Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spyware.Passwords.XGen gefunden - gefährlich oder nicht?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.05.2013, 23:23   #1
demika
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Nabend/Guten Morgen,

habe eben nach längerer Zeit mal wieder mein System mit Malwarebites gescannt und siehe da, es wurde etwas gefunden. Genauer gesagt dieser Schlingel hier: Spyware.Passwords.XGen zu finden unter C:\Windows\Installer\10b972.msi

Habe erstmal nichts gemacht (also weder gelöscht noch in Quarantäne), sondern mir alle nötigen Logfiles besorgt (siehe unten).
Habe von GMER keine Ahnung, hab nur im File gesehen dass mehrmals eine Meldung über ESET Smart Security auftaucht. Kleiner Hinweis dazu: bin entsprechend der Anleitung (Was muß ich vor meinem ersten Thema beachten?) vorgegangen, habe also sowohl die WIN-Firewall als auch ESET abgeschaltet, wobei es bei letzterem keinen An-/Aus Knopf gibt, man kann die Komponenten (Firewall, PC-Schutz etc.) nur einzeln ausschalten -> geschehen.

Was noch zu erwähnen ist: ich war letzten November in Australien und habe mir dort einen Prepaid-Internetstick von Vodafone gekauft (im Laden, kein Straßenhändler o..ä.). Diesen habe ich am 21.11. zum ersten Mal in meinen Laptop gesteckt und ich kann mich noch erinnern, dass damals ESET angeschlagen hat. Habe ich aber weggeklickt die Warnung, weil es halt ein offizieller Vodafone-Stick war. Beim Blick auf C:\Windows\Installer\10b972.msi (verdächtige Datei) ist mir aufgefallen, dass dort bei "letzter Zugriff" der 21.11. steht. Hält man den Coursor einen Moment auf der Datei, dann steht dort u.a. "Thema: Vodafone QuickStart Unistaller. This installer database contains the logic and data require to install Vodafone QuickStart Unistaller."
Könnte es sich also um einen Fehlalarm handeln?

Hier die Logfiles:

Malwarebites

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
*** :: ***-VAIO [Administrator]

09.05.2013 19:41:36
MBAM-log-2013-05-09 (20-58-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444664
Laufzeit: 1 Stunde(n), 1 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\10b972.msi (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

(Ende)
         
OLT.log

Code:
ATTFilter
OTL logfile created on: 09.05.2013 22:42:52 - Run 3
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,10 Gb Available Physical Memory | 69,96% Memory free
11,71 Gb Paging File | 9,90 Gb Available in Paging File | 84,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 329,56 Gb Free Space | 70,76% Space Free | Partition Type: NTFS
Drive D: | 452,23 Gb Total Space | 451,93 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe ()
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV - (Vodafone Mobile Broadband QuickStart) -- C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe ()
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2013.04.03 16:18:33 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.07.14 21:46:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:28:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:28:23 | 000,000,000 | ---D | M]
 
[2012.07.17 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.06 23:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions
[2012.09.02 17:14:26 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2012.09.07 12:45:35 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2013.04.23 09:42:47 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\anttoolbar@ant.com
[2013.04.06 18:59:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\ich@maltegoetz.de
[2012.12.08 04:30:13 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bwuxnece.default\searchplugins\youtube-videosuche.xml
[2013.04.11 23:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.05.06 23:06:09 | 000,114,250 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BWUXNECE.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
[2013.04.11 23:28:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.28 20:46:38 | 000,225,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 13:35:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59805883-2722-43E0-B507-9AAB5A0EF770}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A732EBF7-4B28-4E77-AB6D-7D1558D0E532}: DhcpNameServer = 213.42.20.20 195.229.241.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B406F7F8-0931-4F50-9CAF-5AB186E2ACF4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F29072C8-C163-45FB-A9F4-3A03F4D18C5F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0bb83d50-d186-11e1-bc22-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{0bb83d50-d186-11e1-bc22-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0bb83d54-d186-11e1-bc22-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{0bb83d54-d186-11e1-bc22-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{93693a72-33aa-11e2-9643-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{93693a72-33aa-11e2-9643-c0cb38edcfc5}\Shell\AutoRun\command - "" = G:\setup_QuickStart.exe
O33 - MountPoints2\{a5fa1f26-d0b5-11e1-ae01-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{a5fa1f26-d0b5-11e1-ae01-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5fa1f29-d0b5-11e1-ae01-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{a5fa1f29-d0b5-11e1-ae01-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{abe8942b-d012-11e1-a06b-544249e95afc}\Shell - "" = AutoRun
O33 - MountPoints2\{abe8942b-d012-11e1-a06b-544249e95afc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{abe89430-d012-11e1-a06b-544249e95afc}\Shell - "" = AutoRun
O33 - MountPoints2\{abe89430-d012-11e1-a06b-544249e95afc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b156acfc-d042-11e1-b867-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{b156acfc-d042-11e1-b867-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 22:34:49 | 000,000,000 | ---D | C] -- C:\Users\***\virus
[2013.05.09 17:03:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Schrank
[2013.04.24 16:48:17 | 000,000,000 | ---D | C] -- C:\COAA
[2013.04.24 12:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar
[2013.04.24 12:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuxGuitar
[2013.04.24 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\***\.tuxguitar-1.2
[2013.04.14 12:53:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.04.11 23:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 12:08:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.04.10 12:08:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IrfanView
[2013.04.10 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.04.10 10:12:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 10:12:22 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 10:12:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 10:12:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 10:12:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 10:12:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 10:12:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 10:12:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 10:12:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 10:12:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 10:12:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 10:12:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 10:12:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 10:12:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 10:12:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 10:09:36 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 10:09:34 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 10:09:33 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 10:09:32 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 10:09:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 10:09:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 23:32:44 | 000,000,000 | ---D | C] -- C:\Users\***\Gesundheit
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 22:37:50 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.09 22:37:01 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.09 22:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 19:33:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 18:09:17 | 000,002,089 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.05.09 17:30:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 17:30:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 13:10:11 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.09 11:32:15 | 422,125,567 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 16:38:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.30 16:38:21 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.30 16:38:21 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.30 16:38:21 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.30 16:38:21 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.25 12:23:14 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.25 12:23:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.24 12:50:12 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\TuxGuitar.lnk
[2013.04.18 18:02:07 | 009,771,416 | ---- | M] () -- C:\Users\***\Desktop\econ251.zip
[2013.04.17 12:55:38 | 008,542,374 | ---- | M] () -- C:\Users\***\Desktop\Childish Gambino - Heartbeat (Official Video).mp3
[2013.04.10 16:55:47 | 000,343,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 12:08:20 | 000,000,962 | ---- | M] () -- C:\Users\***\Desktop\IrfanView.lnk
[2013.04.10 10:19:12 | 041,676,336 | ---- | M] () -- C:\Users\***\Desktop\themeforest-168737-karma-clean-and-modern-wordpress-theme.zip
 
========== Files Created - No Company Name ==========
 
[2013.05.09 22:37:50 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.09 22:36:59 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.09 18:09:17 | 000,002,089 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.04.24 12:50:12 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\TuxGuitar.lnk
[2013.04.17 12:55:31 | 008,542,374 | ---- | C] () -- C:\Users\***\Desktop\Childish Gambino - Heartbeat (Official Video).mp3
[2013.04.10 12:08:20 | 000,000,962 | ---- | C] () -- C:\Users\***\Desktop\IrfanView.lnk
[2012.10.16 23:10:32 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.01 22:53:41 | 000,000,054 | ---- | C] () -- C:\Windows\NavWin.INI
[2012.09.01 22:53:16 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\G32_TICK.DLL
[2012.09.01 22:53:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\G32_rkey.dll
[2012.09.01 22:53:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\free_res.exe
[2012.08.03 17:45:40 | 000,000,008 | RH-- | C] () -- C:\Users\***\hwid
[2012.07.27 13:53:42 | 000,002,678 | ---- | C] () -- C:\Users\***\footer.php
[2012.07.25 20:58:40 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.25 20:51:49 | 000,000,043 | ---- | C] () -- C:\Windows\ib.ini
[2012.07.25 12:09:52 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2012.07.17 14:44:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.07 07:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
 
========== LOP Check ==========
 
[2012.07.23 00:02:30 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\AbiSuite
[2012.07.20 20:36:10 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Amazon
[2012.07.17 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ESET
[2012.07.18 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\tradesignal
[2012.07.18 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AbiSuite
[2012.07.29 23:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.10.16 23:10:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CAD-KAS
[2012.08.18 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyberduck
[2012.08.18 23:25:19 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\Cyberduck Updater AU
[2012.07.14 21:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESET
[2012.10.24 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.10.04 20:42:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hdbADS
[2013.04.10 12:08:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.10.04 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MrJobs
[2012.07.17 23:18:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\tradesignal
[2012.08.18 23:25:08 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\wyUpdate AU
[2013.02.07 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ESET
[2013.05.03 11:18:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.log

Code:
ATTFilter
OTL Extras logfile created on: 09.05.2013 22:42:52 - Run 3
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,10 Gb Available Physical Memory | 69,96% Memory free
11,71 Gb Paging File | 9,90 Gb Available in Paging File | 84,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 329,56 Gb Free Space | 70,76% Space Free | Partition Type: NTFS
Drive D: | 452,23 Gb Total Space | 451,93 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{201EAA52-7636-4754-8C3A-703F59F9C74B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B5599D68-3D32-4609-98B2-A42CF8455987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{117F256A-7BDD-48EB-9B2E-D343F7347B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{19C9BC14-9B04-4C97-B654-A38749606C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4DC8CC4D-D649-4C13-8704-3FD3A251990A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5682DC96-DF67-4A3C-BB6A-AC378552DD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{811ED9E7-E2CA-41D9-AD64-5369C77B799C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{88ADA974-5783-4945-B06A-8396876A48C2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{36DD5DA9-7C9B-4169-BDDF-8430D33564AF}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"TCP Query User{6C177520-FC84-48D8-AD05-E8B9515262F2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{70AA0BF8-7C9D-43B1-B671-0577DD7529C0}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"TCP Query User{B9B9F485-FA29-437F-A524-A3E5E20FB542}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{CEA0A7B5-7830-4655-98C6-22EDD36753BF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{D82369DA-1A31-4A5B-8A7B-3B2A7A6ACDE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{DCB119F8-AA84-42A4-92B1-A775907551DA}C:\program files (x86)\coaa\planeplotter\planeplotter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\coaa\planeplotter\planeplotter.exe | 
"UDP Query User{6B19031E-6F11-46F0-994C-4B441FFA84A4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{75A6F61A-03A1-46C7-8CB3-ED7F0E4C57A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A11B0B8E-DBD1-409C-B33F-BE19E2CA546C}C:\program files (x86)\coaa\planeplotter\planeplotter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\coaa\planeplotter\planeplotter.exe | 
"UDP Query User{A207B887-4E5B-4665-97F9-7F998140D32C}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{E2BA7615-B7E5-4AD1-BA4D-5E3E0861BF99}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{E5EC6F7B-6CBC-4EA7-84C8-9EF41376FCB9}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"UDP Query User{FCA3A28D-ECA8-4163-90E2-0770BFBCF5F8}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B39AC27-CF06-4D20-A3B6-5F1BD41A81E8}" = ESET Smart Security
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2735AEFA-57A5-44AD-81B6-BE30CA07C066}" = Tradesignal Online Chart
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{3C76A500-2852-4848-9555-1DB015ABD439}" = NinjaTrader 7
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{676D78AA-4FD4-405D-8872-E63052EF5716}" = Vodafone QuickStart Uninstaller
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}" = Network Recording Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ElsterFormular" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PSPad editor_is1" = PSPad editor
"Trader Workstation 4.0" = Trader Workstation 4.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Screencast-O-Matic" = Screencast-O-Matic
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.03.2013 23:53:30 | Computer Name = ***-VAIO | Source = Application Hang | ID = 1002
Description = Programm gimp-2.8.exe, Version 2.8.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ce4    Startzeit: 
01ce2e8c61f6ee56    Endzeit: 0    Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID:
 b3af9006-9a7f-11e2-983c-582c80139263  
 
Error - 03.04.2013 09:09:48 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 06.04.2013 06:11:05 | Computer Name = ***-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 10.6.3.25, Zeitstempel:
 0x4fd16377  Name des fehlerhaften Moduls: iTunes.dll, Version: 10.6.3.25, Zeitstempel:
 0x4fd1634f  Ausnahmecode: 0xc000041d  Fehleroffset: 0x001083a8  ID des fehlerhaften Prozesses:
 0x868  Startzeit der fehlerhaften Anwendung: 0x01ce329b4393e41c  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\iTunes\iTunes.dll  Berichtskennung: 4ab5dbdd-9ea2-11e2-9119-544249e95afc
 
Error - 07.04.2013 11:00:03 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 09.04.2013 10:09:39 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 14.04.2013 13:00:02 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 21.04.2013 16:29:02 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 28.04.2013 13:40:15 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 06.05.2013 13:00:33 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 07.05.2013 17:09:14 | Computer Name = ***-VAIO | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.6.3.25 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1268    Startzeit:
 01ce4b66fde845ae    Endzeit: 8    Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe

Berichts-ID:
   
 
[ System Events ]
Error - 25.04.2013 17:06:39 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?04.?2013 um 14:35:21 unerwartet heruntergefahren.
 
Error - 29.04.2013 15:30:53 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?04.?2013 um 20:55:14 unerwartet heruntergefahren.
 
Error - 01.05.2013 16:29:35 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?05.?2013 um 22:18:31 unerwartet heruntergefahren.
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 03.05.2013 05:18:19 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?05.?2013 um 10:07:46 unerwartet heruntergefahren.
 
Error - 06.05.2013 16:59:33 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?05.?2013 um 20:27:21 unerwartet heruntergefahren.
 
 
< End of report >
         
gmer.log

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-09 23:56:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 ST9500325AS rev.0006SDM2 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\ugtyipog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1636] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter  00000000753287b1 4 bytes [C2, 04, 00, 00]
.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1636] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69       0000000074c31465 2 bytes [C3, 74]
.text  C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1636] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155      0000000074c314bb 2 bytes [C3, 74]
.text  ...                                                                                                                        * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38edcfc5                                                
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38edcfc5 (not active ControlSet)                            

---- EOF - GMER 2.1 ----
         

Alt 09.05.2013, 23:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.05.2013, 09:51   #3
demika
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Moin cos,

ja, kann noch folgende Logs bieten:

Malwarebytes vom 13.08.2012 ohne Funde

Malwarebytes vom 8.12.2012

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-VAIO [Administrator]

08.12.2012 14:08:46
mbam-log-2012-12-08 (14-08-46).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227232
Laufzeit: 4 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\MobileBroadbandQuickStartService\installHelper.exe (Spyware.Passwords.XGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Befindet sich nach wie vor in Quarantäne.

Malwarebytes vom 18.12.2012 ohne Funde

Die gleiche Datei wurde also schonmal gefunden, dann in Quarantände geschickt. Beim nächsten Scan war alles sauber. Gestern beim Scan dann wieder diese Datei (zumindest gleicher Name) an anderem Ort.

Vielleicht hilft das noch: habe mir nochmal die Daten der verdächtigen Datei und dem Vodafone QuickStart Programm angeguckt. Beide wurde am 21.11.'12 erstellt (wo ich den Stick zum ersten Mal in den USB gesteckt hab), der letzte Zugriff auf C:\Windows\Installer\10b972.msi erfolgte 13 Sekunden nachdem der QuickStart-Ordner angelegt wurde. Insofern kann ich es mir nicht durch Zufall kurz danach beim Surfen geholt haben.

Viele Grüße
__________________

Geändert von demika (10.05.2013 um 09:59 Uhr)

Alt 10.05.2013, 19:19   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Zitat:
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\***\Downloads
Hm, warum erwendest du eine so alte Version von OTL? Normalerweise sollten Analysetools wie OTL immer neu runtergeladen werden, damit sichergestellt wird, dass man auch die aktuelle Version hat

Eine neue Kontrolle mit aktuellem OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.05.2013, 23:47   #5
demika
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Zitat:
Zitat von cosinus Beitrag anzeigen
Hm, warum erwendest du eine so alte Version von OTL? Normalerweise sollten Analysetools wie OTL immer neu runtergeladen werden, damit sichergestellt wird, dass man auch die aktuelle Version hat
Hatte das noch von meinem letzten Trojaner, dann vergessen zu aktualisieren.

Hier das neue Log:

OTL.Log

Code:
ATTFilter
OTL logfile created on: 12.05.2013 00:30:39 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 78,94% Memory free
11,71 Gb Paging File | 10,34 Gb Available in Paging File | 88,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 332,14 Gb Free Space | 71,31% Space Free | Partition Type: NTFS
Drive D: | 452,23 Gb Total Space | 451,93 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe ()
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Vodafone Mobile Broadband QuickStart) -- C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe ()
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B1acd747e-8470-11db-96a9-00e08161165f%7D:6.3.7.117
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.8
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2013.04.03 16:18:33 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.05.10 00:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.05.10 00:38:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:28:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:28:23 | 000,000,000 | ---D | M]
 
[2012.07.17 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.11 11:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions
[2012.09.02 17:14:26 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2012.09.07 12:45:35 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2013.04.23 09:42:47 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\anttoolbar@ant.com
[2013.04.06 18:59:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\ich@maltegoetz.de
[2013.05.11 11:49:02 | 002,167,422 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\extensions\firebug@software.joehewitt.com.xpi
[2013.05.06 23:06:09 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\extensions\nosquint@urandom.ca.xpi
[2012.12.08 04:30:13 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\searchplugins\youtube-videosuche.xml
[2013.04.11 23:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.11 23:28:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.28 20:46:38 | 000,225,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 13:35:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59805883-2722-43E0-B507-9AAB5A0EF770}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A732EBF7-4B28-4E77-AB6D-7D1558D0E532}: DhcpNameServer = 213.42.20.20 195.229.241.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B406F7F8-0931-4F50-9CAF-5AB186E2ACF4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F29072C8-C163-45FB-A9F4-3A03F4D18C5F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0bb83d50-d186-11e1-bc22-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{0bb83d50-d186-11e1-bc22-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0bb83d54-d186-11e1-bc22-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{0bb83d54-d186-11e1-bc22-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{93693a72-33aa-11e2-9643-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{93693a72-33aa-11e2-9643-c0cb38edcfc5}\Shell\AutoRun\command - "" = G:\setup_QuickStart.exe
O33 - MountPoints2\{a5fa1f26-d0b5-11e1-ae01-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{a5fa1f26-d0b5-11e1-ae01-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5fa1f29-d0b5-11e1-ae01-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{a5fa1f29-d0b5-11e1-ae01-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{abe8942b-d012-11e1-a06b-544249e95afc}\Shell - "" = AutoRun
O33 - MountPoints2\{abe8942b-d012-11e1-a06b-544249e95afc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{abe89430-d012-11e1-a06b-544249e95afc}\Shell - "" = AutoRun
O33 - MountPoints2\{abe89430-d012-11e1-a06b-544249e95afc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b156acfc-d042-11e1-b867-c0cb38edcfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{b156acfc-d042-11e1-b867-c0cb38edcfc5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.11 11:27:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.10 00:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.05.10 00:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.05.10 00:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.05.09 22:34:49 | 000,000,000 | ---D | C] -- C:\Users\***\virus
[2013.05.09 17:03:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Schrank
[2013.04.24 16:48:17 | 000,000,000 | ---D | C] -- C:\COAA
[2013.04.24 12:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar
[2013.04.24 12:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuxGuitar
[2013.04.24 11:41:30 | 000,000,000 | ---D | C] -- C:\Users\***\.tuxguitar-1.2
[2013.04.14 12:53:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.12 00:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.11 23:15:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.11 23:15:33 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.11 23:07:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.11 23:07:46 | 422,125,567 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.11 20:29:44 | 150,822,488 | ---- | M] () -- C:\Users\***\Desktop\vista_recover_x86.iso
[2013.05.11 11:28:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.05.09 22:51:37 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.09 22:37:50 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.09 22:37:01 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.09 18:09:17 | 000,002,089 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.05.09 13:10:11 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.30 16:38:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.30 16:38:21 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.30 16:38:21 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.30 16:38:21 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.30 16:38:21 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.25 12:23:14 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.25 12:23:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.24 12:50:12 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\TuxGuitar.lnk
[2013.04.18 18:02:07 | 009,771,416 | ---- | M] () -- C:\Users\***\Desktop\econ251.zip
 
========== Files Created - No Company Name ==========
 
[2013.05.11 20:27:56 | 150,822,488 | ---- | C] () -- C:\Users\***\Desktop\vista_recover_x86.iso
[2013.05.09 22:51:36 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe
[2013.05.09 22:37:50 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.09 22:36:59 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.05.09 18:09:17 | 000,002,089 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.04.24 12:50:12 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\TuxGuitar.lnk
[2012.10.16 23:10:32 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.01 22:53:41 | 000,000,054 | ---- | C] () -- C:\Windows\NavWin.INI
[2012.09.01 22:53:16 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\G32_TICK.DLL
[2012.09.01 22:53:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\G32_rkey.dll
[2012.09.01 22:53:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\free_res.exe
[2012.08.03 17:45:40 | 000,000,008 | RH-- | C] () -- C:\Users\***\hwid
[2012.07.27 13:53:42 | 000,002,678 | ---- | C] () -- C:\Users\***\footer.php
[2012.07.25 20:58:40 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.25 20:51:49 | 000,000,043 | ---- | C] () -- C:\Windows\ib.ini
[2012.07.25 12:09:52 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2012.07.17 14:44:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.07 07:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.23 00:02:30 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\AbiSuite
[2012.07.20 20:36:10 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Amazon
[2012.07.17 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ESET
[2012.07.18 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\tradesignal
[2012.07.18 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AbiSuite
[2012.07.29 23:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.10.16 23:10:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CAD-KAS
[2012.08.18 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cyberduck
[2012.08.18 23:25:19 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\Cyberduck Updater AU
[2012.07.14 21:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESET
[2012.10.24 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.10.04 20:42:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hdbADS
[2013.04.10 12:08:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.10.04 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MrJobs
[2012.07.17 23:18:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\tradesignal
[2012.08.18 23:25:08 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\wyUpdate AU
[2013.02.07 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ESET
 
========== Purity Check ==========
 
 

< End of report >
         
Extra.Log

Code:
ATTFilter
OTL Extras logfile created on: 12.05.2013 00:30:39 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 78,94% Memory free
11,71 Gb Paging File | 10,34 Gb Available in Paging File | 88,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 332,14 Gb Free Space | 71,31% Space Free | Partition Type: NTFS
Drive D: | 452,23 Gb Total Space | 451,93 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{201EAA52-7636-4754-8C3A-703F59F9C74B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B5599D68-3D32-4609-98B2-A42CF8455987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{117F256A-7BDD-48EB-9B2E-D343F7347B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{19C9BC14-9B04-4C97-B654-A38749606C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4DC8CC4D-D649-4C13-8704-3FD3A251990A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5682DC96-DF67-4A3C-BB6A-AC378552DD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{811ED9E7-E2CA-41D9-AD64-5369C77B799C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{88ADA974-5783-4945-B06A-8396876A48C2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{36DD5DA9-7C9B-4169-BDDF-8430D33564AF}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"TCP Query User{6C177520-FC84-48D8-AD05-E8B9515262F2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{70AA0BF8-7C9D-43B1-B671-0577DD7529C0}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"TCP Query User{B9B9F485-FA29-437F-A524-A3E5E20FB542}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{CEA0A7B5-7830-4655-98C6-22EDD36753BF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{D82369DA-1A31-4A5B-8A7B-3B2A7A6ACDE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{DCB119F8-AA84-42A4-92B1-A775907551DA}C:\program files (x86)\coaa\planeplotter\planeplotter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\coaa\planeplotter\planeplotter.exe | 
"UDP Query User{6B19031E-6F11-46F0-994C-4B441FFA84A4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{75A6F61A-03A1-46C7-8CB3-ED7F0E4C57A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A11B0B8E-DBD1-409C-B33F-BE19E2CA546C}C:\program files (x86)\coaa\planeplotter\planeplotter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\coaa\planeplotter\planeplotter.exe | 
"UDP Query User{A207B887-4E5B-4665-97F9-7F998140D32C}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{E2BA7615-B7E5-4AD1-BA4D-5E3E0861BF99}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{E5EC6F7B-6CBC-4EA7-84C8-9EF41376FCB9}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"UDP Query User{FCA3A28D-ECA8-4163-90E2-0770BFBCF5F8}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA9F8C00-2674-476F-9836-0F3661A09A30}" = ESET Smart Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2735AEFA-57A5-44AD-81B6-BE30CA07C066}" = Tradesignal Online Chart
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{3C76A500-2852-4848-9555-1DB015ABD439}" = NinjaTrader 7
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{676D78AA-4FD4-405D-8872-E63052EF5716}" = Vodafone QuickStart Uninstaller
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}" = Network Recording Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ElsterFormular" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PSPad editor_is1" = PSPad editor
"Trader Workstation 4.0" = Trader Workstation 4.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Screencast-O-Matic" = Screencast-O-Matic
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.03.2013 23:53:30 | Computer Name = ***-VAIO | Source = Application Hang | ID = 1002
Description = Programm gimp-2.8.exe, Version 2.8.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ce4    Startzeit: 
01ce2e8c61f6ee56    Endzeit: 0    Anwendungspfad: C:\Program Files\GIMP 2\bin\gimp-2.8.exe

Berichts-ID:
 b3af9006-9a7f-11e2-983c-582c80139263  
 
Error - 03.04.2013 09:09:48 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 06.04.2013 06:11:05 | Computer Name = ***-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 10.6.3.25, Zeitstempel:
 0x4fd16377  Name des fehlerhaften Moduls: iTunes.dll, Version: 10.6.3.25, Zeitstempel:
 0x4fd1634f  Ausnahmecode: 0xc000041d  Fehleroffset: 0x001083a8  ID des fehlerhaften Prozesses:
 0x868  Startzeit der fehlerhaften Anwendung: 0x01ce329b4393e41c  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\iTunes\iTunes.dll  Berichtskennung: 4ab5dbdd-9ea2-11e2-9119-544249e95afc
 
Error - 07.04.2013 11:00:03 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 09.04.2013 10:09:39 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 14.04.2013 13:00:02 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 21.04.2013 16:29:02 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 28.04.2013 13:40:15 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 06.05.2013 13:00:33 | Computer Name = ***-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 07.05.2013 17:09:14 | Computer Name = ***-VAIO | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.6.3.25 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1268    Startzeit:
 01ce4b66fde845ae    Endzeit: 8    Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe

Berichts-ID:
   
 
[ System Events ]
Error - 01.05.2013 16:29:35 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?05.?2013 um 22:18:31 unerwartet heruntergefahren.
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 02.05.2013 18:54:41 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 03.05.2013 05:18:19 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?05.?2013 um 10:07:46 unerwartet heruntergefahren.
 
Error - 06.05.2013 16:59:33 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?05.?2013 um 20:27:21 unerwartet heruntergefahren.
 
Error - 09.05.2013 18:38:28 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11.05.2013 17:07:54 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?05.?2013 um 22:41:58 unerwartet heruntergefahren.
 
 
< End of report >
         


Alt 12.05.2013, 20:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Spyware.Passwords.XGen gefunden - gefährlich oder nicht?

Alt 13.05.2013, 00:13   #7
demika
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Et voilá:

Code:
ATTFilter
ComboFix 13-05-12.01 - *** 13.05.2013   0:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.5998.3687 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal Firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4C5D4C0C-D928-47AB-A55A-47ED21F4B841}.xps
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-12 bis 2013-05-12  ))))))))))))))))))))))))))))))
.
.
2013-05-12 17:35 . 2013-05-12 17:35	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{899668AE-7852-4A0C-B6AF-C7B0D879712E}\offreg.dll
2013-05-11 09:28 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{899668AE-7852-4A0C-B6AF-C7B0D879712E}\mpengine.dll
2013-05-09 22:37 . 2013-05-09 22:37	--------	d-----w-	c:\program files\ESET
2013-05-09 20:34 . 2013-05-09 21:59	--------	d-----w-	c:\users\***\virus
2013-04-25 10:25 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-24 14:48 . 2013-04-24 14:48	--------	d-----w-	C:\COAA
2013-04-24 10:50 . 2013-04-24 10:50	--------	d-----w-	c:\program files (x86)\TuxGuitar
2013-04-24 09:41 . 2013-04-24 09:41	--------	d-----w-	c:\users\***\.tuxguitar-1.2
2013-04-14 10:53 . 2013-04-14 10:53	--------	d-----w-	c:\users\***\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2012-07-14 18:28	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-25 10:23 . 2012-07-14 20:20	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-25 10:23 . 2012-07-14 20:20	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 08:14 . 2012-07-14 18:37	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-04-04 12:50 . 2012-07-17 15:36	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-03 14:20 . 2013-04-03 14:20	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-03 14:20 . 2013-04-03 14:20	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-03 14:20 . 2013-04-03 14:20	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-03 14:20 . 2013-04-03 14:20	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-03 14:20 . 2013-04-03 14:20	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-03 14:20 . 2013-04-03 14:20	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-03 14:20 . 2013-04-03 14:20	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-03 14:20 . 2013-04-03 14:20	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-03 14:20 . 2013-04-03 14:20	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-03 14:20 . 2013-04-03 14:20	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-03 14:20 . 2013-04-03 14:20	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-03 14:20 . 2013-04-03 14:20	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-03 14:20 . 2013-04-03 14:20	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-03 14:20 . 2013-04-03 14:20	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-03 14:20 . 2013-04-03 14:20	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-03 14:20 . 2013-04-03 14:20	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-03 14:20 . 2013-04-03 14:20	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-03 14:20 . 2013-04-03 14:20	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-03 14:20 . 2013-04-03 14:20	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-03 14:20 . 2013-04-03 14:20	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-03 14:20 . 2013-04-03 14:20	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-03 14:20 . 2013-04-03 14:20	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-03 14:20 . 2013-04-03 14:20	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-03 14:20 . 2013-04-03 14:20	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-03 14:20 . 2013-04-03 14:20	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-03 14:20 . 2013-04-03 14:20	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-03 14:20 . 2013-04-03 14:20	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-03 14:20 . 2013-04-03 14:20	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-03 14:20 . 2013-04-03 14:20	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-03 14:20 . 2013-04-03 14:20	441856	----a-w-	c:\windows\system32\html.iec
2013-04-03 14:20 . 2013-04-03 14:20	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-03 14:20 . 2013-04-03 14:20	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-03 14:20 . 2013-04-03 14:20	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-03 14:20 . 2013-04-03 14:20	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-03 14:20 . 2013-04-03 14:20	235008	----a-w-	c:\windows\system32\url.dll
2013-04-03 14:20 . 2013-04-03 14:20	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-03 14:20 . 2013-04-03 14:20	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-03 14:20 . 2013-04-03 14:20	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-03 14:20 . 2013-04-03 14:20	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-03 14:20 . 2013-04-03 14:20	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-03 14:20 . 2013-04-03 14:20	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-03 14:20 . 2013-04-03 14:20	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-03 14:20 . 2013-04-03 14:20	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-03 14:20 . 2013-04-03 14:20	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-03 14:20 . 2013-04-03 14:20	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-03 14:20 . 2013-04-03 14:20	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-03 14:20 . 2013-04-03 14:20	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-03 14:20 . 2013-04-03 14:20	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-03 14:20 . 2013-04-03 14:20	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-19 06:04 . 2013-04-10 08:09	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 08:09	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 08:09	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 08:09	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 08:09	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 08:09	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 08:10	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-21 10:30 . 2013-04-10 08:12	1766912	----a-w-	c:\windows\SysWow64\wininet.dll
2013-02-21 10:29 . 2013-04-10 08:12	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-02-21 10:29 . 2013-04-10 08:12	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-02-21 10:29 . 2013-04-10 08:12	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15 . 2013-04-10 08:12	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-02-21 10:15 . 2013-04-10 08:12	2240512	----a-w-	c:\windows\system32\wininet.dll
2013-02-21 10:14 . 2013-04-10 08:12	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-02-21 10:14 . 2013-04-10 08:12	19230208	----a-w-	c:\windows\system32\mshtml.dll
2013-02-21 10:14 . 2013-04-10 08:12	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-02-21 10:14 . 2013-04-10 08:12	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-02-21 10:14 . 2013-04-10 08:12	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-02-21 10:14 . 2013-04-10 08:12	855552	----a-w-	c:\windows\system32\jscript.dll
2013-02-21 10:14 . 2013-04-10 08:12	526336	----a-w-	c:\windows\system32\ieui.dll
2013-02-21 10:14 . 2013-04-10 08:12	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-02-21 10:14 . 2013-04-10 08:12	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-02-21 10:14 . 2013-04-10 08:12	2647040	----a-w-	c:\windows\system32\iertutil.dll
2013-02-21 10:14 . 2013-04-10 08:12	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-02-21 10:14 . 2013-04-10 08:12	15404544	----a-w-	c:\windows\system32\ieframe.dll
2013-02-19 12:01 . 2013-04-10 08:12	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-02-19 11:42 . 2013-04-10 08:12	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-19 11:10 . 2013-04-10 08:12	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51 . 2013-04-10 08:12	89600	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-02-14 10:21 . 2013-02-14 10:21	58416	----a-w-	c:\windows\system32\drivers\epfwwfp.sys
2013-02-14 10:21 . 2013-02-14 10:21	213416	----a-w-	c:\windows\system32\drivers\eamonm.sys
2013-02-12 05:45 . 2013-04-03 14:08	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-04-03 14:08	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-04-03 14:08	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-04-03 14:08	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-04-03 14:08	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-04-03 14:08	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-04-03 14:08	19968	----a-w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 04:12 . 2013-04-03 14:08	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2012-7-25 166518]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2013-1-29 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Vodafone Mobile Broadband QuickStart;Vodafone Mobile Broadband QuickStart Service;c:\programdata\MobileBroadbandQuickStartService\VMBQuickStartService.exe [2011-12-20 229216]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-21 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 202752]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [2010-09-08 94208]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-09-08 158976]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-09-15 402720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 10:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-28 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2040352]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bwuxnece.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-13  01:08:50
ComboFix-quarantined-files.txt  2013-05-12 23:08
.
Vor Suchlauf: 10 Verzeichnis(se), 363.151.544.320 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 364.938.752.000 Bytes frei
.
- - End Of File - - 76B7BA44975EABE65C18B8CF72187246
         

Alt 13.05.2013, 09:38   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.06.2013, 23:35   #9
demika
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Nabend,

sorry dass es so lange gedauert hat bis ich mich wieder melde.
Da die letzten Files nun ja schon etwas veraltet sind, habe ich nochmal mit Malwarebytes und OTL gescannt und die Files eingefügt. Außerdem die Logfiles vom MBAR und dem TDSS-Killer. aswMBR ist beim scannen immer abgestürzt, habe es viermal versucht (Meldung "aswMBR reagiert nicht mehr und muss geschlossen werden", also geschlossen und neu gestartet). Hat aber nichts gebracht...
Hier die Files:

Malwarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
**** :: ****-VAIO [Administrator]

09.06.2013 23:18:09
MBAM-log-2013-06-10 (00-30-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 438483
Laufzeit: 59 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\10b972.msi (Spyware.Passwords.XGen) -> Keine Aktion durchgeführt.

(Ende)
         
OTL

Code:
ATTFilter
OTL logfile created on: 09.06.2013 23:07:06 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,29 Gb Available Physical Memory | 73,22% Memory free
11,71 Gb Paging File | 9,94 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 340,27 Gb Free Space | 73,06% Space Free | Partition Type: NTFS
Drive D: | 452,23 Gb Total Space | 451,93 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ****-VAIO | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe ()
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Vodafone Mobile Broadband QuickStart) -- C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe ()
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B1acd747e-8470-11db-96a9-00e08161165f%7D:6.3.7.117
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.8
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2013.05.13 01:09:02 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.05.10 00:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 12:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 12:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.05.10 00:38:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 12:10:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 12:10:23 | 000,000,000 | ---D | M]
 
[2012.07.17 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2013.06.06 00:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions
[2012.09.02 17:14:26 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2012.09.07 12:45:35 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2013.04.23 09:42:47 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\anttoolbar@ant.com
[2013.04.06 18:59:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\ich@maltegoetz.de
[2013.05.25 18:10:13 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\extensions\firebug@software.joehewitt.com.xpi
[2013.05.06 23:06:09 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\extensions\nosquint@urandom.ca.xpi
[2013.06.06 00:05:53 | 000,030,759 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012.12.08 04:30:13 | 000,002,057 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\searchplugins\youtube-videosuche.xml
[2013.05.22 12:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.22 12:10:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.28 20:46:38 | 000,225,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
 
O1 HOSTS File: ([2013.05.13 01:00:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59805883-2722-43E0-B507-9AAB5A0EF770}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A732EBF7-4B28-4E77-AB6D-7D1558D0E532}: DhcpNameServer = 213.42.20.20 195.229.241.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B406F7F8-0931-4F50-9CAF-5AB186E2ACF4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F29072C8-C163-45FB-A9F4-3A03F4D18C5F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 22:46:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2013.06.09 11:58:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2013.06.08 23:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.08 21:57:19 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\mbar-1.06.0.1003
[2013.06.04 16:51:59 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Leuphana
[2013.05.22 12:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.16 00:11:07 | 009,195,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.14 23:14:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.14 23:14:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.14 23:14:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.14 23:14:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.14 23:14:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.14 23:14:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.14 23:14:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.14 23:14:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.14 23:14:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.14 23:14:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.14 23:14:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.14 23:14:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.14 23:14:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.14 23:14:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.14 23:14:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.14 23:13:01 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.14 23:13:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.14 23:13:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 23:12:45 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.14 23:12:44 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.14 23:12:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.14 23:12:44 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.14 17:11:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ImgBurn
[2013.05.14 17:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013.05.14 17:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013.05.14 13:27:18 | 000,000,000 | ---D | C] -- C:\Users\****\Studium - Ausbildung
[2013.05.14 13:24:02 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\tradesignalonline2
[2013.05.13 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Release
[2013.05.13 20:45:07 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner (3)
[2013.05.13 12:49:11 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner (2)
[2013.05.13 11:55:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.13 01:09:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.13 00:49:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.13 00:49:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.13 00:49:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.13 00:49:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.13 00:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.13 00:49:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.12 22:51:17 | 005,069,265 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2013.05.11 11:27:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 23:04:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 23:04:53 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 22:57:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 22:57:19 | 422,125,567 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 22:46:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2013.06.09 22:44:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 11:59:56 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2013.06.08 21:57:17 | 013,169,742 | ---- | M] () -- C:\Users\****\Desktop\mbar-1.06.0.1003.zip
[2013.06.08 21:48:46 | 011,390,298 | ---- | M] () -- C:\Users\****\Desktop\Howling (Âme Remix).mp3
[2013.05.30 17:22:28 | 000,346,578 | ---- | M] () -- C:\Users\****\Desktop\Deckblatt, Anschreiben, Lebenslauf (Ausbildung).pdf
[2013.05.26 12:24:18 | 000,000,931 | ---- | M] () -- C:\Users\****\Desktop\jsenglish.js
[2013.05.26 11:50:15 | 000,007,987 | ---- | M] () -- C:\Users\****\Desktop\english.php
[2013.05.24 23:08:35 | 108,039,114 | ---- | M] () -- C:\Users\****\Desktop\TRADERS_06.pdf
[2013.05.24 14:48:18 | 000,022,292 | ---- | M] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2013.05.22 22:56:16 | 000,019,800 | ---- | M] () -- C:\Users\****\Desktop\tab.png
[2013.05.22 22:52:39 | 002,944,448 | ---- | M] () -- C:\Users\****\Desktop\themeforest-168737-karma-clean-and-modern-wordpress-theme-wordpress_theme.zip
[2013.05.22 22:49:14 | 000,006,207 | ---- | M] () -- C:\Users\****\Desktop\theme-template-part-content-blog.php
[2013.05.19 22:42:39 | 052,382,087 | ---- | M] () -- C:\Users\****\Desktop\TRADERS_05.pdf
[2013.05.17 00:11:43 | 000,000,779 | ---- | M] () -- C:\Users\****\Desktop\exchangealphaemailsubscribers.csv
[2013.05.16 12:48:08 | 000,072,532 | ---- | M] () -- C:\Users\****\Desktop\Silber w1.png
[2013.05.16 12:35:29 | 000,120,505 | ---- | M] () -- C:\Users\****\Desktop\Silber d1.png
[2013.05.16 00:11:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.16 00:11:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.16 00:11:07 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.15 09:52:43 | 000,343,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.14 23:18:21 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.14 23:18:21 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.14 23:18:21 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.14 23:18:21 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.14 23:18:21 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.14 17:03:49 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.05.14 14:18:52 | 150,818,816 | ---- | M] () -- C:\Users\****\Desktop\vista_recover_x86.iso
[2013.05.14 13:23:54 | 000,228,197 | ---- | M] () -- C:\Users\****\Desktop\tradesignalonline2.zip
[2013.05.13 01:00:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.13 00:48:06 | 000,339,702 | ---- | M] () -- C:\Users\****\Unbenannt.xcf
[2013.05.13 00:33:31 | 000,093,326 | ---- | M] () -- C:\Users\****\Unbenannt.png
[2013.05.12 22:51:35 | 005,069,265 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
[2013.05.11 20:29:44 | 150,822,488 | ---- | M] () -- C:\Users\****\Desktop\vista_recover_x862.iso
[2013.05.11 11:28:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
 
========== Files Created - No Company Name ==========
 
[2013.06.08 21:57:00 | 013,169,742 | ---- | C] () -- C:\Users\****\Desktop\mbar-1.06.0.1003.zip
[2013.06.08 21:48:39 | 011,390,298 | ---- | C] () -- C:\Users\****\Desktop\Howling (Âme Remix).mp3
[2013.05.30 17:22:28 | 000,346,578 | ---- | C] () -- C:\Users\****\Desktop\Deckblatt, Anschreiben, Lebenslauf (Ausbildung).pdf
[2013.05.26 12:24:18 | 000,000,931 | ---- | C] () -- C:\Users\****\Desktop\jsenglish.js
[2013.05.26 11:50:13 | 000,007,987 | ---- | C] () -- C:\Users\****\Desktop\english.php
[2013.05.24 23:08:33 | 108,039,114 | ---- | C] () -- C:\Users\****\Desktop\TRADERS_06.pdf
[2013.05.24 14:48:18 | 000,022,292 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2013.05.22 22:56:16 | 000,019,800 | ---- | C] () -- C:\Users\****\Desktop\tab.png
[2013.05.22 22:40:35 | 000,006,207 | ---- | C] () -- C:\Users\****\Desktop\theme-template-part-content-blog.php
[2013.05.22 22:33:05 | 002,944,448 | ---- | C] () -- C:\Users\****\Desktop\themeforest-168737-karma-clean-and-modern-wordpress-theme-wordpress_theme.zip
[2013.05.19 22:42:38 | 052,382,087 | ---- | C] () -- C:\Users\****\Desktop\TRADERS_05.pdf
[2013.05.17 00:11:42 | 000,000,779 | ---- | C] () -- C:\Users\****\Desktop\exchangealphaemailsubscribers.csv
[2013.05.16 12:45:28 | 000,072,532 | ---- | C] () -- C:\Users\****\Desktop\Silber w1.png
[2013.05.16 12:35:29 | 000,120,505 | ---- | C] () -- C:\Users\****\Desktop\Silber d1.png
[2013.05.14 17:03:49 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013.05.14 17:03:49 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.05.14 13:23:53 | 000,228,197 | ---- | C] () -- C:\Users\****\Desktop\tradesignalonline2.zip
[2013.05.13 00:49:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.13 00:49:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.13 00:49:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.13 00:49:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.13 00:49:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.13 00:48:06 | 000,339,702 | ---- | C] () -- C:\Users\****\Unbenannt.xcf
[2013.05.13 00:32:13 | 000,093,326 | ---- | C] () -- C:\Users\****\Unbenannt.png
[2013.05.11 20:27:56 | 150,822,488 | ---- | C] () -- C:\Users\****\Desktop\vista_recover_x862.iso
[2013.05.11 20:27:56 | 150,818,816 | ---- | C] () -- C:\Users\****\Desktop\vista_recover_x86.iso
[2013.05.09 22:37:50 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.10.16 23:10:32 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.01 22:53:41 | 000,000,054 | ---- | C] () -- C:\Windows\NavWin.INI
[2012.09.01 22:53:16 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\G32_TICK.DLL
[2012.09.01 22:53:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\G32_rkey.dll
[2012.09.01 22:53:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\free_res.exe
[2012.08.03 17:45:40 | 000,000,008 | RH-- | C] () -- C:\Users\****\hwid
[2012.07.27 13:53:42 | 000,002,678 | ---- | C] () -- C:\Users\****\footer.php
[2012.07.25 20:58:40 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.25 20:51:49 | 000,000,043 | ---- | C] () -- C:\Windows\ib.ini
[2012.07.25 12:09:52 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2012.07.17 14:44:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.07 07:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.23 00:02:30 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\AbiSuite
[2012.07.20 20:36:10 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Amazon
[2012.07.17 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ESET
[2012.07.18 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\tradesignal
[2012.07.18 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AbiSuite
[2012.07.29 23:18:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2012.10.16 23:10:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CAD-KAS
[2012.08.18 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cyberduck
[2012.08.18 23:25:19 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\Cyberduck Updater AU
[2012.07.14 21:48:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2012.10.24 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2012.10.04 20:42:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\hdbADS
[2013.05.14 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ImgBurn
[2013.04.10 12:08:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IrfanView
[2012.10.04 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MrJobs
[2012.07.17 23:18:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\tradesignal
[2012.08.18 23:25:08 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\wyUpdate AU
[2013.02.07 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ESET
 
========== Purity Check ==========
 
 

< End of report >
         
OTL extra

Code:
ATTFilter
OTL Extras logfile created on: 09.06.2013 23:07:06 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,29 Gb Available Physical Memory | 73,22% Memory free
11,71 Gb Paging File | 9,94 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 340,27 Gb Free Space | 73,06% Space Free | Partition Type: NTFS
Drive D: | 452,23 Gb Total Space | 451,93 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ****-VAIO | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{201EAA52-7636-4754-8C3A-703F59F9C74B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B5599D68-3D32-4609-98B2-A42CF8455987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{117F256A-7BDD-48EB-9B2E-D343F7347B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{19C9BC14-9B04-4C97-B654-A38749606C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4DC8CC4D-D649-4C13-8704-3FD3A251990A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5682DC96-DF67-4A3C-BB6A-AC378552DD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{811ED9E7-E2CA-41D9-AD64-5369C77B799C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{88ADA974-5783-4945-B06A-8396876A48C2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{36DD5DA9-7C9B-4169-BDDF-8430D33564AF}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"TCP Query User{6C177520-FC84-48D8-AD05-E8B9515262F2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{70AA0BF8-7C9D-43B1-B671-0577DD7529C0}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"TCP Query User{B9B9F485-FA29-437F-A524-A3E5E20FB542}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{CEA0A7B5-7830-4655-98C6-22EDD36753BF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{D82369DA-1A31-4A5B-8A7B-3B2A7A6ACDE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{DCB119F8-AA84-42A4-92B1-A775907551DA}C:\program files (x86)\coaa\planeplotter\planeplotter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\coaa\planeplotter\planeplotter.exe | 
"UDP Query User{6B19031E-6F11-46F0-994C-4B441FFA84A4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{75A6F61A-03A1-46C7-8CB3-ED7F0E4C57A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A11B0B8E-DBD1-409C-B33F-BE19E2CA546C}C:\program files (x86)\coaa\planeplotter\planeplotter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\coaa\planeplotter\planeplotter.exe | 
"UDP Query User{A207B887-4E5B-4665-97F9-7F998140D32C}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{E2BA7615-B7E5-4AD1-BA4D-5E3E0861BF99}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{E5EC6F7B-6CBC-4EA7-84C8-9EF41376FCB9}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"UDP Query User{FCA3A28D-ECA8-4163-90E2-0770BFBCF5F8}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA9F8C00-2674-476F-9836-0F3661A09A30}" = ESET Smart Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2735AEFA-57A5-44AD-81B6-BE30CA07C066}" = Tradesignal Online Chart
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{3C76A500-2852-4848-9555-1DB015ABD439}" = NinjaTrader 7
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{676D78AA-4FD4-405D-8872-E63052EF5716}" = Vodafone QuickStart Uninstaller
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}" = Network Recording Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ElsterFormular" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PSPad editor_is1" = PSPad editor
"Trader Workstation 4.0" = Trader Workstation 4.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Screencast-O-Matic" = Screencast-O-Matic
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.05.2013 16:43:16 | Computer Name = ****-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 26.05.2013 16:18:53 | Computer Name = ****-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 31.05.2013 10:37:30 | Computer Name = ****-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec3cc  Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
 Zeitstempel: 0x518ec306  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c9789  ID des fehlerhaften
 Prozesses: 0xc10  Startzeit der fehlerhaften Anwendung: 0x01ce5debd0184fd7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 9f20187f-c9ff-11e2-ad3e-c0cb38edcfc5
 
Error - 01.06.2013 16:28:47 | Computer Name = ****-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Acrobat.exe, Version: 7.0.0.1333,
 Zeitstempel: 0x41bee038  Name des fehlerhaften Moduls: Acrobat.dll, Version: 7.0.0.1333,
 Zeitstempel: 0x41bede9b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00016d2b  ID des fehlerhaften
 Prozesses: 0x1058  Startzeit der fehlerhaften Anwendung: 0x01ce5f069a8e18f0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Acrobat.dll
Berichtskennung:
 dc1b7ea3-caf9-11e2-937a-c0cb38edcfc5
 
Error - 01.06.2013 16:28:49 | Computer Name = ****-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Acrobat.exe, Version: 7.0.0.1333,
 Zeitstempel: 0x41bee038  Name des fehlerhaften Moduls: Multimedia.api, Version: 7.0.0.1333,
 Zeitstempel: 0x41bedef3  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00064aa2  ID des fehlerhaften
 Prozesses: 0x1058  Startzeit der fehlerhaften Anwendung: 0x01ce5f069a8e18f0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\plug_ins\Multimedia.api
Berichtskennung:
 dd462052-caf9-11e2-937a-c0cb38edcfc5
 
Error - 02.06.2013 17:15:05 | Computer Name = ****-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 09.06.2013 11:14:22 | Computer Name = ****-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0x34e4  Startzeit der fehlerhaften Anwendung: 0x01ce64f81ef37f12  Pfad der
 fehlerhaften Anwendung: C:\Users\****\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 43452b71-d117-11e2-aa39-c0cb38edcfc5
 
Error - 09.06.2013 12:28:18 | Computer Name = ****-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften
 Prozesses: 0xad0  Startzeit der fehlerhaften Anwendung: 0x01ce652da2ce2c5d  Pfad der
 fehlerhaften Anwendung: C:\Users\****\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 975e78b3-d121-11e2-aa39-c0cb38edcfc5
 
Error - 09.06.2013 13:00:03 | Computer Name = ****-VAIO | Source = Windows Backup | ID = 4103
Description = 
 
Error - 09.06.2013 13:26:34 | Computer Name = ****-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, 
Zeitstempel: 0x5147644e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e41b  ID des fehlerhaften
 Prozesses: 0x1cb8  Startzeit der fehlerhaften Anwendung: 0x01ce6535e8c7bf8a  Pfad der
 fehlerhaften Anwendung: C:\Users\****\Desktop\aswMBR.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: bb103700-d129-11e2-aa39-c0cb38edcfc5
 
[ System Events ]
Error - 17.05.2013 15:32:27 | Computer Name = ****-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?05.?2013 um 21:24:58 unerwartet heruntergefahren.
 
Error - 20.05.2013 17:59:05 | Computer Name = ****-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?05.?2013 um 23:48:28 unerwartet heruntergefahren.
 
Error - 24.05.2013 06:00:36 | Computer Name = ****-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?05.?2013 um 00:36:47 unerwartet heruntergefahren.
 
Error - 28.05.2013 08:34:53 | Computer Name = ****-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?05.?2013 um 13:25:51 unerwartet heruntergefahren.
 
Error - 28.05.2013 18:17:04 | Computer Name = ****-VAIO | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 29.05.2013 09:04:33 | Computer Name = ****-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?05.?2013 um 14:46:46 unerwartet heruntergefahren.
 
Error - 29.05.2013 16:02:12 | Computer Name = ****-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?05.?2013 um 15:49:22 unerwartet heruntergefahren.
 
Error - 31.05.2013 10:37:40 | Computer Name = ****-VAIO | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%50    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 31.05.2013 10:37:40 | Computer Name = ****-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 04.06.2013 08:08:07 | Computer Name = ****-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?06.?2013 um 13:32:45 unerwartet heruntergefahren.
 
 
< End of report >
         
MBAR

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
***** :: *****-VAIO [administrator]

08.06.2013 23:44:36
mbar-log-2013-06-08 (23-44-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 282205
Time elapsed: 17 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Viele Grüße

Alt 09.06.2013, 23:36   #10
demika
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Da der Post sonst zu lang geworden wäre, hier der aswMBR File:

aswMBR

Code:
ATTFilter
22:53:46.0143 7528  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:53:46.0237 7528  ============================================================
22:53:46.0237 7528  Current date / time: 2013/06/09 22:53:46.0237
22:53:46.0237 7528  SystemInfo:
22:53:46.0237 7528  
22:53:46.0237 7528  OS Version: 6.1.7601 ServicePack: 1.0
22:53:46.0237 7528  Product type: Workstation
22:53:46.0237 7528  ComputerName: ****-VAIO
22:53:46.0238 7528  UserName: ****
22:53:46.0238 7528  Windows directory: C:\Windows
22:53:46.0238 7528  System windows directory: C:\Windows
22:53:46.0238 7528  Running under WOW64
22:53:46.0238 7528  Processor architecture: Intel x64
22:53:46.0238 7528  Number of processors: 4
22:53:46.0238 7528  Page size: 0x1000
22:53:46.0238 7528  Boot type: Normal boot
22:53:46.0238 7528  ============================================================
22:53:47.0557 7528  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:53:47.0573 7528  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:53:47.0598 7528  ============================================================
22:53:47.0598 7528  \Device\Harddisk0\DR0:
22:53:47.0599 7528  MBR partitions:
22:53:47.0599 7528  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1ADE800, BlocksNum 0x32000
22:53:47.0599 7528  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B10800, BlocksNum 0x38875030
22:53:47.0599 7528  \Device\Harddisk1\DR1:
22:53:47.0599 7528  MBR partitions:
22:53:47.0607 7528  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0x3A384800
22:53:47.0608 7528  ============================================================
22:53:47.0653 7528  C: <-> \Device\Harddisk1\DR1\Partition1
22:53:48.0018 7528  D: <-> \Device\Harddisk0\DR0\Partition2
22:53:48.0018 7528  ============================================================
22:53:48.0018 7528  Initialize success
22:53:48.0018 7528  ============================================================
22:53:55.0840 10236  ============================================================
22:53:55.0840 10236  Scan started
22:53:55.0840 10236  Mode: Manual; SigCheck; TDLFS; 
22:53:55.0840 10236  ============================================================
22:53:57.0027 10236  ================ Scan system memory ========================
22:53:57.0027 10236  System memory - ok
22:53:57.0028 10236  ================ Scan services =============================
22:53:57.0185 10236  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:53:57.0289 10236  1394ohci - ok
22:53:57.0348 10236  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:53:57.0383 10236  ACPI - ok
22:53:57.0424 10236  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:53:57.0485 10236  AcpiPmi - ok
22:53:57.0612 10236  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:53:57.0633 10236  AdobeARMservice - ok
22:53:57.0779 10236  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:53:57.0803 10236  AdobeFlashPlayerUpdateSvc - ok
22:53:57.0859 10236  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:53:57.0886 10236  adp94xx - ok
22:53:57.0929 10236  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:53:57.0964 10236  adpahci - ok
22:53:58.0000 10236  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:53:58.0028 10236  adpu320 - ok
22:53:58.0070 10236  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:53:58.0214 10236  AeLookupSvc - ok
22:53:58.0262 10236  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:53:58.0319 10236  AFD - ok
22:53:58.0362 10236  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:53:58.0378 10236  agp440 - ok
22:53:58.0409 10236  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:53:58.0476 10236  ALG - ok
22:53:58.0501 10236  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:53:58.0520 10236  aliide - ok
22:53:58.0550 10236  [ 3F9B03B72577A6A7405BF30801CBD159 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:53:58.0617 10236  AMD External Events Utility - ok
22:53:58.0656 10236  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:53:58.0678 10236  amdide - ok
22:53:58.0714 10236  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:53:58.0757 10236  AmdK8 - ok
22:53:58.0930 10236  [ EA244A8B88DE8B5986BF3B7903B063AF ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:53:59.0154 10236  amdkmdag - ok
22:53:59.0198 10236  [ DCA6E341A4A7C31EA8A14C6166C9B249 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:53:59.0232 10236  amdkmdap - ok
22:53:59.0255 10236  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:53:59.0300 10236  AmdPPM - ok
22:53:59.0352 10236  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:53:59.0373 10236  amdsata - ok
22:53:59.0433 10236  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:53:59.0462 10236  amdsbs - ok
22:53:59.0479 10236  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:53:59.0489 10236  amdxata - ok
22:53:59.0542 10236  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:53:59.0638 10236  AppID - ok
22:53:59.0660 10236  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:53:59.0723 10236  AppIDSvc - ok
22:53:59.0811 10236  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:53:59.0857 10236  Appinfo - ok
22:53:59.0924 10236  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:53:59.0941 10236  Apple Mobile Device - ok
22:54:00.0003 10236  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:54:00.0026 10236  arc - ok
22:54:00.0044 10236  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:54:00.0058 10236  arcsas - ok
22:54:00.0085 10236  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:54:00.0132 10236  AsyncMac - ok
22:54:00.0173 10236  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:54:00.0184 10236  atapi - ok
22:54:00.0237 10236  [ 8C56E93749BA53A4B645963D3439E01E ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:54:00.0310 10236  athr - ok
22:54:00.0399 10236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:54:00.0495 10236  AudioEndpointBuilder - ok
22:54:00.0519 10236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:54:00.0557 10236  AudioSrv - ok
22:54:00.0602 10236  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:54:00.0692 10236  AxInstSV - ok
22:54:00.0722 10236  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:54:00.0799 10236  b06bdrv - ok
22:54:00.0835 10236  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:54:00.0882 10236  b57nd60a - ok
22:54:00.0929 10236  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:54:00.0966 10236  BDESVC - ok
22:54:00.0998 10236  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:54:01.0097 10236  Beep - ok
22:54:01.0162 10236  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:54:01.0230 10236  BFE - ok
22:54:01.0288 10236  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
22:54:01.0433 10236  BITS - ok
22:54:01.0471 10236  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:54:01.0507 10236  blbdrive - ok
22:54:01.0541 10236  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:54:01.0565 10236  bowser - ok
22:54:01.0596 10236  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:54:01.0715 10236  BrFiltLo - ok
22:54:01.0731 10236  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:54:01.0750 10236  BrFiltUp - ok
22:54:01.0798 10236  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:54:01.0864 10236  BridgeMP - ok
22:54:01.0922 10236  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:54:01.0978 10236  Browser - ok
22:54:02.0026 10236  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:54:02.0074 10236  Brserid - ok
22:54:02.0080 10236  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:54:02.0119 10236  BrSerWdm - ok
22:54:02.0133 10236  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:54:02.0200 10236  BrUsbMdm - ok
22:54:02.0205 10236  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:54:02.0231 10236  BrUsbSer - ok
22:54:02.0287 10236  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:54:02.0358 10236  BthEnum - ok
22:54:02.0381 10236  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:54:02.0408 10236  BTHMODEM - ok
22:54:02.0442 10236  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:54:02.0483 10236  BthPan - ok
22:54:02.0536 10236  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:54:02.0609 10236  BTHPORT - ok
22:54:02.0634 10236  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:54:02.0686 10236  bthserv - ok
22:54:02.0730 10236  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:54:02.0759 10236  BTHUSB - ok
22:54:02.0817 10236  catchme - ok
22:54:02.0849 10236  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:54:02.0905 10236  cdfs - ok
22:54:02.0958 10236  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:54:02.0997 10236  cdrom - ok
22:54:03.0054 10236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:54:03.0120 10236  CertPropSvc - ok
22:54:03.0148 10236  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:54:03.0167 10236  circlass - ok
22:54:03.0200 10236  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:54:03.0221 10236  CLFS - ok
22:54:03.0317 10236  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:03.0336 10236  clr_optimization_v2.0.50727_32 - ok
22:54:03.0380 10236  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:54:03.0401 10236  clr_optimization_v2.0.50727_64 - ok
22:54:03.0468 10236  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:03.0488 10236  clr_optimization_v4.0.30319_32 - ok
22:54:03.0537 10236  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:54:03.0554 10236  clr_optimization_v4.0.30319_64 - ok
22:54:03.0577 10236  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:54:03.0603 10236  CmBatt - ok
22:54:03.0623 10236  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:54:03.0638 10236  cmdide - ok
22:54:03.0672 10236  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
22:54:03.0705 10236  CNG - ok
22:54:03.0740 10236  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:54:03.0750 10236  Compbatt - ok
22:54:03.0784 10236  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:54:03.0825 10236  CompositeBus - ok
22:54:03.0837 10236  COMSysApp - ok
22:54:03.0860 10236  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:54:03.0873 10236  crcdisk - ok
22:54:03.0920 10236  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:54:03.0967 10236  CryptSvc - ok
22:54:04.0037 10236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:54:04.0110 10236  DcomLaunch - ok
22:54:04.0147 10236  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:54:04.0216 10236  defragsvc - ok
22:54:04.0261 10236  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:54:04.0316 10236  DfsC - ok
22:54:04.0371 10236  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:54:04.0413 10236  Dhcp - ok
22:54:04.0454 10236  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:54:04.0518 10236  discache - ok
22:54:04.0545 10236  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:54:04.0557 10236  Disk - ok
22:54:04.0581 10236  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:54:04.0598 10236  Dnscache - ok
22:54:04.0641 10236  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:54:04.0723 10236  dot3svc - ok
22:54:04.0769 10236  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:54:04.0848 10236  DPS - ok
22:54:04.0899 10236  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:54:04.0927 10236  drmkaud - ok
22:54:04.0977 10236  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:54:05.0002 10236  DXGKrnl - ok
22:54:05.0065 10236  [ 398904F1FBF13CEF0FCB822E9CA5F2D5 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
22:54:05.0095 10236  eamonm - ok
22:54:05.0127 10236  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:54:05.0183 10236  EapHost - ok
22:54:05.0311 10236  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:54:05.0407 10236  ebdrv - ok
22:54:05.0434 10236  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:54:05.0463 10236  EFS - ok
22:54:05.0517 10236  [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
22:54:05.0540 10236  ehdrv - ok
22:54:05.0619 10236  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:54:05.0716 10236  ehRecvr - ok
22:54:05.0751 10236  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:54:05.0802 10236  ehSched - ok
22:54:05.0937 10236  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
22:54:06.0012 10236  ekrn - ok
22:54:06.0038 10236  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:54:06.0062 10236  elxstor - ok
22:54:06.0129 10236  [ 392EC4EA0C265F5BC50D057BEAA593CD ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
22:54:06.0155 10236  epfw - ok
22:54:06.0175 10236  [ 0C9EC63C5BAE9506161F14B8A5C10280 ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
22:54:06.0188 10236  EpfwLWF - ok
22:54:06.0222 10236  [ AD03E0C95E750F3FBE84EDA87B2C4E08 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
22:54:06.0241 10236  epfwwfp - ok
22:54:06.0262 10236  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:54:06.0297 10236  ErrDev - ok
22:54:06.0354 10236  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:54:06.0424 10236  EventSystem - ok
22:54:06.0454 10236  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:54:06.0507 10236  exfat - ok
22:54:06.0532 10236  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:54:06.0570 10236  fastfat - ok
22:54:06.0624 10236  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:54:06.0692 10236  Fax - ok
22:54:06.0711 10236  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:54:06.0728 10236  fdc - ok
22:54:06.0764 10236  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:54:06.0832 10236  fdPHost - ok
22:54:06.0850 10236  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:54:06.0901 10236  FDResPub - ok
22:54:06.0924 10236  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:54:06.0937 10236  FileInfo - ok
22:54:06.0957 10236  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:54:07.0018 10236  Filetrace - ok
22:54:07.0034 10236  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:54:07.0046 10236  flpydisk - ok
22:54:07.0086 10236  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:54:07.0117 10236  FltMgr - ok
22:54:07.0177 10236  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:54:07.0237 10236  FontCache - ok
22:54:07.0319 10236  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:54:07.0338 10236  FontCache3.0.0.0 - ok
22:54:07.0365 10236  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:54:07.0387 10236  FsDepends - ok
22:54:07.0415 10236  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:54:07.0430 10236  Fs_Rec - ok
22:54:07.0485 10236  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:54:07.0528 10236  fvevol - ok
22:54:07.0539 10236  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:54:07.0551 10236  gagp30kx - ok
22:54:07.0583 10236  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:54:07.0593 10236  GEARAspiWDM - ok
22:54:07.0648 10236  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:54:07.0744 10236  gpsvc - ok
22:54:07.0780 10236  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:54:07.0829 10236  hcw85cir - ok
22:54:07.0926 10236  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:54:07.0988 10236  HdAudAddService - ok
22:54:08.0082 10236  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:54:08.0124 10236  HDAudBus - ok
22:54:08.0151 10236  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:54:08.0167 10236  HECIx64 - ok
22:54:08.0192 10236  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:54:08.0220 10236  HidBatt - ok
22:54:08.0226 10236  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:54:08.0253 10236  HidBth - ok
22:54:08.0257 10236  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:54:08.0291 10236  HidIr - ok
22:54:08.0321 10236  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
22:54:08.0375 10236  hidserv - ok
22:54:08.0435 10236  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:54:08.0455 10236  HidUsb - ok
22:54:08.0492 10236  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:54:08.0580 10236  hkmsvc - ok
22:54:08.0638 10236  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:54:08.0683 10236  HomeGroupListener - ok
22:54:08.0730 10236  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:54:08.0768 10236  HomeGroupProvider - ok
22:54:08.0805 10236  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:54:08.0820 10236  HpSAMD - ok
22:54:08.0875 10236  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:54:08.0959 10236  HTTP - ok
22:54:08.0981 10236  hwdatacard - ok
22:54:09.0016 10236  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:54:09.0027 10236  hwpolicy - ok
22:54:09.0087 10236  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:54:09.0112 10236  i8042prt - ok
22:54:09.0149 10236  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:54:09.0184 10236  iaStorV - ok
22:54:09.0249 10236  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:54:09.0311 10236  idsvc - ok
22:54:09.0337 10236  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:54:09.0351 10236  iirsp - ok
22:54:09.0394 10236  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:54:09.0483 10236  IKEEXT - ok
22:54:09.0536 10236  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
22:54:09.0563 10236  Impcd - ok
22:54:09.0660 10236  [ 526E482AFB586CB1CDD687869DECF686 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:54:09.0754 10236  IntcAzAudAddService - ok
22:54:09.0784 10236  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:54:09.0805 10236  intelide - ok
22:54:09.0851 10236  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:54:09.0926 10236  intelppm - ok
22:54:10.0011 10236  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:54:10.0129 10236  IPBusEnum - ok
22:54:10.0163 10236  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:54:10.0225 10236  IpFilterDriver - ok
22:54:10.0269 10236  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:54:10.0318 10236  iphlpsvc - ok
22:54:10.0361 10236  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:54:10.0398 10236  IPMIDRV - ok
22:54:10.0432 10236  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:54:10.0497 10236  IPNAT - ok
22:54:10.0528 10236  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:54:10.0566 10236  iPod Service - ok
22:54:10.0610 10236  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:54:10.0654 10236  IRENUM - ok
22:54:10.0668 10236  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:54:10.0680 10236  isapnp - ok
22:54:10.0714 10236  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:54:10.0745 10236  iScsiPrt - ok
22:54:10.0773 10236  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:54:10.0795 10236  kbdclass - ok
22:54:10.0839 10236  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:54:10.0874 10236  kbdhid - ok
22:54:10.0892 10236  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:54:10.0912 10236  KeyIso - ok
22:54:10.0940 10236  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:54:10.0962 10236  KSecDD - ok
22:54:11.0003 10236  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:54:11.0027 10236  KSecPkg - ok
22:54:11.0064 10236  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:54:11.0133 10236  ksthunk - ok
22:54:11.0176 10236  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:54:11.0262 10236  KtmRm - ok
22:54:11.0308 10236  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:54:11.0383 10236  LanmanServer - ok
22:54:11.0418 10236  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:54:11.0464 10236  LanmanWorkstation - ok
22:54:11.0491 10236  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:54:11.0538 10236  lltdio - ok
22:54:11.0572 10236  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:54:11.0628 10236  lltdsvc - ok
22:54:11.0648 10236  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:54:11.0683 10236  lmhosts - ok
22:54:11.0726 10236  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:54:11.0740 10236  LSI_FC - ok
22:54:11.0749 10236  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:54:11.0763 10236  LSI_SAS - ok
22:54:11.0779 10236  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:54:11.0790 10236  LSI_SAS2 - ok
22:54:11.0806 10236  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:54:11.0820 10236  LSI_SCSI - ok
22:54:11.0838 10236  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:54:11.0877 10236  luafv - ok
22:54:11.0908 10236  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:54:11.0947 10236  Mcx2Svc - ok
22:54:11.0956 10236  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:54:11.0975 10236  megasas - ok
22:54:11.0998 10236  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:54:12.0017 10236  MegaSR - ok
22:54:12.0064 10236  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:54:12.0144 10236  MMCSS - ok
22:54:12.0155 10236  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:54:12.0203 10236  Modem - ok
22:54:12.0233 10236  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:54:12.0270 10236  monitor - ok
22:54:12.0309 10236  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:54:12.0331 10236  mouclass - ok
22:54:12.0370 10236  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:54:12.0404 10236  mouhid - ok
22:54:12.0448 10236  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:54:12.0470 10236  mountmgr - ok
22:54:12.0540 10236  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:54:12.0563 10236  MozillaMaintenance - ok
22:54:12.0608 10236  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:54:12.0634 10236  mpio - ok
22:54:12.0660 10236  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:54:12.0722 10236  mpsdrv - ok
22:54:12.0779 10236  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:54:12.0876 10236  MpsSvc - ok
22:54:12.0915 10236  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:54:12.0964 10236  MRxDAV - ok
22:54:13.0003 10236  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:54:13.0043 10236  mrxsmb - ok
22:54:13.0064 10236  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:54:13.0099 10236  mrxsmb10 - ok
22:54:13.0133 10236  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:54:13.0167 10236  mrxsmb20 - ok
22:54:13.0203 10236  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:54:13.0223 10236  msahci - ok
22:54:13.0247 10236  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:54:13.0264 10236  msdsm - ok
22:54:13.0286 10236  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:54:13.0305 10236  MSDTC - ok
22:54:13.0343 10236  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:54:13.0388 10236  Msfs - ok
22:54:13.0418 10236  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:54:13.0453 10236  mshidkmdf - ok
22:54:13.0485 10236  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:54:13.0495 10236  msisadrv - ok
22:54:13.0522 10236  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:54:13.0586 10236  MSiSCSI - ok
22:54:13.0590 10236  msiserver - ok
22:54:13.0613 10236  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:54:13.0662 10236  MSKSSRV - ok
22:54:13.0672 10236  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:54:13.0718 10236  MSPCLOCK - ok
22:54:13.0733 10236  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:54:13.0777 10236  MSPQM - ok
22:54:13.0815 10236  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:54:13.0848 10236  MsRPC - ok
22:54:13.0889 10236  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:54:13.0911 10236  mssmbios - ok
22:54:13.0934 10236  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:54:13.0995 10236  MSTEE - ok
22:54:13.0999 10236  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:54:14.0023 10236  MTConfig - ok
22:54:14.0053 10236  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:54:14.0067 10236  Mup - ok
22:54:14.0106 10236  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:54:14.0197 10236  napagent - ok
22:54:14.0248 10236  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:54:14.0297 10236  NativeWifiP - ok
22:54:14.0367 10236  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:54:14.0426 10236  NDIS - ok
22:54:14.0454 10236  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:54:14.0500 10236  NdisCap - ok
22:54:14.0518 10236  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:54:14.0564 10236  NdisTapi - ok
22:54:14.0603 10236  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:54:14.0671 10236  Ndisuio - ok
22:54:14.0715 10236  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:54:14.0779 10236  NdisWan - ok
22:54:14.0809 10236  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:54:14.0873 10236  NDProxy - ok
22:54:14.0932 10236  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
22:54:14.0960 10236  Netaapl - ok
22:54:14.0990 10236  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:54:15.0049 10236  NetBIOS - ok
22:54:15.0130 10236  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:54:15.0199 10236  NetBT - ok
22:54:15.0206 10236  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:54:15.0217 10236  Netlogon - ok
22:54:15.0247 10236  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:54:15.0300 10236  Netman - ok
22:54:15.0319 10236  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:54:15.0415 10236  netprofm - ok
22:54:15.0436 10236  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:54:15.0447 10236  NetTcpPortSharing - ok
22:54:15.0474 10236  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:54:15.0485 10236  nfrd960 - ok
22:54:15.0520 10236  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:54:15.0563 10236  NlaSvc - ok
22:54:15.0577 10236  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:54:15.0618 10236  Npfs - ok
22:54:15.0649 10236  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:54:15.0715 10236  nsi - ok
22:54:15.0732 10236  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:54:15.0783 10236  nsiproxy - ok
22:54:15.0859 10236  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:54:15.0948 10236  Ntfs - ok
22:54:15.0969 10236  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:54:16.0030 10236  Null - ok
22:54:16.0085 10236  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:54:16.0109 10236  nvraid - ok
22:54:16.0128 10236  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:54:16.0145 10236  nvstor - ok
22:54:16.0155 10236  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:54:16.0167 10236  nv_agp - ok
22:54:16.0179 10236  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:54:16.0207 10236  ohci1394 - ok
22:54:16.0275 10236  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:16.0297 10236  ose - ok
22:54:16.0486 10236  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:54:16.0660 10236  osppsvc - ok
22:54:16.0686 10236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:54:16.0705 10236  p2pimsvc - ok
22:54:16.0740 10236  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:54:16.0774 10236  p2psvc - ok
22:54:16.0798 10236  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:54:16.0814 10236  Parport - ok
22:54:16.0832 10236  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:54:16.0847 10236  partmgr - ok
22:54:16.0861 10236  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:54:16.0891 10236  PcaSvc - ok
22:54:16.0906 10236  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:54:16.0921 10236  pci - ok
22:54:16.0956 10236  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:54:16.0977 10236  pciide - ok
22:54:17.0010 10236  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:54:17.0039 10236  pcmcia - ok
22:54:17.0061 10236  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:54:17.0073 10236  pcw - ok
22:54:17.0092 10236  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:54:17.0163 10236  PEAUTH - ok
22:54:17.0249 10236  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:54:17.0285 10236  PerfHost - ok
22:54:17.0358 10236  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:54:17.0481 10236  pla - ok
22:54:17.0521 10236  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:54:17.0557 10236  PlugPlay - ok
22:54:17.0577 10236  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:54:17.0604 10236  PNRPAutoReg - ok
22:54:17.0621 10236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:54:17.0635 10236  PNRPsvc - ok
22:54:17.0685 10236  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:54:17.0775 10236  PolicyAgent - ok
22:54:17.0802 10236  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:54:17.0847 10236  Power - ok
22:54:17.0888 10236  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:54:17.0941 10236  PptpMiniport - ok
22:54:17.0955 10236  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:54:17.0982 10236  Processor - ok
22:54:18.0008 10236  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:54:18.0035 10236  ProfSvc - ok
22:54:18.0046 10236  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:54:18.0060 10236  ProtectedStorage - ok
22:54:18.0105 10236  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:54:18.0170 10236  Psched - ok
22:54:18.0238 10236  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:54:18.0317 10236  ql2300 - ok
22:54:18.0332 10236  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:54:18.0345 10236  ql40xx - ok
22:54:18.0372 10236  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:54:18.0405 10236  QWAVE - ok
22:54:18.0425 10236  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:54:18.0457 10236  QWAVEdrv - ok
22:54:18.0468 10236  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:54:18.0517 10236  RasAcd - ok
22:54:18.0542 10236  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:54:18.0576 10236  RasAgileVpn - ok
22:54:18.0596 10236  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:54:18.0659 10236  RasAuto - ok
22:54:18.0702 10236  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:54:18.0771 10236  Rasl2tp - ok
22:54:18.0788 10236  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:54:18.0832 10236  RasMan - ok
22:54:18.0865 10236  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:54:18.0913 10236  RasPppoe - ok
22:54:18.0925 10236  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:54:18.0971 10236  RasSstp - ok
22:54:19.0015 10236  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:54:19.0059 10236  rdbss - ok
22:54:19.0070 10236  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:54:19.0095 10236  rdpbus - ok
22:54:19.0110 10236  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:54:19.0159 10236  RDPCDD - ok
22:54:19.0186 10236  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:54:19.0233 10236  RDPENCDD - ok
22:54:19.0247 10236  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:54:19.0283 10236  RDPREFMP - ok
22:54:19.0349 10236  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:54:19.0383 10236  RdpVideoMiniport - ok
22:54:19.0420 10236  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:54:19.0461 10236  RDPWD - ok
22:54:19.0515 10236  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:54:19.0542 10236  rdyboost - ok
22:54:19.0570 10236  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:54:19.0630 10236  RemoteAccess - ok
22:54:19.0682 10236  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:54:19.0761 10236  RemoteRegistry - ok
22:54:19.0804 10236  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:54:19.0845 10236  RFCOMM - ok
22:54:19.0880 10236  [ FA6ABC06B629DA29634D31F1FE0347BD ] rimspci         C:\Windows\system32\DRIVERS\rimssne64.sys
22:54:19.0916 10236  rimspci - ok
22:54:19.0969 10236  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:54:20.0053 10236  RpcEptMapper - ok
22:54:20.0076 10236  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:54:20.0104 10236  RpcLocator - ok
22:54:20.0161 10236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:54:20.0232 10236  RpcSs - ok
22:54:20.0268 10236  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:54:20.0333 10236  rspndr - ok
22:54:20.0357 10236  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:54:20.0368 10236  SamSs - ok
22:54:20.0406 10236  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:54:20.0428 10236  sbp2port - ok
22:54:20.0460 10236  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:54:20.0517 10236  SCardSvr - ok
22:54:20.0552 10236  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:54:20.0622 10236  scfilter - ok
22:54:20.0671 10236  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:54:20.0767 10236  Schedule - ok
22:54:20.0806 10236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:54:20.0869 10236  SCPolicySvc - ok
22:54:20.0910 10236  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
22:54:20.0938 10236  sdbus - ok
22:54:20.0956 10236  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:54:20.0993 10236  SDRSVC - ok
22:54:21.0030 10236  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:54:21.0101 10236  secdrv - ok
22:54:21.0134 10236  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:54:21.0203 10236  seclogon - ok
22:54:21.0230 10236  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
22:54:21.0271 10236  SENS - ok
22:54:21.0287 10236  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:54:21.0310 10236  SensrSvc - ok
22:54:21.0333 10236  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:54:21.0353 10236  Serenum - ok
22:54:21.0380 10236  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:54:21.0395 10236  Serial - ok
22:54:21.0429 10236  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:54:21.0463 10236  sermouse - ok
22:54:21.0512 10236  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:54:21.0593 10236  SessionEnv - ok
22:54:21.0662 10236  [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
22:54:21.0688 10236  SFEP - ok
22:54:21.0725 10236  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:54:21.0753 10236  sffdisk - ok
22:54:21.0769 10236  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:54:21.0801 10236  sffp_mmc - ok
22:54:21.0811 10236  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:54:21.0843 10236  sffp_sd - ok
22:54:21.0867 10236  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:54:21.0894 10236  sfloppy - ok
22:54:21.0922 10236  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:54:21.0981 10236  SharedAccess - ok
22:54:22.0049 10236  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:54:22.0140 10236  ShellHWDetection - ok
22:54:22.0161 10236  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:54:22.0173 10236  SiSRaid2 - ok
22:54:22.0205 10236  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:54:22.0226 10236  SiSRaid4 - ok
22:54:22.0295 10236  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:54:22.0314 10236  SkypeUpdate - ok
22:54:22.0334 10236  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:54:22.0389 10236  Smb - ok
22:54:22.0427 10236  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:54:22.0475 10236  SNMPTRAP - ok
22:54:22.0513 10236  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:54:22.0533 10236  spldr - ok
22:54:22.0588 10236  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:54:22.0622 10236  Spooler - ok
22:54:22.0730 10236  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:54:22.0869 10236  sppsvc - ok
22:54:22.0893 10236  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:54:22.0937 10236  sppuinotify - ok
22:54:22.0965 10236  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:54:22.0995 10236  srv - ok
22:54:23.0014 10236  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:54:23.0055 10236  srv2 - ok
22:54:23.0082 10236  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:54:23.0110 10236  srvnet - ok
22:54:23.0152 10236  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:54:23.0199 10236  SSDPSRV - ok
22:54:23.0211 10236  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:54:23.0250 10236  SstpSvc - ok
22:54:23.0272 10236  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:54:23.0283 10236  stexstor - ok
22:54:23.0336 10236  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:54:23.0404 10236  stisvc - ok
22:54:23.0439 10236  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:54:23.0459 10236  swenum - ok
22:54:23.0493 10236  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:54:23.0574 10236  swprv - ok
22:54:23.0638 10236  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:54:23.0733 10236  SysMain - ok
22:54:23.0773 10236  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:54:23.0819 10236  TabletInputService - ok
22:54:23.0858 10236  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:54:23.0933 10236  TapiSrv - ok
22:54:23.0953 10236  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:54:23.0989 10236  TBS - ok
22:54:24.0075 10236  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:54:24.0168 10236  Tcpip - ok
22:54:24.0227 10236  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:54:24.0275 10236  TCPIP6 - ok
22:54:24.0313 10236  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:54:24.0352 10236  tcpipreg - ok
22:54:24.0378 10236  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:54:24.0410 10236  TDPIPE - ok
22:54:24.0434 10236  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:54:24.0458 10236  TDTCP - ok
22:54:24.0510 10236  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:54:24.0564 10236  tdx - ok
22:54:24.0602 10236  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:54:24.0625 10236  TermDD - ok
22:54:24.0672 10236  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:54:24.0771 10236  TermService - ok
22:54:24.0804 10236  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:54:24.0842 10236  Themes - ok
22:54:24.0864 10236  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:54:24.0903 10236  THREADORDER - ok
22:54:24.0926 10236  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:54:24.0989 10236  TrkWks - ok
22:54:25.0032 10236  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:54:25.0118 10236  TrustedInstaller - ok
22:54:25.0151 10236  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:54:25.0193 10236  tssecsrv - ok
22:54:25.0228 10236  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:54:25.0257 10236  TsUsbFlt - ok
22:54:25.0311 10236  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:54:25.0381 10236  tunnel - ok
22:54:25.0411 10236  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:54:25.0423 10236  uagp35 - ok
22:54:25.0454 10236  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:54:25.0498 10236  udfs - ok
22:54:25.0528 10236  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:54:25.0557 10236  UI0Detect - ok
22:54:25.0593 10236  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:54:25.0608 10236  uliagpkx - ok
22:54:25.0652 10236  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:54:25.0683 10236  umbus - ok
22:54:25.0719 10236  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:54:25.0743 10236  UmPass - ok
22:54:25.0769 10236  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:54:25.0845 10236  upnphost - ok
22:54:25.0887 10236  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:54:25.0915 10236  USBAAPL64 - ok
22:54:25.0961 10236  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:54:25.0999 10236  usbaudio - ok
22:54:26.0037 10236  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:54:26.0076 10236  usbccgp - ok
22:54:26.0125 10236  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:54:26.0169 10236  usbcir - ok
22:54:26.0187 10236  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:54:26.0208 10236  usbehci - ok
22:54:26.0239 10236  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:54:26.0275 10236  usbhub - ok
22:54:26.0293 10236  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:54:26.0328 10236  usbohci - ok
22:54:26.0353 10236  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:54:26.0397 10236  usbprint - ok
22:54:26.0416 10236  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:54:26.0453 10236  USBSTOR - ok
22:54:26.0470 10236  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:54:26.0501 10236  usbuhci - ok
22:54:26.0555 10236  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:54:26.0589 10236  usbvideo - ok
22:54:26.0645 10236  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
22:54:26.0683 10236  usb_rndisx - ok
22:54:26.0700 10236  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:54:26.0771 10236  UxSms - ok
22:54:26.0881 10236  [ D469BE2723F79CF4B384680B1FDC577D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
22:54:26.0903 10236  VAIO Power Management - ok
22:54:26.0916 10236  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:54:26.0931 10236  VaultSvc - ok
22:54:26.0952 10236  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:54:26.0968 10236  vdrvroot - ok
22:54:27.0020 10236  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:54:27.0113 10236  vds - ok
22:54:27.0147 10236  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:54:27.0163 10236  vga - ok
22:54:27.0183 10236  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:54:27.0236 10236  VgaSave - ok
22:54:27.0278 10236  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:54:27.0308 10236  vhdmp - ok
22:54:27.0325 10236  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:54:27.0339 10236  viaide - ok
22:54:27.0448 10236  [ E2DB8094603D28D88577A0C89B5121FE ] Vodafone Mobile Broadband QuickStart C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe
22:54:27.0468 10236  Vodafone Mobile Broadband QuickStart - ok
22:54:27.0494 10236  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:54:27.0516 10236  volmgr - ok
22:54:27.0558 10236  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:54:27.0590 10236  volmgrx - ok
22:54:27.0607 10236  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:54:27.0628 10236  volsnap - ok
22:54:27.0658 10236  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:54:27.0682 10236  vsmraid - ok
22:54:27.0756 10236  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:54:27.0861 10236  VSS - ok
22:54:27.0873 10236  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:54:27.0895 10236  vwifibus - ok
22:54:27.0931 10236  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:54:27.0994 10236  vwififlt - ok
22:54:28.0037 10236  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:54:28.0118 10236  W32Time - ok
22:54:28.0138 10236  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:54:28.0161 10236  WacomPen - ok
22:54:28.0207 10236  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:54:28.0277 10236  WANARP - ok
22:54:28.0292 10236  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:54:28.0325 10236  Wanarpv6 - ok
22:54:28.0394 10236  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:54:28.0471 10236  WatAdminSvc - ok
22:54:28.0540 10236  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:54:28.0629 10236  wbengine - ok
22:54:28.0651 10236  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:54:28.0675 10236  WbioSrvc - ok
22:54:28.0711 10236  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:54:28.0753 10236  wcncsvc - ok
22:54:28.0777 10236  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:54:28.0795 10236  WcsPlugInService - ok
22:54:28.0819 10236  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:54:28.0832 10236  Wd - ok
22:54:28.0876 10236  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:54:28.0930 10236  Wdf01000 - ok
22:54:28.0948 10236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:54:29.0043 10236  WdiServiceHost - ok
22:54:29.0048 10236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:54:29.0070 10236  WdiSystemHost - ok
22:54:29.0114 10236  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:54:29.0156 10236  WebClient - ok
22:54:29.0184 10236  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:54:29.0246 10236  Wecsvc - ok
22:54:29.0257 10236  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:54:29.0294 10236  wercplsupport - ok
22:54:29.0322 10236  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:54:29.0360 10236  WerSvc - ok
22:54:29.0389 10236  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:54:29.0427 10236  WfpLwf - ok
22:54:29.0447 10236  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:54:29.0458 10236  WIMMount - ok
22:54:29.0474 10236  WinDefend - ok
22:54:29.0487 10236  WinHttpAutoProxySvc - ok
22:54:29.0533 10236  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:54:29.0600 10236  Winmgmt - ok
22:54:29.0674 10236  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:54:29.0810 10236  WinRM - ok
22:54:29.0872 10236  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:54:29.0897 10236  WinUsb - ok
22:54:29.0940 10236  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:54:30.0011 10236  Wlansvc - ok
22:54:30.0117 10236  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:54:30.0218 10236  wlidsvc - ok
22:54:30.0254 10236  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:54:30.0280 10236  WmiAcpi - ok
22:54:30.0316 10236  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:54:30.0354 10236  wmiApSrv - ok
22:54:30.0373 10236  WMPNetworkSvc - ok
22:54:30.0404 10236  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:54:30.0424 10236  WPCSvc - ok
22:54:30.0490 10236  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:54:30.0519 10236  WPDBusEnum - ok
22:54:30.0549 10236  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:54:30.0607 10236  ws2ifsl - ok
22:54:30.0625 10236  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
22:54:30.0659 10236  wscsvc - ok
22:54:30.0662 10236  WSearch - ok
22:54:30.0743 10236  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:54:30.0807 10236  wuauserv - ok
22:54:30.0846 10236  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:54:30.0885 10236  WudfPf - ok
22:54:30.0920 10236  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:54:30.0942 10236  WUDFRd - ok
22:54:30.0976 10236  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:54:31.0005 10236  wudfsvc - ok
22:54:31.0051 10236  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:54:31.0091 10236  WwanSvc - ok
22:54:31.0131 10236  [ 5250193EF8E173AA7491250F00EB367F ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
22:54:31.0158 10236  yukonw7 - ok
22:54:31.0186 10236  ================ Scan global ===============================
22:54:31.0209 10236  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:54:31.0257 10236  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:54:31.0273 10236  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:54:31.0303 10236  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:54:31.0322 10236  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:54:31.0332 10236  [Global] - ok
22:54:31.0333 10236  ================ Scan MBR ==================================
22:54:31.0336 10236  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:54:32.0053 10236  \Device\Harddisk0\DR0 - ok
22:54:32.0124 10236  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:54:32.0841 10236  \Device\Harddisk1\DR1 - ok
22:54:32.0842 10236  ================ Scan VBR ==================================
22:54:32.0846 10236  [ B794421296613EE2946DA82C96469FF5 ] \Device\Harddisk0\DR0\Partition1
22:54:32.0848 10236  \Device\Harddisk0\DR0\Partition1 - ok
22:54:32.0912 10236  [ C045036942596C63741AAF9684DD3471 ] \Device\Harddisk0\DR0\Partition2
22:54:32.0915 10236  \Device\Harddisk0\DR0\Partition2 - ok
22:54:32.0955 10236  [ 59ECEA80E86CE7BF14343EDD4E630172 ] \Device\Harddisk1\DR1\Partition1
22:54:32.0958 10236  \Device\Harddisk1\DR1\Partition1 - ok
22:54:32.0959 10236  ============================================================
22:54:32.0959 10236  Scan finished
22:54:32.0959 10236  ============================================================
22:54:32.0975 10884  Detected object count: 0
22:54:32.0975 10884  Actual detected object count: 0
         

Alt 10.06.2013, 09:53   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Zu aswMBR gab es extra einen Hinweis, den du umsetzen solltest falls das Programm mit den normalen Einstellungen abstürzt
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.06.2013, 16:07   #12
demika
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Wer lesen kann ist klar im Vorteil...

Hier nun also der aswMBR Logfile:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-10 13:06:31
-----------------------------
13:06:31.210    OS Version: Windows x64 6.1.7601 Service Pack 1
13:06:31.210    Number of processors: 4 586 0x2505
13:06:31.210    ComputerName: ****-VAIO  UserName: ****
13:06:32.723    Initialize success
13:06:47.716    AVAST engine defs: 13060900
13:07:09.489    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:07:09.504    Disk 0 Vendor: ST9500325AS 0006SDM2 Size: 476940MB BusType: 11
13:07:09.504    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
13:07:09.504    Disk 1 Vendor: ST9500325AS 0006SDM2 Size: 476940MB BusType: 11
13:07:09.629    Disk 1 MBR read successfully
13:07:09.629    Disk 1 MBR scan
13:07:09.645    Disk 1 Windows 7 default MBR code
13:07:09.645    Disk 1 Partition - 00     0F Extended LBA            476938 MB offset 2048
13:07:09.660    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       476937 MB offset 4096
13:07:09.691    Disk 1 scanning C:\Windows\system32\drivers
13:07:23.107    Service scanning
13:07:48.130    Modules scanning
13:07:48.145    Disk 1 trace - called modules:
13:07:48.208    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
13:07:48.223    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8005f10060]
13:07:48.239    3 CLASSPNP.SYS[fffff880019a443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005c50060]
13:07:48.239    Scan finished successfully
14:23:59.337    Disk 1 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
14:23:59.337    The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"
         

Alt 10.06.2013, 22:39   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Kein Problem, unsere Anleitungen haben sehr viel Text

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2013, 12:11   #14
demika
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



So, here we go:

JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by **** on 11.06.2013 at 12:32:13,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_current_user\software\pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\minidumps [279 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.06.2013 at 12:35:56,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwCleaner

Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 11/06/2013 um 12:41:21 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bwuxnece.default\foxydeal.sqlite

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\bwuxnece.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\j5sannqf.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\dw57uooi.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1077 octets] - [11/06/2013 12:41:21]

########## EOF - C:\AdwCleaner[S1].txt - [1137 octets] ##########
         
OTL

Code:
ATTFilter
OTL logfile created on: 11.06.2013 12:46:55 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 77,19% Memory free
11,71 Gb Paging File | 10,20 Gb Available in Paging File | 87,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 339,58 Gb Free Space | 72,91% Space Free | Partition Type: NTFS
Drive D: | 452,23 Gb Total Space | 451,93 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ****-VAIO | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe ()
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Vodafone Mobile Broadband QuickStart) -- C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe ()
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B1acd747e-8470-11db-96a9-00e08161165f%7D:6.3.7.117
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.8
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2013.06.11 12:32:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.05.10 00:38:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 12:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 12:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.05.10 00:38:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.22 12:10:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.22 12:10:23 | 000,000,000 | ---D | M]
 
[2012.07.17 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2013.06.06 00:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions
[2012.09.02 17:14:26 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2012.09.07 12:45:35 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2013.04.23 09:42:47 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\anttoolbar@ant.com
[2013.04.06 18:59:37 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\bwuxnece.default\extensions\ich@maltegoetz.de
[2013.05.25 18:10:13 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\extensions\firebug@software.joehewitt.com.xpi
[2013.05.06 23:06:09 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\extensions\nosquint@urandom.ca.xpi
[2013.06.06 00:05:53 | 000,030,759 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012.12.08 04:30:13 | 000,002,057 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\bwuxnece.default\searchplugins\youtube-videosuche.xml
[2013.05.22 12:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.22 12:10:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.28 20:46:38 | 000,225,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
 
O1 HOSTS File: ([2013.05.13 01:00:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59805883-2722-43E0-B507-9AAB5A0EF770}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A732EBF7-4B28-4E77-AB6D-7D1558D0E532}: DhcpNameServer = 213.42.20.20 195.229.241.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B406F7F8-0931-4F50-9CAF-5AB186E2ACF4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F29072C8-C163-45FB-A9F4-3A03F4D18C5F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2490743335-2800501917-1896874617-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 12:32:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.11 12:30:48 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.11 12:25:43 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\****\Desktop\JRT.exe
[2013.06.09 22:46:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2013.06.09 11:58:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2013.06.08 23:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.08 21:57:19 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\mbar-1.06.0.1003
[2013.06.04 16:51:59 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Leuphana
[2013.05.22 12:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.16 00:11:07 | 009,195,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.14 23:14:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.14 23:14:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.14 23:14:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.14 23:14:47 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.14 23:14:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.14 23:14:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.14 23:14:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.14 23:14:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.14 23:14:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.14 23:14:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.14 23:14:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.14 23:14:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.14 23:14:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.14 23:14:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.14 23:14:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.14 23:13:01 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.14 23:13:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.14 23:13:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.14 23:12:45 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.14 23:12:44 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.14 23:12:44 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.14 23:12:44 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.14 17:11:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\ImgBurn
[2013.05.14 17:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013.05.14 17:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2013.05.14 13:27:18 | 000,000,000 | ---D | C] -- C:\Users\****\Studium - Ausbildung
[2013.05.14 13:24:02 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\tradesignalonline2
[2013.05.13 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Release
[2013.05.13 20:45:07 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner (3)
[2013.05.13 12:49:11 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Neuer Ordner (2)
[2013.05.13 11:55:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.13 01:09:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.13 00:49:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.13 00:49:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.13 00:49:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.13 00:49:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.13 00:49:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.13 00:49:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.12 22:51:17 | 005,069,265 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 12:50:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 12:50:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.11 12:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.11 12:43:07 | 422,125,567 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 12:40:24 | 000,648,201 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe
[2013.06.11 12:25:49 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\****\Desktop\JRT.exe
[2013.06.11 12:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.10 14:23:59 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat
[2013.06.09 22:46:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe
[2013.06.09 11:59:56 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2013.06.08 21:57:17 | 013,169,742 | ---- | M] () -- C:\Users\****\Desktop\mbar-1.06.0.1003.zip
[2013.06.08 21:48:46 | 011,390,298 | ---- | M] () -- C:\Users\****\Desktop\Howling (Âme Remix).mp3
[2013.05.30 17:22:28 | 000,346,578 | ---- | M] () -- C:\Users\****\Desktop\Deckblatt, Anschreiben, Lebenslauf (Ausbildung).pdf
[2013.05.26 12:24:18 | 000,000,931 | ---- | M] () -- C:\Users\****\Desktop\jsenglish.js
[2013.05.26 11:50:15 | 000,007,987 | ---- | M] () -- C:\Users\****\Desktop\english.php
[2013.05.24 23:08:35 | 108,039,114 | ---- | M] () -- C:\Users\****\Desktop\TRADERS_06.pdf
[2013.05.24 14:48:18 | 000,022,292 | ---- | M] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2013.05.22 22:56:16 | 000,019,800 | ---- | M] () -- C:\Users\****\Desktop\tab.png
[2013.05.22 22:52:39 | 002,944,448 | ---- | M] () -- C:\Users\****\Desktop\themeforest-168737-karma-clean-and-modern-wordpress-theme-wordpress_theme.zip
[2013.05.22 22:49:14 | 000,006,207 | ---- | M] () -- C:\Users\****\Desktop\theme-template-part-content-blog.php
[2013.05.19 22:42:39 | 052,382,087 | ---- | M] () -- C:\Users\****\Desktop\TRADERS_05.pdf
[2013.05.17 00:11:43 | 000,000,779 | ---- | M] () -- C:\Users\****\Desktop\exchangealphaemailsubscribers.csv
[2013.05.16 12:48:08 | 000,072,532 | ---- | M] () -- C:\Users\****\Desktop\Silber w1.png
[2013.05.16 12:35:29 | 000,120,505 | ---- | M] () -- C:\Users\****\Desktop\Silber d1.png
[2013.05.16 00:11:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.16 00:11:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.16 00:11:07 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.15 09:52:43 | 000,343,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.14 23:18:21 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.14 23:18:21 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.14 23:18:21 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.14 23:18:21 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.14 23:18:21 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.14 17:03:49 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.05.14 14:18:52 | 150,818,816 | ---- | M] () -- C:\Users\****\Desktop\vista_recover_x86.iso
[2013.05.14 13:23:54 | 000,228,197 | ---- | M] () -- C:\Users\****\Desktop\tradesignalonline2.zip
[2013.05.13 01:00:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.13 00:48:06 | 000,339,702 | ---- | M] () -- C:\Users\****\Unbenannt.xcf
[2013.05.13 00:33:31 | 000,093,326 | ---- | M] () -- C:\Users\****\Unbenannt.png
[2013.05.12 22:51:35 | 005,069,265 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe
 
========== Files Created - No Company Name ==========
 
[2013.06.11 12:40:19 | 000,648,201 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe
[2013.06.10 14:23:59 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat
[2013.06.08 21:57:00 | 013,169,742 | ---- | C] () -- C:\Users\****\Desktop\mbar-1.06.0.1003.zip
[2013.06.08 21:48:39 | 011,390,298 | ---- | C] () -- C:\Users\****\Desktop\Howling (Âme Remix).mp3
[2013.05.30 17:22:28 | 000,346,578 | ---- | C] () -- C:\Users\****\Desktop\Deckblatt, Anschreiben, Lebenslauf (Ausbildung).pdf
[2013.05.26 12:24:18 | 000,000,931 | ---- | C] () -- C:\Users\****\Desktop\jsenglish.js
[2013.05.26 11:50:13 | 000,007,987 | ---- | C] () -- C:\Users\****\Desktop\english.php
[2013.05.24 23:08:33 | 108,039,114 | ---- | C] () -- C:\Users\****\Desktop\TRADERS_06.pdf
[2013.05.24 14:48:18 | 000,022,292 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2013.05.22 22:56:16 | 000,019,800 | ---- | C] () -- C:\Users\****\Desktop\tab.png
[2013.05.22 22:40:35 | 000,006,207 | ---- | C] () -- C:\Users\****\Desktop\theme-template-part-content-blog.php
[2013.05.22 22:33:05 | 002,944,448 | ---- | C] () -- C:\Users\****\Desktop\themeforest-168737-karma-clean-and-modern-wordpress-theme-wordpress_theme.zip
[2013.05.19 22:42:38 | 052,382,087 | ---- | C] () -- C:\Users\****\Desktop\TRADERS_05.pdf
[2013.05.17 00:11:42 | 000,000,779 | ---- | C] () -- C:\Users\****\Desktop\exchangealphaemailsubscribers.csv
[2013.05.16 12:45:28 | 000,072,532 | ---- | C] () -- C:\Users\****\Desktop\Silber w1.png
[2013.05.16 12:35:29 | 000,120,505 | ---- | C] () -- C:\Users\****\Desktop\Silber d1.png
[2013.05.14 17:03:49 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013.05.14 17:03:49 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.05.14 13:23:53 | 000,228,197 | ---- | C] () -- C:\Users\****\Desktop\tradesignalonline2.zip
[2013.05.13 00:49:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.13 00:49:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.13 00:49:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.13 00:49:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.13 00:49:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.13 00:48:06 | 000,339,702 | ---- | C] () -- C:\Users\****\Unbenannt.xcf
[2013.05.13 00:32:13 | 000,093,326 | ---- | C] () -- C:\Users\****\Unbenannt.png
[2013.05.09 22:37:50 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.10.16 23:10:32 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.01 22:53:41 | 000,000,054 | ---- | C] () -- C:\Windows\NavWin.INI
[2012.09.01 22:53:16 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\G32_TICK.DLL
[2012.09.01 22:53:16 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\G32_rkey.dll
[2012.09.01 22:53:16 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\free_res.exe
[2012.08.03 17:45:40 | 000,000,008 | RH-- | C] () -- C:\Users\****\hwid
[2012.07.27 13:53:42 | 000,002,678 | ---- | C] () -- C:\Users\****\footer.php
[2012.07.25 20:58:40 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.07.25 20:51:49 | 000,000,043 | ---- | C] () -- C:\Windows\ib.ini
[2012.07.25 12:09:52 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2012.07.17 14:44:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.07 07:25:32 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.23 00:02:30 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\AbiSuite
[2012.07.20 20:36:10 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Amazon
[2012.07.17 17:46:49 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ESET
[2012.07.18 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\tradesignal
[2012.07.18 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AbiSuite
[2012.07.29 23:18:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2012.10.16 23:10:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CAD-KAS
[2012.08.18 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cyberduck
[2012.08.18 23:25:19 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\Cyberduck Updater AU
[2012.07.14 21:48:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ESET
[2012.10.24 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2012.10.04 20:42:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\hdbADS
[2013.05.14 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ImgBurn
[2013.04.10 12:08:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IrfanView
[2012.10.04 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MrJobs
[2012.07.17 23:18:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\tradesignal
[2012.08.18 23:25:08 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\wyUpdate AU
[2013.02.07 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\ESET
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras

Code:
ATTFilter
OTL Extras logfile created on: 11.06.2013 12:46:55 - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,52 Gb Available Physical Memory | 77,19% Memory free
11,71 Gb Paging File | 10,20 Gb Available in Paging File | 87,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 339,58 Gb Free Space | 72,91% Space Free | Partition Type: NTFS
Drive D: | 452,23 Gb Total Space | 451,93 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: ****-VAIO | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{201EAA52-7636-4754-8C3A-703F59F9C74B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B5599D68-3D32-4609-98B2-A42CF8455987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{117F256A-7BDD-48EB-9B2E-D343F7347B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{19C9BC14-9B04-4C97-B654-A38749606C6C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4DC8CC4D-D649-4C13-8704-3FD3A251990A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5682DC96-DF67-4A3C-BB6A-AC378552DD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{811ED9E7-E2CA-41D9-AD64-5369C77B799C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{88ADA974-5783-4945-B06A-8396876A48C2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"TCP Query User{36DD5DA9-7C9B-4169-BDDF-8430D33564AF}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"TCP Query User{6C177520-FC84-48D8-AD05-E8B9515262F2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{70AA0BF8-7C9D-43B1-B671-0577DD7529C0}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"TCP Query User{B9B9F485-FA29-437F-A524-A3E5E20FB542}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{CEA0A7B5-7830-4655-98C6-22EDD36753BF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{D82369DA-1A31-4A5B-8A7B-3B2A7A6ACDE3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{DCB119F8-AA84-42A4-92B1-A775907551DA}C:\program files (x86)\coaa\planeplotter\planeplotter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\coaa\planeplotter\planeplotter.exe | 
"UDP Query User{6B19031E-6F11-46F0-994C-4B441FFA84A4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{75A6F61A-03A1-46C7-8CB3-ED7F0E4C57A7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A11B0B8E-DBD1-409C-B33F-BE19E2CA546C}C:\program files (x86)\coaa\planeplotter\planeplotter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\coaa\planeplotter\planeplotter.exe | 
"UDP Query User{A207B887-4E5B-4665-97F9-7F998140D32C}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{E2BA7615-B7E5-4AD1-BA4D-5E3E0861BF99}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{E5EC6F7B-6CBC-4EA7-84C8-9EF41376FCB9}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
"UDP Query User{FCA3A28D-ECA8-4163-90E2-0770BFBCF5F8}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA9F8C00-2674-476F-9836-0F3661A09A30}" = ESET Smart Security
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2735AEFA-57A5-44AD-81B6-BE30CA07C066}" = Tradesignal Online Chart
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{3C76A500-2852-4848-9555-1DB015ABD439}" = NinjaTrader 7
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{676D78AA-4FD4-405D-8872-E63052EF5716}" = Vodafone QuickStart Uninstaller
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{FDA24BB0-8462-4356-B30E-C74FDC25C6DF}" = Network Recording Player
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ElsterFormular" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PSPad editor_is1" = PSPad editor
"Trader Workstation 4.0" = Trader Workstation 4.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2490743335-2800501917-1896874617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Screencast-O-Matic" = Screencast-O-Matic
 
< End of report >
         

Alt 11.06.2013, 12:41   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Standard

Spyware.Passwords.XGen gefunden - gefährlich oder nicht?



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Spyware.Passwords.XGen gefunden - gefährlich oder nicht?
adobe, autorun, bho, error, eset smart security, excel, fehlalarm, firefox, flash player, format, ftp, gmer.log, helper, home, iexplore.exe, install.exe, msvcrt, object, quickstart, realtek, registry, rundll, security, senden, stick, system, udp, usb, warnung, windows



Ähnliche Themen: Spyware.Passwords.XGen gefunden - gefährlich oder nicht?


  1. Infektion mit spyware.passwords.ed (Scan mit malware bytes)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (15)
  2. Windows 7 64 bit home: Malware oder Spyware gefunden, Avira Scan hat das Problem nicht behoben
    Log-Analyse und Auswertung - 29.10.2014 (13)
  3. PUP-Toolbar - gefährlich oder nicht gefährlich?
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  4. Spyware.Passwords mal 2
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (1)
  5. Malwarebytes findet Spyware.Passwords / 2 infizierte Registrierungsschlüssel
    Log-Analyse und Auswertung - 06.03.2012 (15)
  6. Hilfe, Spyware.Passwords.XGen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2011 (3)
  7. Akamai - Gefährlich oder nicht ?
    Log-Analyse und Auswertung - 20.06.2011 (1)
  8. Adware.Zwunzi, Trojan.SpyEyes, Spyware.Passwords.XGen
    Plagegeister aller Art und deren Bekämpfung - 02.04.2011 (41)
  9. Spyware.Passwords.XGen + AntiVir startet nicht
    Plagegeister aller Art und deren Bekämpfung - 10.03.2011 (22)
  10. Trojan.SpyEyes.WC, Spyware.Passwords.XGen wirklich eliminiert?
    Plagegeister aller Art und deren Bekämpfung - 04.03.2011 (5)
  11. Spyware.Passwords.XGen wurde durch Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.12.2010 (2)
  12. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  13. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  14. Spyware.Passwords.XGen, Trojan.Dropper.PGen, Packer.Suspicious, JAVA/Agent.2212
    Plagegeister aller Art und deren Bekämpfung - 05.12.2010 (3)
  15. spyware.passwords.xgen
    Antiviren-, Firewall- und andere Schutzprogramme - 25.11.2010 (0)
  16. Spyware.passwords.xgen, TR/Dropper.Gen, DR/Delf.O.37 gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (18)
  17. 35 Viren mir Escan gefunden, gefährlich oder nicht?
    Log-Analyse und Auswertung - 17.12.2007 (24)

Zum Thema Spyware.Passwords.XGen gefunden - gefährlich oder nicht? - Nabend/Guten Morgen, habe eben nach längerer Zeit mal wieder mein System mit Malwarebites gescannt und siehe da, es wurde etwas gefunden. Genauer gesagt dieser Schlingel hier: Spyware.Passwords.XGen zu finden unter - Spyware.Passwords.XGen gefunden - gefährlich oder nicht?...
Archiv
Du betrachtest: Spyware.Passwords.XGen gefunden - gefährlich oder nicht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.