-29 469016]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-11-29 2012592]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-11-29 2377736]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-01-09 62368]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B26AC523-5D0B-4C81-882C-2672C46F99B2}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5i5anelm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?cc=de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-03  19:43:51
ComboFix-quarantined-files.txt  2013-04-03 17:43
.
Vor Suchlauf: 9 Verzeichnis(se), 68.997.296.128 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 68.768.600.064 Bytes frei
.
- - End Of File - - 99D81C6D9D7AD196091D287590C86A8F
         
Thomas

Dafür kann ich jetzt mit diversen Protokollen von G DATA dienen
Code:
ATTFilter
*** Prozess ***

Prozess: 6864
Dateiname: iexplore.exe
Pfad: c:\32788r22fwjfw\license\iexplore.exe

Herausgeber: Unbekannter Herausgeber

Gestartet von: iexplore.exe
Herausgeber: Unbekannter Herausgeber


*** Aktionen ***

Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen.
Das Programm hat in Dateien oder Ordnern geschrieben die genutzt werden können um das System zu gefährden.
Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden.
Das Programm versucht zu erreichen, dass ein Programm beim Systemstart automatisch gestartet wird.
Das Programm zeichnet alle Tastatureingaben auf.
Das Programm hat Dateien im Systemordner gespeichert.
Das Programm hat eine ausführbare Datei angelegt oder manipuliert.
Das Programm hat den aufgezeichneten Zeitpunkt einer Dateierstellung oder -modifikation manipuliert.
Eine ausführbare Datei wurde an einem verdächtigen Ort gespeichert.
Ein Autostart Eintrag verweist auf einen verdächtigen Ort.
Das Programm schreibt extrem oft in kritische Bereiche der Registry.
Das Programm hat eine ausführbare Datei im Windows-Ordner angelegt oder manipuliert.

YGLxJ/74Bign6acuJ8nLKSe3vpBykuonJ4hykroPKifIj3KCcoL8Biwn+iwmJif6DC0neWJicpIHLifHvHJyJyfHq3AqdHItJiZ0cg23cnItJiYn13AsJywmJicMuHKSYmJykoAuJy4mJicOiXKiu2JicqK7kCkn2A65YvEn+5oGyXKivJAtJ9eQLie4/CwmJie4/AxqcnImJiYnZ6AoJ7fJYmJycpsMynKCtp1iYnKCtp2wJidpYmJykgabcoKmLiYmJ2jqwCon6LgoJ9hrLyetCexycicmJid3wC8n2GJicoINbXKCYmJygtAoJ9fGLCYmJ9fGDJ1ycoYuJiYnZ+jQKifKvwy9crKHYmJysofQLSdnqGJicnKGCu1ygmkmJiYnmGbwJycnJiYnB49ygmJicoLwLydpKSYmJ2kJZysnKCYmJwh3KifaCXcrJ2diYnJyBocqJycmJicHhysnl2JicnIJhywnJyYmJweXLye4KCYmJ7gIpyknqgmnKx6mNWYq24KxXGO2cuJhWmOmsgynLSeXmy8mJieXmw+nLid5hycmJid5hwenLyd7KCYmJ3sItyYnLyYmJw+3JycrJycnCrcoJ3diYnJyB7cqJ3hw+3JyumhycoqtcoLKcIxygmJicoIAAA
Version der Regeln: 3.1.18
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS
BB Revision: 28249

C:\32788R22FWJFW\License\iexplore.exe -s450000-1400000 -t!k -t!o -t!g -k C:\*.exe and not { "C:\Users\Admin\Desktop\ComboFix.exe" or C:\32788R22FWJFW\* }
C:\32788R22FWJFW\iexplore.exe Script C:\32788R22FWJFW\Nirscript.dat
         
Code:
ATTFilter
*** Prozess ***

Prozess: 15516
Dateiname: pev.3xe
Pfad: c:\combofix\pev.3xe

Herausgeber: Unbekannter Herausgeber
Erstelldatum: 06/26/11 06:45:56
Änderungsdatum: 06/26/11 06:45:56

Gestartet von: cf15127.3xe
Herausgeber: Microsoft Windows


*** Aktionen ***

Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden.
Das Programm versucht zu erreichen, dass ein Programm beim Systemstart automatisch gestartet wird.
Das Programm schreibt extrem oft in kritische Bereiche der Registry.

YGLhmKIIKSdocoImJgYqJ+tysi4mBiwneXKSJyYGLidncnImJgbocoJygmJikCgnaXKSJiYGuWLhmJIKyXKSBtlygnCncpIIly8nLycvJganKScIpysYyzVmKycYyzVmKycmBgA
Version der Regeln: 3.1.18
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS
BB Revision: 28249

PEV  RIMPORT EXE.reg 
"C:\ComboFix\CF15127.3XE"  /k c.bat
         
da wird einen aber komisch
__________________
Windows 7
GDATA

Alt 03.04.2013, 20:50   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Das ist alles von cf kein Grund für unnötige Besorgnisattacken

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.04.2013, 09:52   #15
Kopernikus29
 
"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Standard

"Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google



Hallo,
ich brauche mal kurzzeitig Unterstützung.
Nach Anweisung von cosinus habe ich JRT gestartet, das Programm läuft jetzt schon fast eine Stunde Und es geht nichts weiter.Es klemmt bei "cheking Registry"
Was mach ich jetzt damit? PC neu Start?
Bitte wer kann da jetzt helfen?
Thomas

im zweiten Versuch mit einem neu Start hat es dann geklappt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 04.04.2013 at 11:49:18,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5i5anelm.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2013 at 11:55:23,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 04/04/2013 um 12:00:59 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - ARBEITSTIER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\zhu6otsi.default\foxydeal.sqlite

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5i5anelm.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Internet\AppData\Roaming\Mozilla\Firefox\Profiles\zhu6otsi.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [965 octets] - [04/04/2013 12:00:59]

########## EOF - C:\AdwCleaner[S1].txt - [1024 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 04.04.2013 12:06:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,54% Memory free
7,96 Gb Paging File | 6,44 Gb Available in Paging File | 80,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 62,89 Gb Free Space | 62,89% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 188,54 Gb Free Space | 94,27% Space Free | Partition Type: NTFS
Drive E: | 165,66 Gb Total Space | 165,57 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSTIER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\AAVUpdateManager\aavus.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (cpuz134) -- C:\Programme\MIFcom\Support\pcwiz_x64.sys (Windows (R) Win 7 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1516007715-2464333816-3581123430-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1516007715-2464333816-3581123430-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1516007715-2464333816-3581123430-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 D1 03 39 1E 0F CD 01  [binary data]
IE - HKU\S-1-5-21-1516007715-2464333816-3581123430-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1516007715-2464333816-3581123430-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1516007715-2464333816-3581123430-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?cc=de"
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 11:26:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 21:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 11:26:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.13 21:03:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.02.15 21:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.04.03 18:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5i5anelm.default\extensions
[2013.04.03 18:24:21 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5i5anelm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.10.15 08:16:29 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\5i5anelm.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.03.29 20:06:30 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5i5anelm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.19 18:52:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5i5anelm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.15 21:42:47 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\5i5anelm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.03.10 11:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.10 11:26:32 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2013.03.10 11:26:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 21:20:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1516007715-2464333816-3581123430-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1516007715-2464333816-3581123430-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26AC523-5D0B-4C81-882C-2672C46F99B2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B26AC523-5D0B-4C81-882C-2672C46F99B2}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.04 09:58:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.04 09:58:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.04 09:55:18 | 000,551,246 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Admin\Desktop\JRT.exe
[2013.04.04 09:52:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\alt
[2013.04.03 19:46:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.03 19:08:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.03 19:08:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.03 19:08:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.03 19:07:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.03 19:07:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.03 18:42:50 | 005,046,606 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2013.04.03 08:47:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.01 15:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.01 15:40:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\mbar
[2013.03.21 20:44:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\OneNote-Notizbücher
[2013.03.21 20:32:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.21 20:01:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neuer Ordner (2)
[2013.03.21 19:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.03.21 19:31:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.21 19:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.03.13 21:08:07 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 21:08:07 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.13 21:08:07 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 21:08:07 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.13 21:08:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 21:08:07 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.13 21:08:07 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 21:08:07 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.13 21:08:07 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 21:08:07 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.13 21:08:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.13 21:08:07 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.13 21:08:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.13 21:08:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.13 21:08:07 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.13 21:08:07 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 21:08:07 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.13 21:08:07 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 21:08:07 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.13 21:08:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.13 21:08:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 21:08:07 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.13 21:08:07 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 21:08:07 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 21:08:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 21:08:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.13 21:08:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.13 21:08:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.13 21:08:07 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.13 21:08:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.13 21:08:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.13 21:08:07 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 21:08:07 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.13 21:08:06 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 21:08:06 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 21:08:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.13 21:08:06 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.13 21:08:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 21:08:06 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.13 21:08:06 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 21:08:06 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 21:08:06 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 21:08:06 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.13 21:08:06 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 21:08:06 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.13 21:08:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 21:08:06 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.13 21:08:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 21:08:06 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.13 21:08:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.13 21:08:06 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.13 21:08:06 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.13 21:08:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 21:08:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.13 21:08:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.13 21:08:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 21:08:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 21:08:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.13 21:08:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.13 21:08:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.13 21:08:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.13 21:08:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.13 21:08:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.13 21:08:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.13 21:08:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.13 21:08:06 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 21:08:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.13 21:08:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.13 21:05:09 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.13 21:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.10 11:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.04 12:09:24 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 12:09:24 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 12:09:15 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.04 12:09:15 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.04 12:09:15 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.04 12:09:15 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.04 12:09:15 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 12:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.04 12:02:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.04 12:02:09 | 3206,463,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 11:52:43 | 001,031,279 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.04.04 11:52:43 | 000,053,658 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.04.04 09:55:34 | 000,613,083 | ---- | M] () -- C:\Users\Admin\Desktop\adwcleaner.exe
[2013.04.04 09:55:18 | 000,551,246 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Admin\Desktop\JRT.exe
[2013.04.03 18:42:58 | 005,046,606 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2013.03.27 21:07:34 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.03.21 20:44:53 | 000,001,344 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.21 19:35:29 | 000,474,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.13 21:08:07 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 21:08:07 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.13 21:08:07 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 21:08:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.13 21:08:07 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 21:08:07 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.13 21:08:07 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 21:08:07 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.13 21:08:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 21:08:07 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.13 21:08:07 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.13 21:08:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.13 21:08:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.13 21:08:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.13 21:08:07 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.13 21:08:07 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 21:08:07 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.13 21:08:07 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 21:08:07 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.13 21:08:07 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.13 21:08:07 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 21:08:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.13 21:08:07 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 21:08:07 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 21:08:07 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 21:08:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.13 21:08:07 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.13 21:08:07 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.13 21:08:07 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.13 21:08:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.13 21:08:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.13 21:08:07 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 21:08:07 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 21:08:07 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.13 21:08:06 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 21:08:06 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 21:08:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.13 21:08:06 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.13 21:08:06 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 21:08:06 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.13 21:08:06 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 21:08:06 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 21:08:06 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 21:08:06 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.13 21:08:06 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 21:08:06 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.13 21:08:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 21:08:06 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.13 21:08:06 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 21:08:06 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.13 21:08:06 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.13 21:08:06 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.13 21:08:06 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.13 21:08:06 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 21:08:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.13 21:08:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.13 21:08:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 21:08:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 21:08:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.13 21:08:06 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.13 21:08:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.13 21:08:06 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.13 21:08:06 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.13 21:08:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.13 21:08:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.13 21:08:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.13 21:08:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 21:08:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.13 21:08:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.13 21:08:06 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.13 21:06:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 21:06:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.04.04 09:55:34 | 000,613,083 | ---- | C] () -- C:\Users\Admin\Desktop\adwcleaner.exe
[2013.04.03 19:08:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.03 19:08:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.03 19:08:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.03 19:08:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.03 19:08:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.27 21:07:34 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.03.21 20:44:53 | 000,001,344 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.03.13 21:08:07 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 21:08:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.02.16 19:33:05 | 001,031,279 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.02.14 10:51:15 | 000,046,837 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.02.14 10:49:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.14 10:49:24 | 000,031,736 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.04.2013 12:06:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,54% Memory free
7,96 Gb Paging File | 6,44 Gb Available in Paging File | 80,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 62,89 Gb Free Space | 62,89% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 188,54 Gb Free Space | 94,27% Space Free | Partition Type: NTFS
Drive E: | 165,66 Gb Total Space | 165,57 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSTIER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1516007715-2464333816-3581123430-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB9F2F3-3BFC-4B29-85D8-F17EFF91DE03}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0C00F865-3333-4126-8E4D-5C5761E408DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{101124E1-D05B-4802-A705-718011E3D00E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B579A6E-D5EF-4392-984B-6709F0F2B73D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1EA097B8-4B92-4A08-B322-9DD5C04D7936}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{31D136CD-5552-4242-A5EA-5F3E2DEA456E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{389D992F-F58F-4032-A614-DC980546D7E4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3AAE8ACC-A708-46C2-9BE4-AC294430B972}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{42DD0095-704A-4DB4-BBC0-926BC76AAB7A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{46012B0F-9F08-4A0E-89AF-B9AD25AE456E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{55323631-962F-4DD1-BC61-1D5AE0C074C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61C946E0-2470-4EAF-B9B2-319727817EEA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7BE40B27-50D9-4C57-A4A3-D66AC58E5285}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B626C98-0B19-4258-835A-2E3291398B35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B7E1E659-7A7C-4219-98C7-A95741642322}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B94D6943-61B6-4D59-8746-366F31F93802}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CDAAD2BD-EF31-4E14-BAF5-75C8E1533CFC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CE58CAD6-5E79-4F34-A74B-EC3BFFB77372}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D2AFCD13-2A40-4A2A-AF18-84F1E7AFB1DA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D83FAE2F-F7B9-49F8-AE8A-3CB3168EF210}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E14CCE85-D797-4DF9-B161-945BDB2A7CCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E62B115B-570D-44AF-8E8A-11505872C8FC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E8438705-20EF-4DA4-ACA5-F6766013B402}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F728CBEC-CC3C-4D03-8158-BD91C1DBDB4F}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10E72E10-1D08-46E3-8F4E-EFC3BC09B1EE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{208FECE6-2834-4AC1-9E8E-E29F05C2873D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2263D356-7873-4A68-87B4-43B076FB4982}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{2738F825-F7BA-4683-BCE1-89B736F95E9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EF7643F-7139-4718-A26B-FEB3FF3F4EB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3AF6A648-DB9B-4804-868C-E46D85CCC363}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3B893949-9B98-4E3C-A6A7-289DA8FDDE72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{44599C5B-C22E-4A7D-B9BF-8A87514AE453}" = protocol=6 | dir=out | app=system | 
"{5897AA97-8D8C-4943-B314-58212C20D868}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5D93F489-B721-4E68-868D-085285B8559B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6438DD74-1910-429D-86BE-D2CAC623FA1C}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{674FB827-01FA-4676-8975-9BEDDB8BC4B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68F078D2-CE06-4DFD-87D8-1CD042374DE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{76984223-F4EF-4100-AFC9-2850427BF201}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{83F53087-AEAB-4268-9AF3-A9784AFA2B1E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{900A6D80-3087-426F-8FCB-F4CCB49C7842}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{924FB4A6-F475-4C7D-9008-55A2E69A8601}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A60FDB30-C5E1-4912-931E-C37097866D0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B090D608-A04B-4F2D-802F-8C291B6D2184}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B9739D8E-AD83-4012-8C49-8AA8B09EE9FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C195A8D9-7AAF-448C-AE2C-A120B963D721}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C784C354-32AF-48EF-B096-51D9A8544AED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F69C2320-639B-4C34-BC66-D7C7B052374D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B914F2C-6CC2-4328-B84E-411A81B50FA4}" = Steuer-Sparer 2013
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{53166A4F-E59A-4A91-B520-3D4F124D9CD7}" = Steuer-Sparschwein 2012
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.STANDARD" = Microsoft Office Standard 2010
"Pixelspeed_Layouter" = Pixelspeed Layouter 
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.2
"XnView_is1" = XnView 1.98.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.04.2013 06:00:20 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.04.2013 06:04:04 | Computer Name = Arbeitstier | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 04.04.2013 05:57:49 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7043
Description = Der Dienst G Data Personal Firewall konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
Error - 04.04.2013 06:00:40 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.04.2013 06:00:40 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 04.04.2013 06:04:23 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 04.04.2013 06:04:23 | Computer Name = Arbeitstier | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
Es wäre schön wenn man an Deinen Erkenntnissen teilhaben könnte.
Thomas
__________________
Windows 7
GDATA

Antwort

Themen zu "Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google
admin, application/pdf:, auffälliges, autostart, disable, explorer, folge, gdata, geladen, google, heute, hinweis, hoher, install.exe, interne, internet, internet explorer, log, msn deutschland, netzwerk, nichts, runter, stand, this, tracker, ungewöhnlich, verkehr, windows, windows 7



Ähnliche Themen: "Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google


  1. Windos 7: Google - ungewöhnlicher Datenverkehr aus ihrem Netzwerk
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (7)
  2. Google: "Ungewöhnlicher Datenverkehr aus ihrem Computernetzwerk"
    Log-Analyse und Auswertung - 03.03.2015 (1)
  3. Win7: LAN ok, Netzwerktreiber ok, aber "Netzwerk" -> "Adaptereinstellungen ändern" ist leer
    Log-Analyse und Auswertung - 22.01.2015 (15)
  4. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  5. VLC.de - Impressum - siehe Hinweis auf "Veränderungen" bei der Installation !
    Plagegeister aller Art und deren Bekämpfung - 10.01.2015 (1)
  6. Dauerhafter Fehler im Log "Abbildintegrität mit Hinweis auf beschädigte / schädigende Datei"
    Log-Analyse und Auswertung - 12.07.2014 (5)
  7. Computer extrem langsam und Hinweis auf "dynamische" Festplatte
    Log-Analyse und Auswertung - 25.05.2014 (9)
  8. Google Suche meldet: "Ungewöhnlicher Datenverkehr aus Ihrem Computernetzwerk"
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (10)
  9. Google-Meldung "ungewöhnlicher Datenverkehr auf Ihrem PC"
    Plagegeister aller Art und deren Bekämpfung - 15.05.2014 (17)
  10. Windows 7: Viren im System gefunden > Hinweis durch Brief der Dt. Telekom auf "Hacking"
    Log-Analyse und Auswertung - 14.09.2013 (9)
  11. GOOGLE Fehler - ungewöhnlicher Datenverkehr aus ihrem Netzwerk
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (14)
  12. "Ungewöhnlicher Datenverkehr" (google) & wiederholtes Laden von Websites nötig
    Log-Analyse und Auswertung - 29.12.2012 (20)
  13. Google-Meldung "Ungewöhnlicher Datenverkehr aus Ihrem Netzwerk"
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (9)
  14. Mein Pc ruft ständig ein fremdes Netzwerk ("nicht identifiziertes Netzwerk")
    Log-Analyse und Auswertung - 17.10.2012 (16)
  15. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  16. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  17. Komische Mails mit Beschimpfungen od. Hinweis "Du hast einen Trojaner drauf"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2004 (4)

Zum Thema "Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google - Hallo, von Google kam heute der Hinweis "Ungewöhnlich hoher Datenverkehr im Netzwerk" Ist so was prophylaktisch oder muss ich mir da Gedanken machen. Was wollen die von mir? Es geht - "Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google...
Archiv
Du betrachtest: "Ungewöhnlich hoher Datenverkehr im Netzwerk" Hinweis von Google auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.