Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner - weisser Schirm, OTL.txt anbei

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.04.2013, 10:44   #1
Arngrim
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Hallo zusammen,

ich habe hier von einer Bekannten ihren PC bekommen, auf dem wohl der Bundestrojaner drauf ist (nach Booten erscheint nur ein weisser Schirm). Da sie selbst keine Ahnung von soetwas hat, darf ich mich nun damit beschäftigen

Habe die OTLPE-CD gebrannt und den Scan durchlaufen lassen. Es wird nur eine OTL.txt erzeugt, keine Extras.txt, die ich in einigen anderen Threads gesehen habe.

Diese Datei habe ich mir per USB-Stick heruntergeladen und hänge sie hier an.

Vielen Dank im voraus schonmal für eure Hilfe!
Angehängte Dateien
Dateityp: txt OTL.Txt (67,5 KB, 157x aufgerufen)

Alt 17.04.2013, 14:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Hallo und

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O20 - HKU\Stefan_ON_G Winlogon: Shell - (C:\Users\Stefan\AppData\Roaming\skype.dat) - G:\Users\Stefan\AppData\Roaming\skype.dat ()
:Files
G:\Windows\tasks\AmiUpdXp.job
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________

__________________

Alt 17.04.2013, 20:28   #3
Arngrim
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Hallo cosinus,

das hat (fast) super geklappt!

Ich habe das Fix-Skript eingefügt, es kam dann auch das Log mit der Meldung, dass die Dateien erfolgreich verschoben wurden.

Als ich das Log speichern wollte, hat sich das Logfenster stattdessen aber leider einfach geschlossen und ich konnte das Log nicht wiederfinden

Der Rechner startet jedenfalls wieder ganz normal. Habe gerade Avira durchlaufen lassen, hat aber nichts weiter gefunden.

MovedFiles.zip habe ich hochgeladen.

Tausend Dank
__________________

Alt 18.04.2013, 12:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Gut, mach bitte im normalen Modus weiter, also nicht mehr von der OTLPE-CD starten!

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.04.2013, 14:08   #5
Arngrim
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Gerne. Anbei:

OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.04.2013 14:19:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 46,09% Memory free
6,98 Gb Paging File | 4,38 Gb Available in Paging File | 62,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 890,41 Gb Total Space | 804,76 Gb Free Space | 90,38% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,40 Gb Free Space | 48,49% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Video downloader\ExtensionUpdaterService.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Users\Stefan\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Users\Stefan\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
MOD - C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Video downloader Updater) -- C:\Program Files\Video downloader\ExtensionUpdaterService.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SrvUpdater) -- C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe ()
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (TelekomNM6) -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PAC7311) -- C:\Windows\SysNative\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes,DefaultScope = {381A0D9E-B80C-4BEB-B49C-267D4B5C6782}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{1FF9221C-3E83-47EE-B989-A9955FB6716B}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-42072-3/4?satitle={searchTerms}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{2F08C81A-04A2-40E0-A63D-1889C1F29AD9}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{381A0D9E-B80C-4BEB-B49C-267D4B5C6782}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393DE456
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{6059F284-DFEE-4B81-817C-D02A534CE54F}: "URL" = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{697CA09E-7805-431F-A7C5-AFA43E8168DC}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{875521AB-392C-4F59-B097-315E10664D4D}: "URL" = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{8E5328A6-C4D3-486F-AA45-F293D72F14F5}: "URL" = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{96AF0656-3EE6-42FC-9B04-321DE173E817}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{CFD9CE93-A38E-4D26-98D1-6A0748399ABA}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3271326&CUI=UN85672590332425168
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{EFB04DA9-7339-49C7-901F-C2498EDB7BD1}: "URL" = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{F272B28E-873B-41BF-B851-E89441EB57D1}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\PROGRAM FILES\VIDEO DOWNLOADER\FIREFOX [2013.04.03 16:29:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\Program Files\Video downloader\Firefox [2013.04.03 16:29:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.04.03 16:29:41 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Browser Companion Helper = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Eazel DE = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpclaadplefadichadojiifaphaphloj\2.3.18.20_0\
CHR - Extension: Auto Lyrics = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.110_0\
 
O1 HOSTS File: ([2013.04.18 08:04:52 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Video downloader) - {77BEC163-D389-42c1-91A4-C758846296A5} - C:\Program Files\Video downloader\Extension64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Video downloader) - {77BEC163-D389-42c1-91A4-C758846296A5} - C:\Program Files\Video downloader\Extension32.dll ()
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3:64bit: - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3:64bit: - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Stefan\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E402F878-83D6-4346-B616-4923CEF8C0AC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94F8658-7079-4071-AA59-FB256BF9D92F}: DhcpNameServer = 192.168.0.254
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-919036651-576598089-3771645104-1002 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-919036651-576598089-3771645104-1002 Winlogon: Shell - (C:\Users\Stefan\AppData\Roaming\skype.dat) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13dd249e-fa92-11e0-8953-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13dd249e-fa92-11e0-8953-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.18 08:03:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.18 02:20:43 | 000,000,000 | ---D | C] -- C:\totalcmd
[2013.04.18 02:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
[2013.04.18 02:20:43 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GHISLER
[2013.04.10 08:21:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 08:21:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 08:21:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 08:21:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 08:21:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 08:21:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 08:21:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 08:21:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 08:21:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 08:21:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 08:21:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 08:21:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 08:21:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 08:21:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 08:21:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 06:19:16 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 06:19:16 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 06:19:16 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 06:19:16 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 06:19:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 06:19:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 06:19:05 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 06:19:04 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 06:19:04 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 06:19:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 06:19:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 06:19:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.03 16:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Video downloader
[2013.04.03 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Programs
[2013.04.03 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\SwvUpdater
[2013.04.03 16:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricePeep
[2013.04.03 16:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoLyrics
[2013.03.26 10:05:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.23 08:14:03 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.18 14:18:39 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 14:18:39 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 14:11:37 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.04.18 14:11:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.18 14:10:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.18 14:10:54 | 2812,383,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.18 08:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.18 08:04:52 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.04.18 02:20:44 | 000,000,636 | ---- | M] () -- C:\Users\Public\Desktop\Total Commander.lnk
[2013.04.18 02:18:13 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.18 02:18:13 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.18 02:18:13 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.18 02:18:13 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.18 02:18:13 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.17 21:42:18 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.17 10:32:13 | 000,000,004 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\skype.ini
[2013.04.10 21:51:56 | 000,465,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.18 02:20:44 | 000,000,636 | ---- | C] () -- C:\Users\Public\Desktop\Total Commander.lnk
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2013.04.10 22:03:50 | 000,000,004 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\skype.ini
[2013.04.03 16:29:41 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.02.23 17:03:08 | 000,014,737 | ---- | C] () -- C:\Users\Stefan\ESt2012_Matthiesen_Stefan.elfo
[2013.02.23 16:56:55 | 000,097,178 | ---- | C] () -- C:\Users\Stefan\ESt2012_Matthiesen_Stefan_und_Matthiesen_Martina2.elfo
[2013.02.23 16:50:51 | 000,063,796 | ---- | C] () -- C:\Users\Stefan\ESt2012_Matthiesen_Stefan_und_Matthiesen_MartinaSina.elfo
[2013.02.23 16:41:13 | 000,004,843 | ---- | C] () -- C:\Users\Stefan\ESt2012_Matthiesen_Stefan_und_Matthiesen_Martina.elfo
[2012.08.05 16:35:58 | 180,531,324 | ---- | C] () -- C:\Users\Stefan\postkarte sina selber.cpr
[2011.12.27 09:22:00 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\vpeyecamera.dat
[2011.12.27 09:02:48 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP7311.ini
[2011.12.27 09:02:11 | 000,000,392 | ---- | C] () -- C:\Windows\WebEye.ini
[2011.12.27 09:02:10 | 000,106,496 | ---- | C] () -- C:\Windows\JAPI.DLL
[2011.12.27 09:02:10 | 000,035,600 | ---- | C] () -- C:\Windows\AMCAP.EXE
[2011.12.27 09:01:43 | 000,172,032 | ---- | C] () -- C:\Windows\JAPI2.DLL
[2011.11.22 22:38:31 | 924,183,670 | ---- | C] () -- C:\Users\Stefan\Svenja Shearer.cpr
[2011.11.16 16:00:10 | 667,791,551 | ---- | C] () -- C:\Users\Stefan\Svenja11.cpr
[2011.11.16 14:39:45 | 150,449,574 | ---- | C] () -- C:\Users\Stefan\Svenja.cpr
[2011.10.23 09:01:35 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.08 08:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.06.28 20:26:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.27 23:01:38 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

[/code]

Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.04.2013 14:19:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 46,09% Memory free
6,98 Gb Paging File | 4,38 Gb Available in Paging File | 62,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 890,41 Gb Total Space | 804,76 Gb Free Space | 90,38% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,40 Gb Free Space | 48,49% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00838A67-3C73-4904-B9A7-B48C9E75604A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{079C2B34-E5D7-4E14-8662-69099D6991AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07DC6630-1486-4509-9618-D3B1E4ACEF43}" = lport=137 | protocol=17 | dir=in | app=system | 
"{09B71C0C-9BC7-40F4-B896-B24A448F487C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14620237-3557-40B0-B17B-D91858F06479}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{179F1444-2B7B-4AD5-A5AC-534CA91DCC25}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E728ED7-1836-4495-B132-06D95793118A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2EF1DC32-27D3-4F5A-A5AF-18B33E7D98A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3445B741-1AE3-4707-BA30-A57BAF1437F4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3CCB2E70-9654-4768-9428-D4E4637EE157}" = rport=137 | protocol=17 | dir=out | app=system | 
"{541E00FC-9FD8-4D79-9E7B-E5235C91B25E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6A0B0351-C621-4E6B-A7BB-083D916AC041}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D98CB6F-87F2-450F-95DD-3AF881FEF96D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{766F0601-D9C1-4F5F-90A9-7AE5FFFFE2CE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{83A7B532-4A8C-4918-B91B-56FFB8586E94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{88EE9E72-348E-47D0-BC68-0E7552373EE8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{933FE8D5-FDD4-42A6-8148-06EE8E9C81B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FB6FA0E-4373-4501-8F1D-2DA7444DDF07}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AF3C4CA5-B6CB-437C-8A34-8C7F5A5E1BA3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BFD8EA97-0416-42CF-A9AD-8527948C2C38}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C07C3D1A-AB71-428C-AEEE-B4CEA062232A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C24369EB-886D-4106-90B5-46D290B66EDB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6959536-1D6D-47DE-9E9A-BE75CE2A5E06}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EE48C8B7-3068-4EE9-95C0-8DCB8D59A974}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C2C9F6-C873-4E3E-B15B-9C3FA06FD24B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{16207F27-E370-4AFD-A963-EEA943D13737}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{19216D36-9D07-4B74-AD48-0AF0E1A0F94A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{28C88ACF-160B-416D-9E1A-AB4163DCBAB9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{32710EB1-BE7C-42EC-A5C6-27FE14F1B655}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B86849D-2922-411A-BCC2-A60B94317BEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3BDAD8CE-1C21-4782-B501-DB580BE57BB4}" = protocol=6 | dir=out | app=system | 
"{69336183-BD7A-4F7A-9CF3-8FEA13F557BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6A45256D-DB94-49BF-9367-B75EA1339410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{819400AA-3DFF-4BA1-B030-E77546748BE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9CF169E2-60F1-4A66-B1A2-B75158C0299D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5D02DFB-D2D3-476D-B3BF-42996628F632}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A88A5507-9574-47A8-9F6E-E9554C0A8A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9D5DDA3-7437-4EDD-803E-FA12FB1B5D29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C15D0955-94AC-436E-B48F-797AB36DCC71}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF7EC0EF-BE97-4C50-88D6-7309BF6735C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D0FE3E92-1948-4C93-BF2A-6C7284E42643}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD4238C8-26B6-4591-823A-3DF98FC410EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB809854-B94B-48B2-B2CA-E3364AF1DD49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F24B4F6A-E921-4E66-AA7A-C4C4B23F9A62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F8BA434F-3751-4264-BB64-81A691281D5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{FAFD15B1-C5BE-4333-8031-F7305A15B1DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF63BFE2-29F7-403D-9B3B-8C96A0A597E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{48FC9707-1776-4C23-B708-D8B127B136E0}C:\program files (x86)\mmedia\vp-eye\webeye\webeye.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mmedia\vp-eye\webeye\webeye.exe | 
"TCP Query User{BC87614D-07DF-49B1-9E78-12AD1350B6AF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{12DEC07A-BA30-494C-805A-295D557A63FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{D8D852DA-6BA9-487B-B81D-E11388D61BEF}C:\program files (x86)\mmedia\vp-eye\webeye\webeye.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mmedia\vp-eye\webeye\webeye.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3BFAF653-4B91-2C87-82FE-DAF4C0F7BF18}" = AMD Drag and Drop Transcoding
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{77BEC163-D389-42c1-91A4-C758846296A5}_is1" = Video downloader 2.0.0.430
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8836C1BC-29E8-6A94-9D8F-F2D5FDC6F865}" = ATI AVIVO64 Codecs
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9184BC0D-EC76-3910-E813-BFC3ED0DBCB1}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}" = ATI Catalyst Install Manager
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E0DF4F3F-629F-B9E2-C80C-CBA0A0305537}" = AMD Media Foundation Decoders
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)
"{EE483CF3-AE65-E262-268A-493B8A91D920}" = AMD Fuel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Toolbar3 x64_is1" = Toolbar 3.0 der Telekom x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0565E7DD-8930-8F67-9D25-5D1DCC033DF0}" = CCC Help Swedish
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{109D0519-2F01-0D66-C43A-55BFEDEDF2DD}" = CCC Help Danish
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1571CDD5-B5BC-94E9-A745-D3E3A215316C}" = CCC Help Spanish
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{298BE2A8-908F-C904-20E7-C13CD1CBB44A}" = CCC Help English
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D741B12-ACE9-4C3D-A006-3E4DAD22CBD2}" = VP-EYE
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5B96BF29-1CC0-42FB-AB2C-1E12E3226E7A}" = Bing Bar
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69143066-1887-30B9-CBC4-BF91626AB643}" = CCC Help Japanese
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81FC1973-09F4-8ADE-0CC5-9FBEF8B7E064}" = CCC Help German
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5E0BB7-2604-72C4-EB4F-FDE56037CA73}" = CCC Help Dutch
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98ACB7E6-3FEA-A8DD-832B-D1F540811E1D}" = Catalyst Control Center InstallProxy
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A68B8A41-A5D1-DC7E-B496-F90F4DA45D0C}" = CCC Help French
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC726FD7-1766-F446-EF0A-7C988A5F7755}" = CCC Help Italian
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACE914C9-4A83-456C-BF29-7A0F68C3461C}" = PC VGA Camer@
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B525C699-B111-377C-857A-4419F5A5094F}" = CCC Help Finnish
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7AAEF77-5094-AEDA-C940-110C00FB6823}" = AMD VISION Engine Control Center
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0781699-4AA9-1ADA-3E2E-315A139C78F4}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F77F8226-DA60-1CC1-02FA-76E8F4B07FF5}" = CCC Help Norwegian
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"autolyrics@man-soft.net" = Auto Lyrics
"Avira AntiVir Desktop" = Avira Free Antivirus
"BrowserCompanion" = BrowserCompanion
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"ElsterFormular" = ElsterFormular
"Galileo Family Quiz - Spezial II" = Galileo Family Quiz - Spezial II
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Netzmanager" = Netzmanager
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PricePeep" = PricePeep
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SoftwareUpdater" = SoftwareUpdater
"Telekom Fotoservice" = Telekom Fotoservice
"Toolbar3_is1" = Toolbar 3.0 der Telekom
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Works2003Setup" = Microsoft Works 2003-Setup-Start
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.11.2012 01:20:19 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ToWorker.exe, Version: 3.0.2.1, Zeitstempel:
 0x4cd16c00  Name des fehlerhaften Moduls: Flash10u.ocx, Version: 10.3.181.34, Zeitstempel:
 0x4e011a1d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001bbfab  ID des fehlerhaften Prozesses:
 0x158c  Startzeit der fehlerhaften Anwendung: 0x01cdcc5ec3983d7a  Pfad der fehlerhaften
 Anwendung: C:\Users\Stefan\AppData\LocalLow\ToToolbar32\bin\ToWorker_3_0_2\ToWorker.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash10u.ocx  Berichtskennung:
 224cbc90-3852-11e2-b0f5-8c89a554f362
 
Error - 28.11.2012 16:07:14 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ToWorker.exe, Version: 3.0.2.1, Zeitstempel:
 0x4cd16c00  Name des fehlerhaften Moduls: Flash10u.ocx, Version: 10.3.181.34, Zeitstempel:
 0x4e011a1d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001bbfab  ID des fehlerhaften Prozesses:
 0x158c  Startzeit der fehlerhaften Anwendung: 0x01cdcda3e2717b14  Pfad der fehlerhaften
 Anwendung: C:\Users\Stefan\AppData\LocalLow\ToToolbar32\bin\ToWorker_3_0_2\ToWorker.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash10u.ocx  Berichtskennung:
 32d40a4a-3997-11e2-a230-8c89a554f362
 
Error - 29.11.2012 08:35:12 | Computer Name = Stefan-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 02.12.2012 03:02:32 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ToWorker.exe, Version: 3.0.2.1, Zeitstempel:
 0x4cd16c00  Name des fehlerhaften Moduls: Flash10u.ocx, Version: 10.3.181.34, Zeitstempel:
 0x4e011a1d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001bbfab  ID des fehlerhaften Prozesses:
 0xacc  Startzeit der fehlerhaften Anwendung: 0x01cdd05ade3d3afe  Pfad der fehlerhaften
 Anwendung: C:\Users\Stefan\AppData\LocalLow\ToToolbar32\bin\ToWorker_3_0_2\ToWorker.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash10u.ocx  Berichtskennung:
 3dbe35c4-3c4e-11e2-b361-8c89a554f362
 
Error - 04.12.2012 13:25:54 | Computer Name = Stefan-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 06.12.2012 01:14:03 | Computer Name = Stefan-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 06.12.2012 14:27:53 | Computer Name = Stefan-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 06.12.2012 14:34:42 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ToWorker.exe, Version: 3.0.2.1, Zeitstempel:
 0x4cd16c00  Name des fehlerhaften Moduls: Flash10u.ocx, Version: 10.3.181.34, Zeitstempel:
 0x4e011a1d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001bbfab  ID des fehlerhaften Prozesses:
 0x171c  Startzeit der fehlerhaften Anwendung: 0x01cdd3e04b201b2e  Pfad der fehlerhaften
 Anwendung: C:\Users\Stefan\AppData\LocalLow\ToToolbar32\bin\ToWorker_3_0_2\ToWorker.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash10u.ocx  Berichtskennung:
 991d700f-3fd3-11e2-8164-8c89a554f362
 
Error - 07.12.2012 13:13:22 | Computer Name = Stefan-PC | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 08.12.2012 02:42:11 | Computer Name = Stefan-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
[ System Events ]
Error - 17.04.2013 04:32:13 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.04.2013 20:35:24 | Computer Name = Stefan-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 17.04.2013 20:44:37 | Computer Name = Stefan-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 18.04.2013 02:16:06 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.04.2013 02:53:41 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
 
Error - 18.04.2013 02:53:43 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
 
Error - 18.04.2013 02:53:44 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
 
Error - 18.04.2013 02:53:45 | Computer Name = Stefan-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "Boot" den Befehl "chkdsk" aus.
 
Error - 18.04.2013 03:03:16 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.04.2013 03:38:42 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

[/code]


Alt 18.04.2013, 14:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Bundestrojaner - weisser Schirm, OTL.txt anbei

Alt 18.04.2013, 15:44   #7
Arngrim
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Hallo,

auch die neuen Dateien wieder anbei. mbar hat tatsächlich einiges gefunden und dieses dann nach dem ersten Durchlauf auch bereinigt. Der zweite Durchlauf warf keine neuen Meldungen.

Zunächst gmer:

Code:
ATTFilter
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-18 15:42:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000062 WDC_WD10 rev.80.0 931,51GB
Running: s4cdkrk1.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\ugriqpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                     fffff800039f5000 45 bytes [00, 00, 0D, 02, 52, 54, 4C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                     fffff800039f502f 16 bytes [00, 90, 08, 71, 03, 80, FA, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Skype\Phone\Skype.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                           0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                          0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
?         C:\Windows\system32\mssprxy.dll [3252] entry point in ".rdata" section                                                                                 000000006ddd71e6
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                             000000007721f991 7 bytes {MOV EDX, 0xee9228; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                  000000007721fbd5 7 bytes {MOV EDX, 0xee9268; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                      000000007721fc05 7 bytes {MOV EDX, 0xee91a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                               000000007721fc1d 7 bytes {MOV EDX, 0xee9128; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                 000000007721fc35 7 bytes {MOV EDX, 0xee9328; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                               000000007721fc65 7 bytes {MOV EDX, 0xee9368; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                000000007721fce5 7 bytes {MOV EDX, 0xee92e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                               000000007721fcfd 7 bytes {MOV EDX, 0xee92a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                         000000007721fd49 7 bytes {MOV EDX, 0xee9068; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                              000000007721fe41 7 bytes {MOV EDX, 0xee90a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                       0000000077220099 7 bytes {MOV EDX, 0xee9028; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                 00000000772210a5 7 bytes {MOV EDX, 0xee91e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                       000000007722111d 7 bytes {MOV EDX, 0xee9168; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                          0000000077221321 7 bytes {MOV EDX, 0xee90e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                             000000007721f991 7 bytes {MOV EDX, 0x9e1228; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                  000000007721fbd5 7 bytes {MOV EDX, 0x9e1268; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                      000000007721fc05 7 bytes {MOV EDX, 0x9e11a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                               000000007721fc1d 7 bytes {MOV EDX, 0x9e1128; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                 000000007721fc35 7 bytes {MOV EDX, 0x9e1328; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                               000000007721fc65 7 bytes {MOV EDX, 0x9e1368; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                000000007721fce5 7 bytes {MOV EDX, 0x9e12e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                               000000007721fcfd 7 bytes {MOV EDX, 0x9e12a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                         000000007721fd49 7 bytes {MOV EDX, 0x9e1068; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                              000000007721fe41 7 bytes {MOV EDX, 0x9e10a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                       0000000077220099 7 bytes {MOV EDX, 0x9e1028; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                 00000000772210a5 7 bytes {MOV EDX, 0x9e11e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                       000000007722111d 7 bytes {MOV EDX, 0x9e1168; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                          0000000077221321 7 bytes {MOV EDX, 0x9e10e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                             000000007721f991 7 bytes {MOV EDX, 0x92a228; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                  000000007721fbd5 7 bytes {MOV EDX, 0x92a268; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                      000000007721fc05 7 bytes {MOV EDX, 0x92a1a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                               000000007721fc1d 7 bytes {MOV EDX, 0x92a128; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                 000000007721fc35 7 bytes {MOV EDX, 0x92a328; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                               000000007721fc65 7 bytes {MOV EDX, 0x92a368; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                000000007721fce5 7 bytes {MOV EDX, 0x92a2e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                               000000007721fcfd 7 bytes {MOV EDX, 0x92a2a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                         000000007721fd49 7 bytes {MOV EDX, 0x92a068; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                              000000007721fe41 7 bytes {MOV EDX, 0x92a0a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                       0000000077220099 7 bytes {MOV EDX, 0x92a028; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                 00000000772210a5 7 bytes {MOV EDX, 0x92a1e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                       000000007722111d 7 bytes {MOV EDX, 0x92a168; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                          0000000077221321 7 bytes {MOV EDX, 0x92a0e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                             000000007721f991 7 bytes {MOV EDX, 0x7ffa28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                  000000007721fbd5 7 bytes {MOV EDX, 0x7ffa68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                      000000007721fc05 7 bytes {MOV EDX, 0x7ff9a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                               000000007721fc1d 7 bytes {MOV EDX, 0x7ff928; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                 000000007721fc35 7 bytes {MOV EDX, 0x7ffb28; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                               000000007721fc65 7 bytes {MOV EDX, 0x7ffb68; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                000000007721fce5 7 bytes {MOV EDX, 0x7ffae8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                               000000007721fcfd 7 bytes {MOV EDX, 0x7ffaa8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                         000000007721fd49 7 bytes {MOV EDX, 0x7ff868; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                              000000007721fe41 7 bytes {MOV EDX, 0x7ff8a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                       0000000077220099 7 bytes {MOV EDX, 0x7ff828; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                 00000000772210a5 7 bytes {MOV EDX, 0x7ff9e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                       000000007722111d 7 bytes {MOV EDX, 0x7ff968; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                          0000000077221321 7 bytes {MOV EDX, 0x7ff8e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                             000000007721f991 7 bytes {MOV EDX, 0x91a228; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                  000000007721fbd5 7 bytes {MOV EDX, 0x91a268; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                      000000007721fc05 7 bytes {MOV EDX, 0x91a1a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                               000000007721fc1d 7 bytes {MOV EDX, 0x91a128; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                 000000007721fc35 7 bytes {MOV EDX, 0x91a328; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                               000000007721fc65 7 bytes {MOV EDX, 0x91a368; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                000000007721fce5 7 bytes {MOV EDX, 0x91a2e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                               000000007721fcfd 7 bytes {MOV EDX, 0x91a2a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                         000000007721fd49 7 bytes {MOV EDX, 0x91a068; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                              000000007721fe41 7 bytes {MOV EDX, 0x91a0a8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                       0000000077220099 7 bytes {MOV EDX, 0x91a028; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                 00000000772210a5 7 bytes {MOV EDX, 0x91a1e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                       000000007722111d 7 bytes {MOV EDX, 0x91a168; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                          0000000077221321 7 bytes {MOV EDX, 0x91a0e8; JMP RDX}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000075c61465 2 bytes [C6, 75]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\totalcmd\TOTALCMD.EXE[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                 0000000075c61465 2 bytes [C6, 75]
.text     C:\totalcmd\TOTALCMD.EXE[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2
.text     C:\Users\Stefan\Downloads\OTL.exe[4852] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                                        0000000075c61465 2 bytes [C6, 75]
.text     C:\Users\Stefan\Downloads\OTL.exe[4852] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                                       0000000075c614bb 2 bytes [C6, 75]
.text     ...                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\spoolsv.exe [1344:1652]                                                                                                            000007fef97e10c8
Thread    C:\Windows\System32\spoolsv.exe [1344:1696]                                                                                                            000007fef97a6144
Thread    C:\Windows\System32\spoolsv.exe [1344:1748]                                                                                                            000007fef9595fd0
Thread    C:\Windows\System32\spoolsv.exe [1344:1752]                                                                                                            000007fef9583438
Thread    C:\Windows\System32\spoolsv.exe [1344:1756]                                                                                                            000007fef95963ec
Thread    C:\Windows\System32\spoolsv.exe [1344:1764]                                                                                                            000007fef9ca5e5c
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3044:1524]                                                             00000000738b102d
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3044:2256]                                                             0000000071c1f1dc
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3044:3176]                                                             0000000071c1f1dc
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3044:3180]                                                             0000000071c155d3
Thread    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3044:3196]                                                             000000007385c159
Thread    C:\Windows\System32\WUDFHost.exe [3752:3800]                                                                                                           000007fef10a24a0

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---
und hier mbar durchlauf 1:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [administrator]

18.04.2013 15:53:33
mbar-log-2013-04-18 (15-53-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30343
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 48
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\wit4ie.WitBHO.2 (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\tdataprotocol.CTData.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\updatebho.TimerBHO.1 (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 7
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Stefan\AppData\Roaming\skype.dat -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
c:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Delete on reboot.

Files Detected: 134
c:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\Local\Temp\mor.exe (Trojan.Phex.THAGen4) -> Delete on reboot.
c:\Users\Stefan\AppData\Local\Temp\2F88.tmp (Exploit.Drop.GS) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Delete on reboot.
c:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\xcodechange.js (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\0bb66476c57d47d5a6fb7e7674377c0d (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\0bb66476c57d47d5a6fb7e7674377c0d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\1d8715bd00dbafbff504a0b9666c85e1 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\addabc0e1349eebead03532357f33ad8 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\addabc0e1349eebead03532357f33ad8_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\f1586b879e32b889596b836c8855994f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\f957c5e85ada9453140c099a07513899 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\f957c5e85ada9453140c099a07513899_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\38126fd00e0eb9d5ca912a5939b4755d (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\4c84596d3a88c66ad9d449a45c76dd89 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\4c84596d3a88c66ad9d449a45c76dd89_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\c418e9b9adb1feff03605a15e666653f (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\c418e9b9adb1feff03605a15e666653f_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\d9fe5d2850f1ed167451b193e8bd0e0c_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\dc9dc7eec614c4f09b8f012e4660cea0_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e375ab961fde7ced486c2f1465a45ce5 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e375ab961fde7ced486c2f1465a45ce5_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\8bf7a1bec3a78986a408c8da924ae916 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\8bf7a1bec3a78986a408c8da924ae916_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a2853631512ec717cfd936b9a1f41b5c (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\1d8715bd00dbafbff504a0b9666c85e1_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\530e52021dc20843b1aa62957edeb9f8 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\530e52021dc20843b1aa62957edeb9f8_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\530e52021dc20843b1aa62957edeb9f8_version (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\5cdf8a7ef2ec84abac286c67587b78d9 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_version (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\64fb2f1cc9977e0b100dbab874b3b89c_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\658987e48ed8b4a20fa71afdd0c84454_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\2328e1768b820b18ab2f301c9ff88e2c (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Delete on reboot.
c:\Users\Stefan\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Delete on reboot.

(end)
         
und mbar durchlauf 2:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [administrator]

18.04.2013 16:35:57
mbar-log-2013-04-18 (16-35-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30125
Time elapsed: 11 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Danke mal wieder

Alt 18.04.2013, 23:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.04.2013, 06:48   #9
Arngrim
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Hallo,

anbei das Log von aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-19 07:17:33
-----------------------------
07:17:33.015    OS Version: Windows x64 6.1.7601 Service Pack 1
07:17:33.016    Number of processors: 4 586 0x100
07:17:33.016    ComputerName: STEFAN-PC  UserName: Stefan
07:17:35.079    Initialize success
07:19:10.968    AVAST engine defs: 13041801
07:19:18.589    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
07:19:18.595    Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 11
07:19:18.717    Disk 0 MBR read successfully
07:19:18.722    Disk 0 MBR scan
07:19:18.748    Disk 0 unknown MBR code
07:19:18.755    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
07:19:18.795    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       911783 MB offset 206848
07:19:18.837    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 1867538432
07:19:18.855    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 1951424512
07:19:18.894    Disk 0 scanning C:\Windows\system32\drivers
07:19:28.876    Service scanning
07:19:50.019    Modules scanning
07:19:50.038    Disk 0 trace - called modules:
07:19:50.061    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
07:19:50.066    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800470a060]
07:19:50.071    3 CLASSPNP.SYS[fffff8800193d43f] -> nt!IofCallDriver -> [0xfffffa8003709ac0]
07:19:50.077    5 amd_xata.sys[fffff8800115aa1d] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80044b3360]
07:19:51.623    AVAST engine scan C:\Windows
07:19:55.113    AVAST engine scan C:\Windows\system32
07:23:42.400    AVAST engine scan C:\Windows\system32\drivers
07:23:56.433    AVAST engine scan C:\Users\Stefan
07:39:59.437    AVAST engine scan C:\ProgramData
07:41:26.900    Scan finished successfully
07:41:53.443    Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat"
07:41:53.452    The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt"
         
Sowie von TDSS:

Code:
ATTFilter
07:42:33.0358 3980  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:42:33.0536 3980  ============================================================
07:42:33.0536 3980  Current date / time: 2013/04/19 07:42:33.0536
07:42:33.0536 3980  SystemInfo:
07:42:33.0536 3980  
07:42:33.0537 3980  OS Version: 6.1.7601 ServicePack: 1.0
07:42:33.0537 3980  Product type: Workstation
07:42:33.0537 3980  ComputerName: STEFAN-PC
07:42:33.0537 3980  UserName: Stefan
07:42:33.0537 3980  Windows directory: C:\Windows
07:42:33.0537 3980  System windows directory: C:\Windows
07:42:33.0537 3980  Running under WOW64
07:42:33.0537 3980  Processor architecture: Intel x64
07:42:33.0537 3980  Number of processors: 4
07:42:33.0537 3980  Page size: 0x1000
07:42:33.0537 3980  Boot type: Normal boot
07:42:33.0537 3980  ============================================================
07:42:33.0907 3980  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:42:33.0920 3980  ============================================================
07:42:33.0920 3980  \Device\Harddisk0\DR0:
07:42:33.0920 3980  MBR partitions:
07:42:33.0920 3980  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:42:33.0920 3980  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3800
07:42:33.0920 3980  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F506000, BlocksNum 0x5000000
07:42:33.0920 3980  ============================================================
07:42:33.0946 3980  C: <-> \Device\Harddisk0\DR0\Partition2
07:42:33.0993 3980  D: <-> \Device\Harddisk0\DR0\Partition3
07:42:33.0993 3980  ============================================================
07:42:33.0993 3980  Initialize success
07:42:33.0993 3980  ============================================================
07:44:15.0146 5600  ============================================================
07:44:15.0146 5600  Scan started
07:44:15.0146 5600  Mode: Manual; SigCheck; TDLFS; 
07:44:15.0146 5600  ============================================================
07:44:15.0614 5600  ================ Scan system memory ========================
07:44:15.0614 5600  System memory - ok
07:44:15.0614 5600  ================ Scan services =============================
07:44:15.0754 5600  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:44:15.0904 5600  1394ohci - ok
07:44:15.0926 5600  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:44:15.0943 5600  ACPI - ok
07:44:15.0965 5600  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:44:16.0052 5600  AcpiPmi - ok
07:44:16.0148 5600  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:44:16.0176 5600  AdobeARMservice - ok
07:44:16.0218 5600  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:44:16.0243 5600  adp94xx - ok
07:44:16.0278 5600  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:44:16.0294 5600  adpahci - ok
07:44:16.0322 5600  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:44:16.0335 5600  adpu320 - ok
07:44:16.0357 5600  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:44:16.0552 5600  AeLookupSvc - ok
07:44:16.0619 5600  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
07:44:16.0718 5600  AFD - ok
07:44:16.0760 5600  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:44:16.0778 5600  agp440 - ok
07:44:16.0788 5600  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
07:44:16.0837 5600  ALG - ok
07:44:16.0858 5600  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:44:16.0880 5600  aliide - ok
07:44:16.0923 5600  [ 0BDE3222789749571C3D706F0181203D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:44:17.0011 5600  AMD External Events Utility - ok
07:44:17.0084 5600  AMD FUEL Service - ok
07:44:17.0090 5600  [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30        C:\Windows\system32\drivers\amdhub30.sys
07:44:17.0106 5600  amdhub30 - ok
07:44:17.0149 5600  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:44:17.0160 5600  amdide - ok
07:44:17.0198 5600  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\drivers\amdiox64.sys
07:44:17.0210 5600  amdiox64 - ok
07:44:17.0232 5600  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:44:17.0277 5600  AmdK8 - ok
07:44:17.0447 5600  [ 75BBD04F450CE109031A215FD4EC667A ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:44:17.0714 5600  amdkmdag - ok
07:44:17.0753 5600  [ ADB8EE976CE4A47C54D39F2581593C03 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
07:44:17.0784 5600  amdkmdap - ok
07:44:17.0818 5600  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:44:17.0867 5600  AmdPPM - ok
07:44:17.0897 5600  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:44:17.0921 5600  amdsata - ok
07:44:17.0940 5600  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:44:17.0953 5600  amdsbs - ok
07:44:17.0963 5600  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:44:17.0974 5600  amdxata - ok
07:44:18.0003 5600  [ 321533578132C811EC834A1B741C994C ] amdxhc          C:\Windows\system32\drivers\amdxhc.sys
07:44:18.0015 5600  amdxhc - ok
07:44:18.0024 5600  [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
07:44:18.0033 5600  amd_sata - ok
07:44:18.0041 5600  [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
07:44:18.0051 5600  amd_xata - ok
07:44:18.0137 5600  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
07:44:18.0173 5600  AntiVirSchedulerService - ok
07:44:18.0192 5600  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
07:44:18.0203 5600  AntiVirService - ok
07:44:18.0227 5600  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
07:44:18.0472 5600  AppID - ok
07:44:18.0491 5600  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:44:18.0544 5600  AppIDSvc - ok
07:44:18.0558 5600  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
07:44:18.0626 5600  Appinfo - ok
07:44:18.0632 5600  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
07:44:18.0644 5600  arc - ok
07:44:18.0661 5600  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:44:18.0673 5600  arcsas - ok
07:44:18.0693 5600  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:44:18.0732 5600  AsyncMac - ok
07:44:18.0753 5600  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
07:44:18.0763 5600  atapi - ok
07:44:18.0814 5600  [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
07:44:18.0827 5600  AtiHDAudioService - ok
07:44:18.0849 5600  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:44:18.0913 5600  AudioEndpointBuilder - ok
07:44:18.0922 5600  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:44:18.0959 5600  AudioSrv - ok
07:44:18.0990 5600  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
07:44:19.0002 5600  avgntflt - ok
07:44:19.0015 5600  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
07:44:19.0027 5600  avipbb - ok
07:44:19.0046 5600  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
07:44:19.0057 5600  avkmgr - ok
07:44:19.0084 5600  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:44:19.0157 5600  AxInstSV - ok
07:44:19.0182 5600  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
07:44:19.0229 5600  b06bdrv - ok
07:44:19.0247 5600  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:44:19.0288 5600  b57nd60a - ok
07:44:19.0326 5600  [ 6F8638EA0A55D65B03E24F6D1153D8F7 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
07:44:19.0360 5600  BBSvc - ok
07:44:19.0390 5600  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
07:44:19.0408 5600  BBUpdate - ok
07:44:19.0425 5600  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:44:19.0463 5600  BDESVC - ok
07:44:19.0482 5600  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:44:19.0557 5600  Beep - ok
07:44:19.0597 5600  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
07:44:19.0651 5600  BFE - ok
07:44:19.0683 5600  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
07:44:19.0744 5600  BITS - ok
07:44:19.0767 5600  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
07:44:19.0808 5600  blbdrive - ok
07:44:19.0846 5600  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:44:19.0902 5600  bowser - ok
07:44:19.0922 5600  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:44:19.0950 5600  BrFiltLo - ok
07:44:19.0975 5600  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:44:20.0024 5600  BrFiltUp - ok
07:44:20.0051 5600  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
07:44:20.0093 5600  Browser - ok
07:44:20.0114 5600  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:44:20.0191 5600  Brserid - ok
07:44:20.0209 5600  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:44:20.0242 5600  BrSerWdm - ok
07:44:20.0267 5600  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:44:20.0322 5600  BrUsbMdm - ok
07:44:20.0337 5600  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:44:20.0372 5600  BrUsbSer - ok
07:44:20.0391 5600  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:44:20.0444 5600  BTHMODEM - ok
07:44:20.0466 5600  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
07:44:20.0549 5600  bthserv - ok
07:44:20.0565 5600  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:44:20.0622 5600  cdfs - ok
07:44:20.0664 5600  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
07:44:20.0695 5600  cdrom - ok
07:44:20.0712 5600  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:44:20.0788 5600  CertPropSvc - ok
07:44:20.0809 5600  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
07:44:20.0861 5600  circlass - ok
07:44:20.0882 5600  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
07:44:20.0904 5600  CLFS - ok
07:44:20.0950 5600  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:44:20.0978 5600  clr_optimization_v2.0.50727_32 - ok
07:44:21.0025 5600  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:44:21.0054 5600  clr_optimization_v2.0.50727_64 - ok
07:44:21.0110 5600  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:44:21.0135 5600  clr_optimization_v4.0.30319_32 - ok
07:44:21.0159 5600  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:44:21.0174 5600  clr_optimization_v4.0.30319_64 - ok
07:44:21.0197 5600  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
07:44:21.0244 5600  CmBatt - ok
07:44:21.0271 5600  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:44:21.0281 5600  cmdide - ok
07:44:21.0303 5600  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
07:44:21.0341 5600  CNG - ok
07:44:21.0365 5600  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:44:21.0376 5600  Compbatt - ok
07:44:21.0383 5600  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:44:21.0415 5600  CompositeBus - ok
07:44:21.0420 5600  COMSysApp - ok
07:44:21.0440 5600  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:44:21.0451 5600  crcdisk - ok
07:44:21.0477 5600  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:44:21.0523 5600  CryptSvc - ok
07:44:21.0623 5600  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
07:44:21.0653 5600  cvhsvc - ok
07:44:21.0676 5600  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:44:21.0724 5600  DcomLaunch - ok
07:44:21.0749 5600  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
07:44:21.0795 5600  defragsvc - ok
07:44:21.0826 5600  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:44:21.0866 5600  DfsC - ok
07:44:21.0894 5600  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:44:21.0931 5600  Dhcp - ok
07:44:21.0949 5600  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
07:44:22.0030 5600  discache - ok
07:44:22.0053 5600  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
07:44:22.0064 5600  Disk - ok
07:44:22.0088 5600  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:44:22.0146 5600  Dnscache - ok
07:44:22.0167 5600  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:44:22.0211 5600  dot3svc - ok
07:44:22.0224 5600  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
07:44:22.0274 5600  DPS - ok
07:44:22.0315 5600  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:44:22.0342 5600  drmkaud - ok
07:44:22.0375 5600  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:44:22.0403 5600  DXGKrnl - ok
07:44:22.0426 5600  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
07:44:22.0501 5600  EapHost - ok
07:44:22.0568 5600  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
07:44:22.0680 5600  ebdrv - ok
07:44:22.0699 5600  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
07:44:22.0745 5600  EFS - ok
07:44:22.0797 5600  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:44:22.0876 5600  ehRecvr - ok
07:44:22.0915 5600  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
07:44:22.0964 5600  ehSched - ok
07:44:23.0001 5600  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:44:23.0030 5600  elxstor - ok
07:44:23.0039 5600  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:44:23.0063 5600  ErrDev - ok
07:44:23.0097 5600  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
07:44:23.0139 5600  EventSystem - ok
07:44:23.0150 5600  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
07:44:23.0199 5600  exfat - ok
07:44:23.0205 5600  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:44:23.0239 5600  fastfat - ok
07:44:23.0274 5600  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
07:44:23.0306 5600  Fax - ok
07:44:23.0325 5600  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
07:44:23.0351 5600  fdc - ok
07:44:23.0364 5600  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
07:44:23.0411 5600  fdPHost - ok
07:44:23.0440 5600  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:44:23.0489 5600  FDResPub - ok
07:44:23.0502 5600  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:44:23.0513 5600  FileInfo - ok
07:44:23.0525 5600  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:44:23.0576 5600  Filetrace - ok
07:44:23.0594 5600  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
07:44:23.0618 5600  flpydisk - ok
07:44:23.0646 5600  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:44:23.0661 5600  FltMgr - ok
07:44:23.0701 5600  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
07:44:23.0771 5600  FontCache - ok
07:44:23.0814 5600  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:44:23.0824 5600  FontCache3.0.0.0 - ok
07:44:23.0841 5600  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:44:23.0852 5600  FsDepends - ok
07:44:23.0884 5600  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:44:23.0894 5600  Fs_Rec - ok
07:44:23.0913 5600  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:44:23.0930 5600  fvevol - ok
07:44:23.0939 5600  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:44:23.0951 5600  gagp30kx - ok
07:44:23.0977 5600  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
07:44:24.0031 5600  gpsvc - ok
07:44:24.0098 5600  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:44:24.0120 5600  gupdate - ok
07:44:24.0129 5600  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:44:24.0141 5600  gupdatem - ok
07:44:24.0182 5600  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:44:24.0196 5600  gusvc - ok
07:44:24.0212 5600  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:44:24.0272 5600  hcw85cir - ok
07:44:24.0305 5600  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:44:24.0350 5600  HdAudAddService - ok
07:44:24.0372 5600  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
07:44:24.0396 5600  HDAudBus - ok
07:44:24.0420 5600  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
07:44:24.0453 5600  HidBatt - ok
07:44:24.0469 5600  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:44:24.0508 5600  HidBth - ok
07:44:24.0538 5600  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:44:24.0561 5600  HidIr - ok
07:44:24.0572 5600  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
07:44:24.0615 5600  hidserv - ok
07:44:24.0648 5600  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:44:24.0659 5600  HidUsb - ok
07:44:24.0669 5600  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:44:24.0744 5600  hkmsvc - ok
07:44:24.0770 5600  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:44:24.0828 5600  HomeGroupListener - ok
07:44:24.0852 5600  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:44:24.0884 5600  HomeGroupProvider - ok
07:44:24.0906 5600  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:44:24.0920 5600  HpSAMD - ok
07:44:24.0958 5600  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:44:25.0012 5600  HTTP - ok
07:44:25.0031 5600  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:44:25.0042 5600  hwpolicy - ok
07:44:25.0052 5600  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:44:25.0064 5600  i8042prt - ok
07:44:25.0087 5600  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:44:25.0105 5600  iaStorV - ok
07:44:25.0147 5600  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:44:25.0172 5600  idsvc - ok
07:44:25.0314 5600  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
07:44:25.0495 5600  igfx - ok
07:44:25.0529 5600  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:44:25.0540 5600  iirsp - ok
07:44:25.0552 5600  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
07:44:25.0594 5600  IKEEXT - ok
07:44:25.0691 5600  [ 8F6ED52134EBB4CE2953EC37C9275497 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:44:25.0822 5600  IntcAzAudAddService - ok
07:44:25.0843 5600  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
07:44:25.0854 5600  intelide - ok
07:44:25.0877 5600  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
07:44:25.0898 5600  intelppm - ok
07:44:25.0917 5600  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:44:25.0966 5600  IPBusEnum - ok
07:44:25.0984 5600  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:44:26.0040 5600  IpFilterDriver - ok
07:44:26.0087 5600  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:44:26.0159 5600  iphlpsvc - ok
07:44:26.0180 5600  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:44:26.0196 5600  IPMIDRV - ok
07:44:26.0203 5600  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:44:26.0257 5600  IPNAT - ok
07:44:26.0297 5600  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:44:26.0327 5600  IRENUM - ok
07:44:26.0358 5600  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:44:26.0368 5600  isapnp - ok
07:44:26.0390 5600  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:44:26.0405 5600  iScsiPrt - ok
07:44:26.0432 5600  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:44:26.0443 5600  kbdclass - ok
07:44:26.0470 5600  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:44:26.0498 5600  kbdhid - ok
07:44:26.0510 5600  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
07:44:26.0520 5600  KeyIso - ok
07:44:26.0543 5600  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:44:26.0555 5600  KSecDD - ok
07:44:26.0570 5600  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:44:26.0583 5600  KSecPkg - ok
07:44:26.0599 5600  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:44:26.0645 5600  ksthunk - ok
07:44:26.0693 5600  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:44:26.0785 5600  KtmRm - ok
07:44:26.0810 5600  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:44:26.0855 5600  LanmanServer - ok
07:44:26.0881 5600  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:44:26.0924 5600  LanmanWorkstation - ok
07:44:26.0959 5600  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:44:27.0014 5600  lltdio - ok
07:44:27.0045 5600  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:44:27.0098 5600  lltdsvc - ok
07:44:27.0114 5600  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:44:27.0178 5600  lmhosts - ok
07:44:27.0210 5600  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:44:27.0224 5600  LSI_FC - ok
07:44:27.0235 5600  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:44:27.0249 5600  LSI_SAS - ok
07:44:27.0280 5600  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:44:27.0310 5600  LSI_SAS2 - ok
07:44:27.0326 5600  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:44:27.0340 5600  LSI_SCSI - ok
07:44:27.0362 5600  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
07:44:27.0401 5600  luafv - ok
07:44:27.0442 5600  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:44:27.0477 5600  Mcx2Svc - ok
07:44:27.0495 5600  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:44:27.0508 5600  megasas - ok
07:44:27.0524 5600  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:44:27.0540 5600  MegaSR - ok
07:44:27.0559 5600  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
07:44:27.0613 5600  MMCSS - ok
07:44:27.0633 5600  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
07:44:27.0699 5600  Modem - ok
07:44:27.0719 5600  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:44:27.0743 5600  monitor - ok
07:44:27.0773 5600  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:44:27.0785 5600  mouclass - ok
07:44:27.0809 5600  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:44:27.0822 5600  mouhid - ok
07:44:27.0834 5600  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:44:27.0846 5600  mountmgr - ok
07:44:27.0869 5600  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:44:27.0882 5600  mpio - ok
07:44:27.0899 5600  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:44:27.0931 5600  mpsdrv - ok
07:44:27.0950 5600  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:44:28.0005 5600  MpsSvc - ok
07:44:28.0020 5600  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:44:28.0061 5600  MRxDAV - ok
07:44:28.0093 5600  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:44:28.0140 5600  mrxsmb - ok
07:44:28.0179 5600  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:44:28.0239 5600  mrxsmb10 - ok
07:44:28.0251 5600  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:44:28.0309 5600  mrxsmb20 - ok
07:44:28.0334 5600  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:44:28.0362 5600  msahci - ok
07:44:28.0376 5600  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:44:28.0393 5600  msdsm - ok
07:44:28.0413 5600  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
07:44:28.0444 5600  MSDTC - ok
07:44:28.0465 5600  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:44:28.0516 5600  Msfs - ok
07:44:28.0528 5600  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:44:28.0575 5600  mshidkmdf - ok
07:44:28.0602 5600  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:44:28.0613 5600  msisadrv - ok
07:44:28.0643 5600  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:44:28.0688 5600  MSiSCSI - ok
07:44:28.0693 5600  msiserver - ok
07:44:28.0710 5600  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:44:28.0741 5600  MSKSSRV - ok
07:44:28.0758 5600  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:44:28.0798 5600  MSPCLOCK - ok
07:44:28.0820 5600  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:44:28.0862 5600  MSPQM - ok
07:44:28.0880 5600  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:44:28.0897 5600  MsRPC - ok
07:44:28.0927 5600  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
07:44:28.0938 5600  mssmbios - ok
07:44:28.0951 5600  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:44:29.0001 5600  MSTEE - ok
07:44:29.0015 5600  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:44:29.0027 5600  MTConfig - ok
07:44:29.0045 5600  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
07:44:29.0057 5600  Mup - ok
07:44:29.0080 5600  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
07:44:29.0136 5600  napagent - ok
07:44:29.0178 5600  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:44:29.0210 5600  NativeWifiP - ok
07:44:29.0255 5600  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:44:29.0282 5600  NDIS - ok
07:44:29.0303 5600  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:44:29.0335 5600  NdisCap - ok
07:44:29.0361 5600  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:44:29.0434 5600  NdisTapi - ok
07:44:29.0455 5600  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:44:29.0518 5600  Ndisuio - ok
07:44:29.0533 5600  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:44:29.0588 5600  NdisWan - ok
07:44:29.0611 5600  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:44:29.0658 5600  NDProxy - ok
07:44:29.0680 5600  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:44:29.0712 5600  NetBIOS - ok
07:44:29.0723 5600  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:44:29.0757 5600  NetBT - ok
07:44:29.0766 5600  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
07:44:29.0776 5600  Netlogon - ok
07:44:29.0811 5600  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
07:44:29.0865 5600  Netman - ok
07:44:29.0887 5600  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
07:44:29.0926 5600  netprofm - ok
07:44:29.0951 5600  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:44:29.0962 5600  NetTcpPortSharing - ok
07:44:30.0019 5600  [ 777DD328D61A3756BC9893FB14D7E288 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
07:44:30.0037 5600  Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
07:44:30.0037 5600  Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
07:44:30.0057 5600  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:44:30.0089 5600  nfrd960 - ok
07:44:30.0106 5600  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:44:30.0149 5600  NlaSvc - ok
07:44:30.0165 5600  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:44:30.0228 5600  Npfs - ok
07:44:30.0243 5600  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
07:44:30.0290 5600  nsi - ok
07:44:30.0303 5600  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:44:30.0345 5600  nsiproxy - ok
07:44:30.0402 5600  [ B8965FB53551B5455630A4B804D0791F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:44:30.0442 5600  Ntfs - ok
07:44:30.0455 5600  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
07:44:30.0500 5600  Null - ok
07:44:30.0717 5600  [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:44:31.0033 5600  nvlddmkm - ok
07:44:31.0066 5600  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:44:31.0079 5600  nvraid - ok
07:44:31.0098 5600  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:44:31.0112 5600  nvstor - ok
07:44:31.0137 5600  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:44:31.0149 5600  nv_agp - ok
07:44:31.0162 5600  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:44:31.0189 5600  ohci1394 - ok
07:44:31.0225 5600  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:44:31.0236 5600  ose - ok
07:44:31.0362 5600  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:44:31.0511 5600  osppsvc - ok
07:44:31.0530 5600  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:44:31.0586 5600  p2pimsvc - ok
07:44:31.0613 5600  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:44:31.0636 5600  p2psvc - ok
07:44:31.0677 5600  [ 7C13FB24315FD6D2894F2E41E8276183 ] PAC7311         C:\Windows\system32\DRIVERS\PA707UCM.SYS
07:44:31.0705 5600  PAC7311 - ok
07:44:31.0722 5600  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
07:44:31.0736 5600  Parport - ok
07:44:31.0757 5600  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:44:31.0770 5600  partmgr - ok
07:44:31.0786 5600  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:44:31.0816 5600  PcaSvc - ok
07:44:31.0833 5600  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
07:44:31.0848 5600  pci - ok
07:44:31.0862 5600  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
07:44:31.0874 5600  pciide - ok
07:44:31.0894 5600  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:44:31.0910 5600  pcmcia - ok
07:44:31.0926 5600  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:44:31.0937 5600  pcw - ok
07:44:31.0957 5600  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:44:31.0998 5600  PEAUTH - ok
07:44:32.0067 5600  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:44:32.0091 5600  PerfHost - ok
07:44:32.0143 5600  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
07:44:32.0209 5600  pla - ok
07:44:32.0247 5600  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:44:32.0277 5600  PlugPlay - ok
07:44:32.0358 5600  [ B597C2C966B447E011B4AE1B4D053677 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
07:44:32.0391 5600  PMBDeviceInfoProvider - ok
07:44:32.0408 5600  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:44:32.0440 5600  PNRPAutoReg - ok
07:44:32.0449 5600  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:44:32.0466 5600  PNRPsvc - ok
07:44:32.0514 5600  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:44:32.0589 5600  PolicyAgent - ok
07:44:32.0626 5600  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
07:44:32.0675 5600  Power - ok
07:44:32.0716 5600  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:44:32.0769 5600  PptpMiniport - ok
07:44:32.0787 5600  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
07:44:32.0812 5600  Processor - ok
07:44:32.0842 5600  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:44:32.0876 5600  ProfSvc - ok
07:44:32.0881 5600  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:44:32.0891 5600  ProtectedStorage - ok
07:44:32.0907 5600  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:44:32.0958 5600  Psched - ok
07:44:32.0987 5600  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
07:44:32.0998 5600  PSI_SVC_2 - ok
07:44:33.0056 5600  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:44:33.0117 5600  ql2300 - ok
07:44:33.0131 5600  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:44:33.0144 5600  ql40xx - ok
07:44:33.0168 5600  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
07:44:33.0187 5600  QWAVE - ok
07:44:33.0200 5600  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:44:33.0245 5600  QWAVEdrv - ok
07:44:33.0269 5600  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:44:33.0326 5600  RasAcd - ok
07:44:33.0359 5600  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:44:33.0427 5600  RasAgileVpn - ok
07:44:33.0450 5600  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
07:44:33.0500 5600  RasAuto - ok
07:44:33.0515 5600  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:44:33.0548 5600  Rasl2tp - ok
07:44:33.0568 5600  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
07:44:33.0602 5600  RasMan - ok
07:44:33.0621 5600  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:44:33.0654 5600  RasPppoe - ok
07:44:33.0671 5600  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:44:33.0720 5600  RasSstp - ok
07:44:33.0743 5600  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:44:33.0777 5600  rdbss - ok
07:44:33.0788 5600  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
07:44:33.0801 5600  rdpbus - ok
07:44:33.0815 5600  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:44:33.0861 5600  RDPCDD - ok
07:44:33.0867 5600  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:44:33.0903 5600  RDPENCDD - ok
07:44:33.0909 5600  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:44:33.0941 5600  RDPREFMP - ok
07:44:33.0965 5600  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:44:34.0000 5600  RDPWD - ok
07:44:34.0016 5600  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:44:34.0030 5600  rdyboost - ok
07:44:34.0061 5600  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:44:34.0095 5600  RemoteAccess - ok
07:44:34.0101 5600  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:44:34.0150 5600  RemoteRegistry - ok
07:44:34.0168 5600  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:44:34.0217 5600  RpcEptMapper - ok
07:44:34.0243 5600  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
07:44:34.0266 5600  RpcLocator - ok
07:44:34.0287 5600  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
07:44:34.0322 5600  RpcSs - ok
07:44:34.0341 5600  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:44:34.0374 5600  rspndr - ok
07:44:34.0413 5600  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
07:44:34.0431 5600  RTL8167 - ok
07:44:34.0465 5600  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
07:44:34.0487 5600  RTL8192su - ok
07:44:34.0500 5600  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
07:44:34.0510 5600  SamSs - ok
07:44:34.0537 5600  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:44:34.0560 5600  sbp2port - ok
07:44:34.0576 5600  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:44:34.0630 5600  SCardSvr - ok
07:44:34.0647 5600  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:44:34.0695 5600  scfilter - ok
07:44:34.0732 5600  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
07:44:34.0788 5600  Schedule - ok
07:44:34.0803 5600  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:44:34.0833 5600  SCPolicySvc - ok
07:44:34.0857 5600  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:44:34.0897 5600  SDRSVC - ok
07:44:34.0921 5600  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:44:34.0953 5600  secdrv - ok
07:44:34.0965 5600  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
07:44:34.0996 5600  seclogon - ok
07:44:35.0003 5600  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
07:44:35.0036 5600  SENS - ok
07:44:35.0056 5600  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:44:35.0090 5600  SensrSvc - ok
07:44:35.0120 5600  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
07:44:35.0150 5600  Serenum - ok
07:44:35.0176 5600  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
07:44:35.0209 5600  Serial - ok
07:44:35.0229 5600  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:44:35.0247 5600  sermouse - ok
07:44:35.0275 5600  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:44:35.0366 5600  SessionEnv - ok
07:44:35.0381 5600  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:44:35.0411 5600  sffdisk - ok
07:44:35.0436 5600  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:44:35.0470 5600  sffp_mmc - ok
07:44:35.0493 5600  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:44:35.0509 5600  sffp_sd - ok
07:44:35.0535 5600  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:44:35.0563 5600  sfloppy - ok
07:44:35.0611 5600  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
07:44:35.0638 5600  Sftfs - ok
07:44:35.0699 5600  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
07:44:35.0716 5600  sftlist - ok
07:44:35.0743 5600  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
07:44:35.0757 5600  Sftplay - ok
07:44:35.0761 5600  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
07:44:35.0770 5600  Sftredir - ok
07:44:35.0775 5600  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
07:44:35.0784 5600  Sftvol - ok
07:44:35.0807 5600  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
07:44:35.0820 5600  sftvsa - ok
07:44:35.0835 5600  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:44:35.0871 5600  SharedAccess - ok
07:44:35.0894 5600  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:44:35.0948 5600  ShellHWDetection - ok
07:44:35.0973 5600  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:44:35.0985 5600  SiSRaid2 - ok
07:44:35.0996 5600  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:44:36.0008 5600  SiSRaid4 - ok
07:44:36.0142 5600  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
07:44:36.0264 5600  Skype C2C Service - ok
07:44:36.0318 5600  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:44:36.0345 5600  SkypeUpdate - ok
07:44:36.0379 5600  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:44:36.0416 5600  Smb - ok
07:44:36.0441 5600  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:44:36.0483 5600  SNMPTRAP - ok
07:44:36.0505 5600  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:44:36.0523 5600  spldr - ok
07:44:36.0557 5600  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
07:44:36.0594 5600  Spooler - ok
07:44:36.0680 5600  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
07:44:36.0830 5600  sppsvc - ok
07:44:36.0852 5600  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:44:36.0885 5600  sppuinotify - ok
07:44:36.0907 5600  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:44:36.0935 5600  srv - ok
07:44:36.0948 5600  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:44:36.0978 5600  srv2 - ok
07:44:37.0001 5600  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:44:37.0027 5600  srvnet - ok
07:44:37.0081 5600  [ 4C26CD40C0CE9B443E9D35401B2154BA ] SrvUpdater      C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
07:44:37.0104 5600  SrvUpdater ( UnsignedFile.Multi.Generic ) - warning
07:44:37.0104 5600  SrvUpdater - detected UnsignedFile.Multi.Generic (1)
07:44:37.0144 5600  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:44:37.0213 5600  SSDPSRV - ok
07:44:37.0221 5600  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:44:37.0254 5600  SstpSvc - ok
07:44:37.0259 5600  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:44:37.0270 5600  stexstor - ok
07:44:37.0300 5600  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
07:44:37.0335 5600  stisvc - ok
07:44:37.0361 5600  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
07:44:37.0372 5600  swenum - ok
07:44:37.0396 5600  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
07:44:37.0450 5600  swprv - ok
07:44:37.0506 5600  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
07:44:37.0612 5600  SysMain - ok
07:44:37.0628 5600  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:44:37.0660 5600  TabletInputService - ok
07:44:37.0683 5600  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:44:37.0737 5600  TapiSrv - ok
07:44:37.0753 5600  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
07:44:37.0809 5600  TBS - ok
07:44:37.0879 5600  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:44:37.0942 5600  Tcpip - ok
07:44:37.0973 5600  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:44:38.0012 5600  TCPIP6 - ok
07:44:38.0036 5600  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:44:38.0060 5600  tcpipreg - ok
07:44:38.0094 5600  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:44:38.0112 5600  TDPIPE - ok
07:44:38.0133 5600  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:44:38.0144 5600  TDTCP - ok
07:44:38.0160 5600  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:44:38.0208 5600  tdx - ok
07:44:38.0239 5600  [ 4283D7125BA4BD0CB50BB0F78B54257A ] TelekomNM6      C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
07:44:38.0249 5600  TelekomNM6 - ok
07:44:38.0281 5600  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
07:44:38.0294 5600  TermDD - ok
07:44:38.0304 5600  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
07:44:38.0423 5600  TermService - ok
07:44:38.0448 5600  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
07:44:38.0497 5600  Themes - ok
07:44:38.0515 5600  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
07:44:38.0551 5600  THREADORDER - ok
07:44:38.0564 5600  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
07:44:38.0598 5600  TrkWks - ok
07:44:38.0632 5600  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:44:38.0677 5600  TrustedInstaller - ok
07:44:38.0700 5600  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:44:38.0749 5600  tssecsrv - ok
07:44:38.0766 5600  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:44:38.0797 5600  TsUsbFlt - ok
07:44:38.0821 5600  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
07:44:38.0832 5600  TsUsbGD - ok
07:44:38.0863 5600  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:44:38.0907 5600  tunnel - ok
07:44:38.0936 5600  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:44:38.0948 5600  uagp35 - ok
07:44:38.0962 5600  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:44:39.0009 5600  udfs - ok
07:44:39.0028 5600  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:44:39.0049 5600  UI0Detect - ok
07:44:39.0070 5600  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:44:39.0081 5600  uliagpkx - ok
07:44:39.0114 5600  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:44:39.0126 5600  umbus - ok
07:44:39.0141 5600  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
07:44:39.0152 5600  UmPass - ok
07:44:39.0177 5600  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
07:44:39.0213 5600  upnphost - ok
07:44:39.0266 5600  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:44:39.0314 5600  usbaudio - ok
07:44:39.0339 5600  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:44:39.0382 5600  usbccgp - ok
07:44:39.0407 5600  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:44:39.0440 5600  usbcir - ok
07:44:39.0458 5600  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
07:44:39.0490 5600  usbehci - ok
07:44:39.0534 5600  [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
07:44:39.0544 5600  usbfilter - ok
07:44:39.0560 5600  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
07:44:39.0594 5600  usbhub - ok
07:44:39.0615 5600  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:44:39.0634 5600  usbohci - ok
07:44:39.0671 5600  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:44:39.0697 5600  usbprint - ok
07:44:39.0723 5600  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:44:39.0759 5600  USBSTOR - ok
07:44:39.0782 5600  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:44:39.0811 5600  usbuhci - ok
07:44:39.0828 5600  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
07:44:39.0888 5600  UxSms - ok
07:44:39.0910 5600  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
07:44:39.0921 5600  VaultSvc - ok
07:44:39.0943 5600  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:44:39.0954 5600  vdrvroot - ok
07:44:39.0983 5600  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
07:44:40.0033 5600  vds - ok
07:44:40.0061 5600  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:44:40.0074 5600  vga - ok
07:44:40.0104 5600  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:44:40.0136 5600  VgaSave - ok
07:44:40.0152 5600  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:44:40.0166 5600  vhdmp - ok
07:44:40.0200 5600  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:44:40.0210 5600  viaide - ok
07:44:40.0264 5600  [ 6B272502304DDE4CB552C8CDD90B9CD0 ] Video downloader Updater C:\Program Files\Video downloader\ExtensionUpdaterService.exe
07:44:40.0275 5600  Video downloader Updater - ok
07:44:40.0286 5600  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:44:40.0298 5600  volmgr - ok
07:44:40.0320 5600  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:44:40.0337 5600  volmgrx - ok
07:44:40.0352 5600  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:44:40.0367 5600  volsnap - ok
07:44:40.0395 5600  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:44:40.0408 5600  vsmraid - ok
07:44:40.0449 5600  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
07:44:40.0511 5600  VSS - ok
07:44:40.0516 5600  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:44:40.0529 5600  vwifibus - ok
07:44:40.0547 5600  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:44:40.0564 5600  vwififlt - ok
07:44:40.0584 5600  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
07:44:40.0620 5600  W32Time - ok
07:44:40.0640 5600  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:44:40.0672 5600  WacomPen - ok
07:44:40.0705 5600  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:44:40.0764 5600  WANARP - ok
07:44:40.0768 5600  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:44:40.0798 5600  Wanarpv6 - ok
07:44:40.0894 5600  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
07:44:40.0944 5600  WatAdminSvc - ok
07:44:40.0968 5600  [ 878C947C69EE89E4DBFF9DBD6155C15D ] watchmi         C:\Program Files (x86)\watchmi\TvdService.exe
07:44:40.0988 5600  watchmi ( UnsignedFile.Multi.Generic ) - warning
07:44:40.0988 5600  watchmi - detected UnsignedFile.Multi.Generic (1)
07:44:41.0043 5600  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
07:44:41.0120 5600  wbengine - ok
07:44:41.0140 5600  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:44:41.0173 5600  WbioSrvc - ok
07:44:41.0194 5600  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:44:41.0225 5600  wcncsvc - ok
07:44:41.0239 5600  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:44:41.0277 5600  WcsPlugInService - ok
07:44:41.0291 5600  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
07:44:41.0302 5600  Wd - ok
07:44:41.0331 5600  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:44:41.0358 5600  Wdf01000 - ok
07:44:41.0373 5600  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:44:41.0469 5600  WdiServiceHost - ok
07:44:41.0474 5600  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:44:41.0493 5600  WdiSystemHost - ok
07:44:41.0509 5600  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
07:44:41.0542 5600  WebClient - ok
07:44:41.0559 5600  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:44:41.0594 5600  Wecsvc - ok
07:44:41.0610 5600  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:44:41.0656 5600  wercplsupport - ok
07:44:41.0684 5600  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:44:41.0718 5600  WerSvc - ok
07:44:41.0726 5600  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:44:41.0757 5600  WfpLwf - ok
07:44:41.0771 5600  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:44:41.0782 5600  WIMMount - ok
07:44:41.0805 5600  WinDefend - ok
07:44:41.0810 5600  WinHttpAutoProxySvc - ok
07:44:41.0855 5600  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:44:41.0892 5600  Winmgmt - ok
07:44:41.0947 5600  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
07:44:42.0032 5600  WinRM - ok
07:44:42.0090 5600  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:44:42.0105 5600  WinUsb - ok
07:44:42.0141 5600  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:44:42.0183 5600  Wlansvc - ok
07:44:42.0224 5600  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:44:42.0250 5600  wlcrasvc - ok
07:44:42.0356 5600  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:44:42.0447 5600  wlidsvc - ok
07:44:42.0463 5600  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
07:44:42.0474 5600  WmiAcpi - ok
07:44:42.0505 5600  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:44:42.0533 5600  wmiApSrv - ok
07:44:42.0552 5600  WMPNetworkSvc - ok
07:44:42.0579 5600  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:44:42.0603 5600  WPCSvc - ok
07:44:42.0615 5600  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:44:42.0655 5600  WPDBusEnum - ok
07:44:42.0673 5600  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:44:42.0719 5600  ws2ifsl - ok
07:44:42.0735 5600  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
07:44:42.0765 5600  wscsvc - ok
07:44:42.0769 5600  WSearch - ok
07:44:42.0808 5600  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
07:44:42.0819 5600  wsvd - ok
07:44:42.0874 5600  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:44:42.0938 5600  wuauserv - ok
07:44:42.0959 5600  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:44:43.0002 5600  WudfPf - ok
07:44:43.0036 5600  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:44:43.0070 5600  WUDFRd - ok
07:44:43.0089 5600  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:44:43.0124 5600  wudfsvc - ok
07:44:43.0154 5600  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:44:43.0199 5600  WwanSvc - ok
07:44:43.0223 5600  ================ Scan global ===============================
07:44:43.0247 5600  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:44:43.0276 5600  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
07:44:43.0293 5600  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
07:44:43.0327 5600  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:44:43.0363 5600  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:44:43.0373 5600  [Global] - ok
07:44:43.0374 5600  ================ Scan MBR ==================================
07:44:43.0384 5600  [ 8BCB23B30DB1819E7D8DDAE01AEBB583 ] \Device\Harddisk0\DR0
07:44:46.0067 5600  \Device\Harddisk0\DR0 - ok
07:44:46.0068 5600  ================ Scan VBR ==================================
07:44:46.0074 5600  [ EDD1B3901780B9213D4FC96A17D5FAB6 ] \Device\Harddisk0\DR0\Partition1
07:44:46.0077 5600  \Device\Harddisk0\DR0\Partition1 - ok
07:44:46.0107 5600  [ FA92D7C756E5B6EE75F4B4BA968F882B ] \Device\Harddisk0\DR0\Partition2
07:44:46.0108 5600  \Device\Harddisk0\DR0\Partition2 - ok
07:44:46.0138 5600  [ 91B467B0C2818BCA93D4211F419BB818 ] \Device\Harddisk0\DR0\Partition3
07:44:46.0139 5600  \Device\Harddisk0\DR0\Partition3 - ok
07:44:46.0140 5600  ============================================================
07:44:46.0140 5600  Scan finished
07:44:46.0140 5600  ============================================================
07:44:46.0150 6464  Detected object count: 3
07:44:46.0150 6464  Actual detected object count: 3
07:45:04.0608 6464  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:45:04.0608 6464  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:45:04.0612 6464  SrvUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
07:45:04.0612 6464  SrvUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:45:04.0616 6464  watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
07:45:04.0616 6464  watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:45:37.0167 6288  Deinitialize success
         
Wieder einmal vielen Dank!

Alt 19.04.2013, 14:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Zitat:
07:44:37.0081 5600 [ 4C26CD40C0CE9B443E9D35401B2154BA ] SrvUpdater C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe
Sagt dir das etwas? Sieht iwie nach Müll aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.04.2013, 14:14   #11
Arngrim
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Das ist vermutlich eine Software, die automatisch versucht, Programme auf den aktuellen Stand zu bringen.

Kann ich gerne deinstallieren.

Alt 19.04.2013, 15:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Lächeln

Bundestrojaner - weisser Schirm, OTL.txt anbei



Nee, lass sie mal drauf, ich konnte das eben nicht eindeutig zuordnen

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.04.2013, 17:06   #13
Arngrim
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Hullo, hier gehts weiter:

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-04-19.01 - Stefan 19.04.2013  17:19:01.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3576.1411 [GMT 2:00]
ausgeführt von:: c:\users\Stefan\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PricePeep\prICepeep.dll
c:\users\Stefan\AppData\Roaming\skype.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-19 bis 2013-04-19  ))))))))))))))))))))))))))))))
.
.
2013-04-19 15:33 . 2013-04-19 15:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-18 13:43 . 2013-04-18 13:43	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-18 06:03 . 2013-04-18 06:03	--------	d-----w-	C:\_OTL
2013-04-18 00:20 . 2013-04-18 00:20	--------	d-----w-	C:\totalcmd
2013-04-18 00:20 . 2013-04-18 00:20	--------	d-----w-	c:\users\Stefan\AppData\Roaming\GHISLER
2013-04-18 00:20 . 2012-08-03 06:01	545	----a-w-	c:\windows\UC.PIF
2013-04-18 00:20 . 2012-08-03 06:01	545	----a-w-	c:\windows\RAR.PIF
2013-04-18 00:20 . 2012-08-03 06:01	545	----a-w-	c:\windows\LHA.PIF
2013-04-18 00:20 . 2012-08-03 06:01	545	----a-w-	c:\windows\ARJ.PIF
2013-04-10 04:19 . 2013-02-15 06:08	44032	----a-w-	c:\windows\system32\tsgqec.dll
2013-04-03 14:29 . 2013-04-03 14:29	--------	d-----w-	c:\program files\Video downloader
2013-04-03 14:29 . 2013-04-03 14:29	--------	d-----w-	c:\users\Stefan\AppData\Local\Programs
2013-04-03 14:29 . 2013-04-18 14:08	--------	d-----w-	c:\users\Stefan\AppData\Local\SwvUpdater
2013-04-03 14:29 . 2013-04-19 15:26	--------	d-----w-	c:\program files (x86)\PricePeep
2013-04-03 14:29 . 2013-04-03 14:29	--------	d-----w-	c:\program files (x86)\AutoLyrics
2013-03-26 08:05 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-23 06:14 . 2013-03-23 06:16	--------	d--h--w-	c:\windows\AxInstSV
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 06:22 . 2011-02-10 20:56	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 18:21	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 18:21	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 18:21	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 18:21	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 18:21	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 18:21	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{77BEC163-D389-42c1-91A4-C758846296A5}]
2013-03-14 15:43	164184	----a-w-	c:\program files\Video downloader\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}]
2013-02-27 23:13	109568	----a-w-	c:\program files (x86)\AutoLyrics\autolrcs.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-19 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-12 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-15 688184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Stefan\Desktop\mbar\mbar.exe" [2013-04-18 1398856]
.
c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2010-11-10 1619968]
tcbhn.lnk - c:\users\Stefan\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-6-28 695448]
Versandhelfer.lnk - c:\program files (x86)\Versandhelfer\Versandhelfer.exe [2011-10-19 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-10-19 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-11-09 196376]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 PAC7311;PC VGA Camer@;c:\windows\system32\DRIVERS\PA707UCM.SYS [2007-03-14 524800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-04 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-04-16 40064]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-15 459832]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SrvUpdater;Software Updater;c:\program files (x86)\SoftwareUpdater\UpdaterService.exe [2013-01-02 31744]
S2 Video downloader Updater;Video downloader Updater;c:\program files\Video downloader\ExtensionUpdaterService.exe [2013-03-14 188760]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-03-18 87168]
S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-03-18 188544]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-07 231440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-16 533096]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 61568658
*NewlyCreated* - ASWMBR
*Deregistered* - 61568658
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-17 19:41	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-19 c:\windows\Tasks\Auto Lyrics Update.job
- c:\program files (x86)\AutoLyrics\AutoLyricsUpdater.exe [2013-02-27 23:13]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 11:59]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 11:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77BEC163-D389-42c1-91A4-C758846296A5}]
2013-03-14 15:43	202584	----a-w-	c:\program files\Video downloader\Extension64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
"PAC7311_Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.t-online.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.0.254
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - c:\program files (x86)\PricePeep\pricepeep.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-19  18:00:39
ComboFix-quarantined-files.txt  2013-04-19 16:00
.
Vor Suchlauf: 7 Verzeichnis(se), 863.479.902.208 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 864.383.721.472 Bytes frei
.
- - End Of File - - E7C72AE11C97E5F1AF608B931A10BEFD
         
--- --- ---

Alt 20.04.2013, 15:39   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.04.2013, 18:14   #15
Arngrim
 
Bundestrojaner - weisser Schirm, OTL.txt anbei - Standard

Bundestrojaner - weisser Schirm, OTL.txt anbei



Und die nächste Runde

JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.6 (04.19.2013:1)
OS: Windows 7 Home Premium x64
Ran by Stefan on 20.04.2013 at 18:40:23,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\blabbers
Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricepeep
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\pricepeep.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3271326
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}



~~~ Files

Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\Windows\syswow64\sho293A.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Stefan\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Users\Stefan\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Stefan\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\Stefan\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\pricepeep"
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{08FFE0E8-BB2F-4F17-8774-BA2FD79CF843}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{0D21F59A-31F5-4A89-90F6-EE0A97B18D6E}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{31E873BA-9409-4C72-941B-AAA02842D82C}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{35BAD99D-103E-4D5B-8E76-5A5809E25DC3}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{3D5B6EF0-BD71-4B1E-A57B-B3D28A7E2697}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{4058D757-C706-425B-A473-07808778605E}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{47355481-1F57-48E1-964D-CA0D20FE7323}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{54E7982A-ADD7-436B-80C0-A44B4214ABB2}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{5505C511-41C3-4AD2-B6C3-4C416004E7EA}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{56C97D93-ED6B-4E66-B2AA-33787E77A91F}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{638F1328-592D-448A-8B17-364F9E8F1888}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{64193879-EE3E-4540-BFAF-ED31A136F627}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{69E3618D-24C7-4AE6-9054-A0021013DAA7}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{735EB111-6CFA-4558-AA53-D79F5BB0B1D8}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{736072F0-D1D8-48BA-B305-3E8558D453A5}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{782F964B-050C-43C0-A157-FB4563D690DA}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{7F332221-3FCE-49AE-B3E8-5FFBB983D061}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{8321DB58-FE61-4916-9389-10F42DE31F85}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{84D73F60-B9C1-4C0F-90C7-3F4104DEAF0B}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{8E74FBB5-55A5-4642-B1C5-BD7DE8E13A48}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{90823F87-4006-43DE-99DF-705970360FBB}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{9751E4BC-E1D9-42C8-A299-9A3618D4CE95}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{9876D516-ABC0-447A-9995-A4A411638B9E}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{996E09BE-FDC5-4688-A23A-D6747921A4FE}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{A5029966-0066-4251-9FE7-CC73867C0353}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{A622AA1B-4681-4A0F-BDFD-052F792CB60E}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{B4440B22-284A-4093-8A6E-8F9CEA08FF75}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{B45BE4ED-84FD-4744-A099-8F0F9015DECD}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{C586924D-B824-4CB1-A60C-C6432DED5946}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{C99209C5-B535-476D-87C2-FF0709BF55BD}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{D7DB0555-85DD-448E-AFF3-B88E8B1FB614}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{E5B39543-928B-460C-910F-DDFAF53A9442}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{F21E9C46-F7E8-49C7-8E9F-DA30889E3029}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{F3AA7971-7B3C-4542-BC81-C2BD79244723}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{F64AD619-6F1B-43EB-8B01-76BE2E05F3FA}
Successfully deleted: [Empty Folder] C:\Users\Stefan\appdata\local\{F8BB6018-C371-444F-8BF4-18CA52980997}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.04.2013 at 18:46:49,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 20/04/2013 um 18:57:59 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : SrvUpdater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
Ordner Gelöscht : C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpclaadplefadichadojiifaphaphloj
Ordner Gelöscht : C:\Users\Stefan\AppData\Local\PackageAware

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\jpclaadplefadichadojiifaphaphloj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpclaadplefadichadojiifaphaphloj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2689 octets] - [20/04/2013 18:57:59]

########## EOF - C:\AdwCleaner[S1].txt - [2749 octets] ##########
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.04.2013 19:03:20 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 45,83% Memory free
6,98 Gb Paging File | 4,60 Gb Available in Paging File | 65,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 890,41 Gb Total Space | 805,10 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,40 Gb Free Space | 48,49% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Video downloader\ExtensionUpdaterService.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Video downloader Updater) -- C:\Program Files\Video downloader\ExtensionUpdaterService.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (TelekomNM6) -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PAC7311) -- C:\Windows\SysNative\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (Null) -- C:\Windows\SysWow64\NULL ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{1FF9221C-3E83-47EE-B989-A9955FB6716B}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-42072-3/4?satitle={searchTerms}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{2F08C81A-04A2-40E0-A63D-1889C1F29AD9}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{381A0D9E-B80C-4BEB-B49C-267D4B5C6782}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393DE456
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{6059F284-DFEE-4B81-817C-D02A534CE54F}: "URL" = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{697CA09E-7805-431F-A7C5-AFA43E8168DC}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{875521AB-392C-4F59-B097-315E10664D4D}: "URL" = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{8E5328A6-C4D3-486F-AA45-F293D72F14F5}: "URL" = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{96AF0656-3EE6-42FC-9B04-321DE173E817}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{CFD9CE93-A38E-4D26-98D1-6A0748399ABA}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3271326&CUI=UN85672590332425168
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{EFB04DA9-7339-49C7-901F-C2498EDB7BD1}: "URL" = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\SearchScopes\{F272B28E-873B-41BF-B851-E89441EB57D1}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-919036651-576598089-3771645104-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\PROGRAM FILES\VIDEO DOWNLOADER\FIREFOX [2013.04.03 16:29:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\Program Files\Video downloader\Firefox [2013.04.03 16:29:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\autolyrics@man-soft.net: C:\Program Files (x86)\AutoLyrics\FF\ [2013.04.03 16:29:41 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Auto Lyrics = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf\1.110_0\
 
O1 HOSTS File: ([2013.04.19 17:33:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Video downloader) - {77BEC163-D389-42c1-91A4-C758846296A5} - C:\Program Files\Video downloader\Extension64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Video downloader) - {77BEC163-D389-42c1-91A4-C758846296A5} - C:\Program Files\Video downloader\Extension32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Auto Lyrics) - {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - C:\Program Files (x86)\AutoLyrics\autolrcs.dll (Mansoft Union)
O3:64bit: - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3:64bit: - HKU\S-1-5-21-919036651-576598089-3771645104-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-919036651-576598089-3771645104-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-919036651-576598089-3771645104-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E402F878-83D6-4346-B616-4923CEF8C0AC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94F8658-7079-4071-AA59-FB256BF9D92F}: DhcpNameServer = 192.168.0.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.20 18:42:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.20 18:40:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.20 18:40:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.19 17:17:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.19 17:17:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.19 17:17:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.19 17:17:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.19 17:16:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.18 15:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.18 15:43:03 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\mbar
[2013.04.18 08:03:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.18 02:20:43 | 000,000,000 | ---D | C] -- C:\totalcmd
[2013.04.18 02:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
[2013.04.18 02:20:43 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GHISLER
[2013.04.10 08:21:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 08:21:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 08:21:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 08:21:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 08:21:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 08:21:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 08:21:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.10 08:21:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.10 08:21:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 08:21:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.10 08:21:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.10 08:21:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 08:21:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 08:21:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.10 08:21:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 06:19:16 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 06:19:16 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 06:19:16 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 06:19:16 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 06:19:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 06:19:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 06:19:05 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 06:19:04 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 06:19:04 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 06:19:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 06:19:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 06:19:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.03 16:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Video downloader
[2013.04.03 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Programs
[2013.04.03 16:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoLyrics
[2013.03.26 10:05:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.23 08:14:03 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.20 19:06:52 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.20 19:06:52 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.20 18:59:49 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.04.20 18:59:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.20 18:59:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.20 18:59:10 | 2812,383,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.20 18:41:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.19 17:33:34 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.19 07:41:53 | 000,000,512 | ---- | M] () -- C:\Users\Stefan\Desktop\MBR.dat
[2013.04.18 16:20:27 | 487,900,112 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.18 02:20:44 | 000,000,636 | ---- | M] () -- C:\Users\Public\Desktop\Total Commander.lnk
[2013.04.18 02:18:13 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.18 02:18:13 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.18 02:18:13 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.18 02:18:13 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.18 02:18:13 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.17 21:42:18 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.10 21:51:56 | 000,465,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.19 17:17:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.19 17:17:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.19 17:17:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.19 17:17:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.19 17:17:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.19 07:41:53 | 000,000,512 | ---- | C] () -- C:\Users\Stefan\Desktop\MBR.dat
[2013.04.18 02:20:44 | 000,000,636 | ---- | C] () -- C:\Users\Public\Desktop\Total Commander.lnk
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2013.04.18 02:20:43 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2013.04.03 16:29:41 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\Auto Lyrics Update.job
[2013.02.23 17:03:08 | 000,014,737 | ---- | C] () -- C:\Users\Stefan\ESt2012_Matthiesen_Stefan.elfo
[2013.02.23 16:56:55 | 000,097,178 | ---- | C] () -- C:\Users\Stefan\ESt2012_Matthiesen_Stefan_und_Matthiesen_Martina2.elfo
[2013.02.23 16:50:51 | 000,063,796 | ---- | C] () -- C:\Users\Stefan\ESt2012_Matthiesen_Stefan_und_Matthiesen_MartinaSina.elfo
[2013.02.23 16:41:13 | 000,004,843 | ---- | C] () -- C:\Users\Stefan\ESt2012_Matthiesen_Stefan_und_Matthiesen_Martina.elfo
[2012.08.05 16:35:58 | 180,531,324 | ---- | C] () -- C:\Users\Stefan\postkarte sina selber.cpr
[2011.12.27 09:22:00 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\vpeyecamera.dat
[2011.12.27 09:02:48 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP7311.ini
[2011.12.27 09:02:11 | 000,000,392 | ---- | C] () -- C:\Windows\WebEye.ini
[2011.12.27 09:02:10 | 000,106,496 | ---- | C] () -- C:\Windows\JAPI.DLL
[2011.12.27 09:02:10 | 000,035,600 | ---- | C] () -- C:\Windows\AMCAP.EXE
[2011.12.27 09:01:43 | 000,172,032 | ---- | C] () -- C:\Windows\JAPI2.DLL
[2011.11.22 22:38:31 | 924,183,670 | ---- | C] () -- C:\Users\Stefan\Svenja Shearer.cpr
[2011.11.16 16:00:10 | 667,791,551 | ---- | C] () -- C:\Users\Stefan\Svenja11.cpr
[2011.11.16 14:39:45 | 150,449,574 | ---- | C] () -- C:\Users\Stefan\Svenja.cpr
[2011.10.23 09:01:35 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.08 08:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.06.28 20:26:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.27 23:01:38 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.04.2013 19:03:20 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 45,83% Memory free
6,98 Gb Paging File | 4,60 Gb Available in Paging File | 65,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 890,41 Gb Total Space | 805,10 Gb Free Space | 90,42% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,40 Gb Free Space | 48,49% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Deutsche Telekom\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00838A67-3C73-4904-B9A7-B48C9E75604A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{079C2B34-E5D7-4E14-8662-69099D6991AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07DC6630-1486-4509-9618-D3B1E4ACEF43}" = lport=137 | protocol=17 | dir=in | app=system | 
"{09B71C0C-9BC7-40F4-B896-B24A448F487C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14620237-3557-40B0-B17B-D91858F06479}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{179F1444-2B7B-4AD5-A5AC-534CA91DCC25}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E728ED7-1836-4495-B132-06D95793118A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2EF1DC32-27D3-4F5A-A5AF-18B33E7D98A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3445B741-1AE3-4707-BA30-A57BAF1437F4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3CCB2E70-9654-4768-9428-D4E4637EE157}" = rport=137 | protocol=17 | dir=out | app=system | 
"{541E00FC-9FD8-4D79-9E7B-E5235C91B25E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6A0B0351-C621-4E6B-A7BB-083D916AC041}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D98CB6F-87F2-450F-95DD-3AF881FEF96D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{766F0601-D9C1-4F5F-90A9-7AE5FFFFE2CE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{83A7B532-4A8C-4918-B91B-56FFB8586E94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{88EE9E72-348E-47D0-BC68-0E7552373EE8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{933FE8D5-FDD4-42A6-8148-06EE8E9C81B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FB6FA0E-4373-4501-8F1D-2DA7444DDF07}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AF3C4CA5-B6CB-437C-8A34-8C7F5A5E1BA3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{BFD8EA97-0416-42CF-A9AD-8527948C2C38}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C07C3D1A-AB71-428C-AEEE-B4CEA062232A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C24369EB-886D-4106-90B5-46D290B66EDB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6959536-1D6D-47DE-9E9A-BE75CE2A5E06}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EE48C8B7-3068-4EE9-95C0-8DCB8D59A974}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C2C9F6-C873-4E3E-B15B-9C3FA06FD24B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{16207F27-E370-4AFD-A963-EEA943D13737}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{19216D36-9D07-4B74-AD48-0AF0E1A0F94A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{28C88ACF-160B-416D-9E1A-AB4163DCBAB9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{32710EB1-BE7C-42EC-A5C6-27FE14F1B655}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B86849D-2922-411A-BCC2-A60B94317BEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3BDAD8CE-1C21-4782-B501-DB580BE57BB4}" = protocol=6 | dir=out | app=system | 
"{69336183-BD7A-4F7A-9CF3-8FEA13F557BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6A45256D-DB94-49BF-9367-B75EA1339410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{819400AA-3DFF-4BA1-B030-E77546748BE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9CF169E2-60F1-4A66-B1A2-B75158C0299D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5D02DFB-D2D3-476D-B3BF-42996628F632}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A88A5507-9574-47A8-9F6E-E9554C0A8A73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9D5DDA3-7437-4EDD-803E-FA12FB1B5D29}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C15D0955-94AC-436E-B48F-797AB36DCC71}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF7EC0EF-BE97-4C50-88D6-7309BF6735C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D0FE3E92-1948-4C93-BF2A-6C7284E42643}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DD4238C8-26B6-4591-823A-3DF98FC410EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB809854-B94B-48B2-B2CA-E3364AF1DD49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F24B4F6A-E921-4E66-AA7A-C4C4B23F9A62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F8BA434F-3751-4264-BB64-81A691281D5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{FAFD15B1-C5BE-4333-8031-F7305A15B1DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF63BFE2-29F7-403D-9B3B-8C96A0A597E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{48FC9707-1776-4C23-B708-D8B127B136E0}C:\program files (x86)\mmedia\vp-eye\webeye\webeye.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mmedia\vp-eye\webeye\webeye.exe | 
"TCP Query User{BC87614D-07DF-49B1-9E78-12AD1350B6AF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{12DEC07A-BA30-494C-805A-295D557A63FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{D8D852DA-6BA9-487B-B81D-E11388D61BEF}C:\program files (x86)\mmedia\vp-eye\webeye\webeye.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mmedia\vp-eye\webeye\webeye.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3BFAF653-4B91-2C87-82FE-DAF4C0F7BF18}" = AMD Drag and Drop Transcoding
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{77BEC163-D389-42c1-91A4-C758846296A5}_is1" = Video downloader 2.0.0.430
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8836C1BC-29E8-6A94-9D8F-F2D5FDC6F865}" = ATI AVIVO64 Codecs
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9184BC0D-EC76-3910-E813-BFC3ED0DBCB1}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}" = ATI Catalyst Install Manager
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E0DF4F3F-629F-B9E2-C80C-CBA0A0305537}" = AMD Media Foundation Decoders
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)
"{EE483CF3-AE65-E262-268A-493B8A91D920}" = AMD Fuel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Toolbar3 x64_is1" = Toolbar 3.0 der Telekom x64
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0565E7DD-8930-8F67-9D25-5D1DCC033DF0}" = CCC Help Swedish
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{109D0519-2F01-0D66-C43A-55BFEDEDF2DD}" = CCC Help Danish
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1571CDD5-B5BC-94E9-A745-D3E3A215316C}" = CCC Help Spanish
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{298BE2A8-908F-C904-20E7-C13CD1CBB44A}" = CCC Help English
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D741B12-ACE9-4C3D-A006-3E4DAD22CBD2}" = VP-EYE
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5B96BF29-1CC0-42FB-AB2C-1E12E3226E7A}" = Bing Bar
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69143066-1887-30B9-CBC4-BF91626AB643}" = CCC Help Japanese
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81FC1973-09F4-8ADE-0CC5-9FBEF8B7E064}" = CCC Help German
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5E0BB7-2604-72C4-EB4F-FDE56037CA73}" = CCC Help Dutch
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98ACB7E6-3FEA-A8DD-832B-D1F540811E1D}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A68B8A41-A5D1-DC7E-B496-F90F4DA45D0C}" = CCC Help French
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC726FD7-1766-F446-EF0A-7C988A5F7755}" = CCC Help Italian
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACE914C9-4A83-456C-BF29-7A0F68C3461C}" = PC VGA Camer@
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B525C699-B111-377C-857A-4419F5A5094F}" = CCC Help Finnish
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7AAEF77-5094-AEDA-C940-110C00FB6823}" = AMD VISION Engine Control Center
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0781699-4AA9-1ADA-3E2E-315A139C78F4}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F77F8226-DA60-1CC1-02FA-76E8F4B07FF5}" = CCC Help Norwegian
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"autolyrics@man-soft.net" = Auto Lyrics
"Avira AntiVir Desktop" = Avira Free Antivirus
"dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"ElsterFormular" = ElsterFormular
"Galileo Family Quiz - Spezial II" = Galileo Family Quiz - Spezial II
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Netzmanager" = Netzmanager
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SoftwareUpdater" = SoftwareUpdater
"Telekom Fotoservice" = Telekom Fotoservice
"Toolbar3_is1" = Toolbar 3.0 der Telekom
"Totalcmd" = Total Commander (Remove or Repair)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Works2003Setup" = Microsoft Works 2003-Setup-Start
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 20.04.2013 12:58:28 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

Antwort

Themen zu Bundestrojaner - weisser Schirm, OTL.txt anbei
andere, booten, datei, exploit.drop.gs, extras.txt, hallo zusammen, hänge, keine ahnung, pup.blabbers, pup.software.updater, scan, trojan.agent.rns, trojan.phex.thagen4, usb-stick



Ähnliche Themen: Bundestrojaner - weisser Schirm, OTL.txt anbei


  1. Avira Schirm öffnet sich nicht/Bluescreens/Firefox stürzt ab
    Log-Analyse und Auswertung - 10.05.2015 (15)
  2. Adware und Avira's Schirm bleibt zu.
    Log-Analyse und Auswertung - 19.12.2014 (25)
  3. Avira Schirm öffnet nicht mehr
    Log-Analyse und Auswertung - 06.08.2014 (15)
  4. XP-Totalcrash kurz nach "letztem" Update von Windows - nichts geht mehr: Schirm schwarz!
    Alles rund um Windows - 13.04.2014 (7)
  5. Windows 8.1 schwarzer Schirm Maus lässt sich bewegen
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (6)
  6. Regelmäßig Schirm mit weißem Flimmern nach Ruhezustand
    Log-Analyse und Auswertung - 12.02.2014 (5)
  7. Trojaner Schirm "Gesellschaft zur Verfügung von Urheberrechtsverletzungen e.V." - Windows 7
    Log-Analyse und Auswertung - 16.11.2013 (1)
  8. Polizei Trojaner - schwarzer Schirm mit weißem Mauszeiger nach Systemwiederherstellung
    Log-Analyse und Auswertung - 02.08.2013 (9)
  9. weisser Schirm nach Windows start
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (9)
  10. Bundestrojaner o.ä. - weisser Bildschirm
    Log-Analyse und Auswertung - 02.05.2013 (57)
  11. Bundestrojaner, weisser Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (16)
  12. GVU 2.10, Windows XP, OTL anbei
    Log-Analyse und Auswertung - 20.12.2012 (1)
  13. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm "warten s
    Log-Analyse und Auswertung - 17.04.2012 (13)
  14. Weisser Bildschirm "warten sie bis die Verbindung erstellt wurde" Virus Weisser Bildschirm
    Log-Analyse und Auswertung - 15.04.2012 (1)
  15. BKA Trojaner Win XP/ OTL.TXT anbei
    Plagegeister aller Art und deren Bekämpfung - 25.08.2011 (5)
  16. UDP-Traffic? HijackThis-Log anbei
    Log-Analyse und Auswertung - 22.03.2005 (5)
  17. Was habe ich mir da eingefangen?Log anbei
    Log-Analyse und Auswertung - 04.03.2005 (4)

Zum Thema Bundestrojaner - weisser Schirm, OTL.txt anbei - Hallo zusammen, ich habe hier von einer Bekannten ihren PC bekommen, auf dem wohl der Bundestrojaner drauf ist (nach Booten erscheint nur ein weisser Schirm). Da sie selbst keine Ahnung - Bundestrojaner - weisser Schirm, OTL.txt anbei...
Archiv
Du betrachtest: Bundestrojaner - weisser Schirm, OTL.txt anbei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.