Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32/Small.CA-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2013, 11:56   #1
Serafim
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Das Wartungscenter meines Computers (mit Windows 7 64 bit) meldet mir:
"Windows hat Win32/Small.CA, einen bekannten Computervirus, auf Ihrem PC erkannt.
Win32/Small.CA hat bewirkt, dass Ihr PC 1 Mal nicht ordnungsgemäß funktioniert hat."

Überprüfungen mit Windows Defender und Sophos erkannten den Fehler nicht und
meldeten eine normale Ausführung des Computers.

Ich bitte um Hilfe bei der Beseitigung des Virus.

Vielen Dank im voraus.

Serafim

Alt 04.07.2013, 12:13   #2
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 05.07.2013, 11:25   #3
Serafim
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hallo,
hier ist der Inhalt der Dateien.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 05.07.2013 11:52:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Siegfried\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,99% Memory free
7,73 Gb Paging File | 5,83 Gb Available in Paging File | 75,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256,94 Gb Total Space | 202,73 Gb Free Space | 78,90% Space Free | Partition Type: NTFS
Drive D: | 99,07 Gb Total Space | 98,73 Gb Free Space | 99,65% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 1,37 Gb Free Space | 13,98% Space Free | Partition Type: NTFS
 
Computer Name: SIEGFRIED-THINK | User Name: Siegfried | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.05 11:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siegfried\Desktop\OTL.exe
PRC - [2013.07.04 15:58:48 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.23 01:49:41 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.02.14 23:30:23 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.02.14 23:30:21 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.02.14 23:29:06 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.29 22:21:05 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.12.27 22:07:26 | 003,729,400 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.12.21 15:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.08.23 04:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012.08.23 04:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012.08.18 22:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012.07.24 16:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012.05.09 23:25:15 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.03.19 22:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2011.05.27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.04.20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.04.20 14:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010.04.20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.07 07:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.04.07 05:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.04.01 07:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.15 14:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009.12.21 11:49:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 06:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.11 10:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009.11.04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.23 04:35:38 | 013,873,200 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
MOD - [2012.08.23 04:31:22 | 001,590,656 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2012.07.24 15:48:28 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
MOD - [2011.04.20 12:53:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.03.31 19:29:46 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll
MOD - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.13 15:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.01.13 16:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.18 07:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.28 00:11:33 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 20:33:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.23 01:49:41 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.02.14 23:30:23 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.02.14 23:29:06 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.29 22:21:05 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2013.01.29 22:18:39 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.12.27 22:07:26 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.12.21 15:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.08.23 04:50:44 | 001,127,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.08.18 22:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Users\Siegfried\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012.05.09 23:25:15 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.03.19 22:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.24 20:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010.07.15 07:23:58 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2010.04.20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010.04.20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.04.07 07:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.04.07 05:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 14:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.03.05 11:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.03.05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.03.05 11:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.11.04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.29 18:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.29 22:26:27 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.12.27 22:07:27 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.12.27 22:07:24 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012.12.27 22:07:20 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2012.12.27 22:07:18 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012.12.27 22:07:16 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2012.12.27 22:07:13 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.12.27 22:07:12 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012.10.08 14:09:34 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
DRV:64bit: - [2012.03.05 21:53:58 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.29 11:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 15:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.01.13 15:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.24 20:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010.07.15 07:23:48 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.03.17 23:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.03.17 12:30:36 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.02.08 14:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.15 06:23:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 06:23:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.15 06:23:00 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.01.13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.30 08:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 07:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.02 12:58:12 | 000,258,560 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.09.29 18:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.02 04:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 07:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.02.09 11:06:31 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2008.05.12 11:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2011.06.27 17:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Users\Siegfried\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {31CA554A-5500-4812-875C-F4719B5572E2}
IE:64bit: - HKLM\..\SearchScopes\{31CA554A-5500-4812-875C-F4719B5572E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3EEE0C04-FCC8-4DA9-8801-8DE8D162280E}
IE - HKLM\..\SearchScopes\{3EEE0C04-FCC8-4DA9-8801-8DE8D162280E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YYA^de&ptb=9724A557-6BF6-4DA9-B1EF-1977726E1F7B&si=swissconverter
IE - HKCU\..\SearchScopes,DefaultScope = {A45A69E5-9511-4C45-9AAF-7F5F8F3DA4CA}
IE - HKCU\..\SearchScopes\{A45A69E5-9511-4C45-9AAF-7F5F8F3DA4CA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{D9A8C407-B63A-4232-AEAD-0612A4782451}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ask Web Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.7.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9724A557-6BF6-4DA9-B1EF-1977726E1F7B&n=77fd044f&ind=2013070415&p2=^Y6^xdm043^YYA^de&si=swissconverter&searchfor="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011.06.21 15:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.06.21 15:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Extensions
[2011.06.21 15:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.07.05 11:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Firefox\Profiles\9rsq7463.default\extensions
[2013.04.13 11:11:31 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Siegfried\AppData\Roaming\mozilla\Firefox\Profiles\9rsq7463.default\extensions\fb_add_on@avm.de
[2011.06.21 15:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Sunbird\Profiles\9tzvolni.default\extensions
[2013.07.04 15:58:53 | 000,009,612 | ---- | M] () -- C:\Users\Siegfried\AppData\Roaming\mozilla\firefox\profiles\9rsq7463.default\searchplugins\ask-web-search.xml
[2013.06.28 00:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.06.28 00:11:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.06.28 00:11:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.06.28 00:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.28 00:11:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\RunOnce: [FromDocToPDF_65bar Uninstall] rundll32 C:\PROGRA~2\65UNIN~1.DLL,O -3 uninstalltype="FF" File not found
O4 - Startup: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Users\Siegfried\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C7522CC-4D4C-429F-B803-8D9E9B89D770}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0C0BFF-17C4-4830-B483-7D2926513271}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.05 11:50:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Siegfried\Desktop\OTL.exe
[2013.07.05 11:45:17 | 000,712,264 | ---- | C] (MindSpark) -- C:\Program Files (x86)\65Uninstall FromDocToPDF.dll
[2013.07.05 00:14:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{F9ADF71E-D4B5-4FFA-8106-4BAFB1705DB6}
[2013.07.04 15:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FromDocToPDF_65
[2013.07.02 12:07:37 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{071CE1FF-171E-4315-A241-15A56EA0A2DE}
[2013.06.29 01:27:43 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{9539EFFE-A316-4F6B-A9E5-E36C96AB0BAD}
[2013.06.28 00:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.25 01:34:04 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{F7C1803F-8051-48AE-A7D1-47DF1B9B44C4}
[2013.06.20 15:14:49 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{FF48B5CC-DA2E-4D9D-B077-5047E3FB8924}
[2013.06.18 18:53:40 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{6625C0C1-09EB-4B85-90A1-823BFDDE746A}
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.05 11:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siegfried\Desktop\OTL.exe
[2013.07.05 11:39:17 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.05 11:39:17 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.05 11:32:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.05 11:30:06 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.05 11:29:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.05 11:29:14 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.05 10:21:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.04 23:50:50 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.07.04 15:58:49 | 000,194,944 | ---- | M] () -- C:\Program Files (x86)\65res.dll
[2013.07.04 15:58:48 | 000,712,264 | ---- | M] (MindSpark) -- C:\Program Files (x86)\65Uninstall FromDocToPDF.dll
[2013.07.04 13:01:26 | 003,320,813 | ---- | M] () -- C:\Users\Siegfried\Documents\Trojaner Anfrage.rtf
[2013.07.04 12:49:07 | 002,650,011 | ---- | M] () -- C:\Users\Siegfried\Documents\Trojaner Mail.rtf
[2013.07.02 21:39:45 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.02 21:39:45 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.02 21:39:45 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.02 21:39:45 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.02 21:39:45 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.28 14:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2013.06.28 14:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.06.20 16:27:02 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.16 16:41:43 | 000,004,693 | ---- | M] () -- C:\Users\Siegfried\Documents\RENTE  EURO- SFR  mit Berechnung.rtf
 
========== Files Created - No Company Name ==========
 
[2013.07.05 11:45:17 | 000,194,944 | ---- | C] () -- C:\Program Files (x86)\65res.dll
[2013.07.04 13:01:26 | 003,320,813 | ---- | C] () -- C:\Users\Siegfried\Documents\Trojaner Anfrage.rtf
[2013.07.04 12:49:07 | 002,650,011 | ---- | C] () -- C:\Users\Siegfried\Documents\Trojaner Mail.rtf
[2013.06.28 10:52:15 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2013.03.21 12:17:37 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.10.14 18:42:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.08.28 16:12:45 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT
[2011.05.22 21:50:30 | 000,000,680 | RHS- | C] () -- C:\Users\Siegfried\ntuser.pol
[2011.05.08 16:27:38 | 000,020,540 | ---- | C] () -- C:\Users\Siegfried\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.06 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Acronis
[2011.08.28 17:01:18 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Canon
[2011.12.07 22:00:03 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\elsterformular
[2011.04.20 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\OpenOffice.org
[2011.05.12 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\PCDr
[2011.06.27 13:59:18 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Secure Soft
[2012.10.14 18:45:24 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Synaptics
[2011.05.12 21:29:50 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Update
[2011.06.06 18:56:18 | 000,000,000 | ---D | M] -- C:\Users\Siegfried\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.05.22 23:50:13 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.24 19:28:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.28 21:11:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.03 17:51:35 | 000,000,000 | ---D | M] -- C:\Intel
[2011.03.04 01:58:09 | 000,000,000 | ---D | M] -- C:\mfg
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.14 12:48:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.05 11:45:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.06 17:28:16 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.28 21:11:50 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.28 21:12:14 | 000,000,000 | ---D | M] -- C:\swshare
[2011.03.28 21:38:37 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2013.07.05 11:54:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.22 23:59:54 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.26 14:09:00 | 000,000,000 | ---D | M] -- C:\usr
[2013.03.23 14:59:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2012.10.08 14:26:52 | 000,495,616 | ---- | M] (Gigaset Communications GmbH) -- C:\Windows\system32\Gqstsp.tsp
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.22 23:17:50 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 23:17:50 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.05.12 21:40:14 | 000,000,466 | ---- | C] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011.05.12 21:40:15 | 000,000,528 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.04.19 10:37:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.06.28 10:52:15 | 000,000,528 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.03.04 02:24:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.03.04 02:23:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.03.04 02:24:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.03.04 02:23:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.03.04 02:24:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.03.04 02:23:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.03.04 02:24:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.03.04 02:23:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\SWTOOLS\DRIVERS\IMSM\iaStor.sys
[2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.03.04 02:24:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.03.04 02:24:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.11.20 14:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
[2010.11.20 14:21:37 | 000,299,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmpdxm.dll
 
< %USERPROFILE%\*.* >
[2013.07.05 11:53:52 | 002,621,440 | -HS- | M] () -- C:\Users\Siegfried\ntuser.dat
[2013.07.05 11:53:52 | 000,262,144 | -HS- | M] () -- C:\Users\Siegfried\ntuser.dat.LOG1
[2011.03.28 21:11:56 | 000,000,000 | -HS- | M] () -- C:\Users\Siegfried\ntuser.dat.LOG2
[2011.03.28 20:55:39 | 000,065,536 | -HS- | M] () -- C:\Users\Siegfried\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.03.28 20:55:39 | 000,524,288 | -HS- | M] () -- C:\Users\Siegfried\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.03.28 20:55:39 | 000,524,288 | -HS- | M] () -- C:\Users\Siegfried\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.05.12 15:58:57 | 000,065,536 | -HS- | M] () -- C:\Users\Siegfried\ntuser.dat{c07ee47d-7c9a-11e0-9e7c-60eb69df35ee}.TM.blf
[2011.05.12 15:58:57 | 000,524,288 | -HS- | M] () -- C:\Users\Siegfried\ntuser.dat{c07ee47d-7c9a-11e0-9e7c-60eb69df35ee}.TMContainer00000000000000000001.regtrans-ms
[2011.05.12 15:58:57 | 000,524,288 | -HS- | M] () -- C:\Users\Siegfried\ntuser.dat{c07ee47d-7c9a-11e0-9e7c-60eb69df35ee}.TMContainer00000000000000000002.regtrans-ms
[2011.03.28 21:11:56 | 000,000,020 | -HS- | M] () -- C:\Users\Siegfried\ntuser.ini
[2012.11.10 09:34:12 | 000,000,680 | RHS- | M] () -- C:\Users\Siegfried\ntuser.pol
[2011.08.28 17:01:19 | 000,000,000 | ---- | M] () -- C:\Users\Siegfried\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<   >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 929 bytes -> C:\Users\Siegfried\Documents\Re-Reiserücktritt-ERV,Antwort.eml:OECustomProperty
@Alternate Data Stream - 1252 bytes -> C:\Users\Siegfried\Documents\Re-Reiserücktritt-ERV.eml:OECustomProperty

< End of report >
         
--- --- ---



Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 05.07.2013 11:52:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Siegfried\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,99% Memory free
7,73 Gb Paging File | 5,83 Gb Available in Paging File | 75,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256,94 Gb Total Space | 202,73 Gb Free Space | 78,90% Space Free | Partition Type: NTFS
Drive D: | 99,07 Gb Total Space | 98,73 Gb Free Space | 99,65% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 1,37 Gb Free Space | 13,98% Space Free | Partition Type: NTFS
 
Computer Name: SIEGFRIED-THINK | User Name: Siegfried | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094C44E9-6C62-4E98-B616-86E33574BE7B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0B55B1A5-6932-4DE9-B42E-B9ED39B7E97B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2091066F-31E9-45C7-A246-A8362FE23CCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2CCC1948-3BCF-4A7D-911E-69898D78D8EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3CDE2325-2C70-4F4E-BD95-17193E6C3C83}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3CF4D896-9F86-4D35-B826-51092B12A74A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F9CD409-E337-4A97-95A2-5A0BEEE8565A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{401B6C8F-8311-443B-B736-159B147D7F95}" = rport=137 | protocol=17 | dir=out | app=system | 
"{41141E9A-2E53-4166-9EFA-E33DB94E5976}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{534EB270-EBBA-42D5-893B-40E5C4EAF20B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{53F0DAD6-46E1-4B00-A504-AE9A0D02EBAD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{598250FF-8554-4BE7-993E-C80DA9A1628D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{598BF50A-5239-4835-95C1-B5C8514BE5B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5CE11C0C-9E58-476B-A5D3-D1479ED61F6D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6F7EACA3-C84D-4B3D-B00E-DB827B2EE034}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{709CC8F5-2C0E-45AF-AEA6-5B6B4706D25F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{873B3933-CE76-46CD-945F-6D2A284A79F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{952E0415-8D7C-410B-91D7-0F6BBB11D6DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A0FD5E4E-EE3B-4C79-B6A9-5883D9C4D2D1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A8592D9B-5F87-4D1B-B469-B663852887FF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B01A1F8B-2F10-4794-8650-7195B6667DC3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B1B54ABD-C48D-4C88-9B4A-77B86DE079B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3B4C4B0-9C1F-4AFB-A76F-A14A7DAA6E6F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C7585F07-48A1-4A22-9639-9E606F1550FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C7FAD3A3-EA12-40F0-9E60-2B1F415EA75C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CD13F72A-A3A4-4B8F-B97F-6BC619F8566E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{CFE8640E-D636-4BE9-BBE4-F39089EE9D31}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D47F679B-0B29-42E7-B856-D1BC07086B49}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA658E9D-62D2-433D-93A1-0515F66E3FF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB4D8C65-6C12-4695-896A-0D71AE934F70}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EFA3A7E0-6DD4-43FC-9610-0326DB4F902C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EFB75F88-B139-4197-836E-9DBDF287384C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F4BA445D-AED5-45EA-952B-03A74A3F1328}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D88E077-6FF8-4CCD-A6E6-65BEB007991B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E4FCA54-DE3E-438B-A3AB-CC244C0558CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{202516AB-13AC-433C-9AB6-50949DADD039}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2F4CD372-8032-4263-9759-0DAF760856F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{375FF641-B899-48B4-ADF4-A2977C7686DF}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe | 
"{39491979-03E4-407B-A01D-6EC25F667145}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F47D0EB-4EC6-4D5C-A53C-D4292F05E934}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{540B2013-DC96-4598-96E1-7886086BDC4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{64E1E002-F805-468B-9B42-A7C8047CAF9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{68D6344F-045D-4910-BD4F-C1D67D6BA4BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{728144B7-72A0-42D9-A2E1-80D6701512FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73F53992-80C5-4A96-B8D0-D67335615BA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{789BB646-9D71-42A6-8459-B42909290B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{78DBF5AF-970F-4BD9-B874-AC87328AAD6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F724D59-1A20-463A-9F66-40035126BE33}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{96D7BE01-7606-47DE-8B27-B6CEC01133B5}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe | 
"{9A41EB7A-4F64-4013-BBCC-869D9CE0A76B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9F58836A-B1B8-475B-8A84-65DDC76C9D6F}" = protocol=6 | dir=out | app=system | 
"{B10179A7-98BF-4504-923A-DC91DE4A8703}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe | 
"{C0D4267D-402C-49ED-8C64-F2C6FD2F732B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CA62CC46-E0A8-4853-8D62-17C5A2B47740}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D07AD168-F048-4E93-825B-FA5E1150DF04}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{E12C3411-B10F-443D-943E-8792766DA3D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3211EA6-EE62-4DEE-9269-2F15EA0EC47E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{E5774317-F0C9-4D71-B95C-B0F76553BF1E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{ECCAFCDB-E8D5-40BC-9E38-C3E897929D18}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F80C1329-7877-4CBF-93E4-C6719DD17C84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC6F2E95-F8CD-4925-B829-A483AA592860}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{8E1CE0D9-5702-488C-B63F-91FDD4F0BB6A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{B3A91FDE-2C15-4CC9-83AC-81BAC7FDBC5E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3E78C24C-11EE-4DF9-8085-8C12C3BD9CAA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{921EE986-821E-4103-A64B-DA0C3A106D38}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi-Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{2AB30FC1-9094-88DE-F76F-7BA690329B1D}" = ccc-utility64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3ADFDEB3-E659-E340-F3C5-33F237A807C5}" = ATI Catalyst Install Manager
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{627673ff-f4ea-43fd-893d-28fc6176fb2d}" = Gigaset QuickSync
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146)
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"70FAF0B3C6F143057FDFD46764A316A0A08A990E" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (01/26/2010 5.10.0.6034)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020)
"ATI Uninstaller" = ATI Uninstaller
"BBABA9FE13F046C64FAED28FC869D210D2BB7A08" = Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (01/26/2010 6.0.1.6034)
"C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6" = Windows-Treiberpaket - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002)
"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"Kyocera Product Library" = Kyocera Product Library
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"W7DevOR" =  Registry Patch to arrange icons in Device and Printers folder of Windows 7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C18D9B-3B61-6EAA-1F47-095B265A340D}" = CCC Help Russian
"{04EEBFD2-D1B7-B71B-34D3-48AC17FE58C6}" = CCC Help Hungarian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B3B35C8-5429-4A90-A447-D1B9ED499FE8}" = STEUEReasy 2011
"{142E95CC-EE6F-427F-DBD3-2A74347BC490}" = CCC Help Finnish
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2BC3066C-6522-8BFF-0010-205EF1B1F4CF}" = CCC Help Swedish
"{2D45FA3F-EDFA-7F3F-C3E3-4C2F99CF4878}" = CCC Help Chinese Standard
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33F43046-217B-8FE2-B6A8-00E80F0DE721}" = CCC Help French
"{353E97F1-DF93-4678-85B8-7B30138C21E7}" = STEUEReasy 2012
"{3B3B6E6A-31AA-2FFE-A986-22FD68D2B388}" = Catalyst Control Center Localization All
"{3D6C32FD-673E-3F32-BA03-C710C695D23C}" = CCC Help Chinese Traditional
"{422110B2-BE71-88F3-ECBB-7AEB5DC4AD9A}" = Catalyst Control Center Graphics Light
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband
"{44C38280-CD0D-00E7-2ABA-DD88EB67BF4E}" = CCC Help Polish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8BA45A-8545-4BF1-A757-C237674CF175}" = StarMoney 8.0 S-Edition
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D0EAA2D-8EE2-43AB-BE00-18A1D0A9281C}" = STEUEReasy 2013
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54E8A213-8C8D-5C6A-9A17-E2AA8A4B4AE1}" = CCC Help Korean
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{59CA8312-841C-45F0-A1CC-2A9DA1118DAE}" = P7S Viewer
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}" = True Image 2013
"{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible" = True Image 2013
"{644B0FE3-1E49-F195-E94C-FFA6C856CF6D}" = CCC Help Spanish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E32A17B-4BF9-AE7B-6213-02A5290D0148}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{744702BE-912F-AA8D-F2DA-289315CD674B}" = Catalyst Control Center Core Implementation
"{76CF34E5-2041-1F8E-A4F0-479D0A23ADF9}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79EE96DB-D2DE-C601-2E42-06DE30338545}" = CCC Help Italian
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E0560F6-425A-A1CE-6226-6F843CCA2E51}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9582ED80-CB4D-4350-BBB9-34CDBA20EED0}" = Steuer-Taxi 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96DF4640-C0B2-2994-FC5A-4C8CCD36461D}" = Catalyst Control Center Graphics Full Existing
"{99D421D6-3D74-9428-DCE8-9C049B7D5F9F}" = Catalyst Control Center InstallProxy
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{AFBC82E7-8FE1-1503-CD03-29162C955907}" = CCC Help Turkish
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BCF03B5E-E469-A3B8-91BD-20D4E6D14B6B}" = CCC Help Japanese
"{C28E9816-276D-FE9E-F717-747B52A5D42B}" = CCC Help Thai
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.0.1.7
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CD310B9F-8345-D567-C53B-38EEFD119CA3}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D61CF128-FA46-4830-9F93-92D742F8BE02}" = CCC Help German
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7359EC2-B1C9-D079-3DB4-C30E21B51465}" = CCC Help Norwegian
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4D15292-7CB1-B02B-7FC3-A0047C2E567D}" = CCC Help Dutch
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A347D9-BC91-116A-70A8-DC0D55E0E63F}" = Catalyst Control Center Graphics Full New
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F647E40C-DA6F-C9AD-A4BF-C8852026E365}" = CCC Help Portuguese
"{F6BCAAA0-3BDA-13BE-002C-2D7D04E63733}" = CCC Help Danish
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB90BC38-52E4-C701-578C-2B542FBEFEB1}" = CCC Help Czech
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenuEX" = Canon Solution Menu EX
"ElsterFormular" = ElsterFormular
"ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular-Upgrade
"Google Chrome" = Google Chrome
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Netzmanager" = Netzmanager
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2013 14:09:44 | Computer Name = Siegfried-THINK | Source = PerfNet | ID = 2004
Description = 
 
Error - 16.06.2013 14:41:22 | Computer Name = Siegfried-THINK | Source = Windows Backup | ID = 4103
Description = 
 
Error - 22.06.2013 05:41:12 | Computer Name = Siegfried-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000016ecf
ID
 des fehlerhaften Prozesses: 0x840  Startzeit der fehlerhaften Anwendung: 0x01ce6f2c3e4cef3f
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: df6da8bd-db1f-11e2-8906-60eb69df35ee
 
Error - 23.06.2013 18:06:23 | Computer Name = Siegfried-THINK | Source = Windows Backup | ID = 4103
Description = 
 
Error - 27.06.2013 09:49:53 | Computer Name = Siegfried-THINK | Source = PerfNet | ID = 2004
Description = 
 
Error - 28.06.2013 04:40:09 | Computer Name = Siegfried-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SAVAdminService.exe, Version: 10.2.4.7009,
 Zeitstempel: 0x50eff938  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00053dfe  ID des fehlerhaften
 Prozesses: 0x102c  Startzeit der fehlerhaften Anwendung: 0x01ce73da29eca01f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 56b27ac8-dfce-11e2-823d-60eb69df35ee
 
Error - 28.06.2013 09:20:40 | Computer Name = Siegfried-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: services.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc10e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000021cca
ID
 des fehlerhaften Prozesses: 0x394  Startzeit der fehlerhaften Anwendung: 0x01ce7401ff7ab574
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\services.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 86beb362-dff5-11e2-864b-60eb69df35ee
 
Error - 30.06.2013 05:18:43 | Computer Name = Siegfried-THINK | Source = Application Hang | ID = 1002
Description = Programm TrueImage.exe, Version 16.0.0.5551 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 1438    Startzeit: 01ce751d05a89432    Endzeit: 5    Anwendungspfad: C:\Program
 Files (x86)\Acronis\TrueImageHome\TrueImage.exe    Berichts-ID: faf9eda9-e165-11e2-a3fc-60eb69df35ee

 
Error - 30.06.2013 13:03:33 | Computer Name = Siegfried-THINK | Source = Windows Backup | ID = 4103
Description = 
 
Error - 02.07.2013 18:37:02 | Computer Name = Siegfried-THINK | Source = Windows Backup | ID = 4103
Description = 
 
Error - 02.07.2013 18:37:38 | Computer Name = Siegfried-THINK | Source = Windows Backup | ID = 4103
Description = 
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 26.06.2011 15:13:15 | Computer Name = Siegfried-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = Relevancy program timed out for message 'MCPToLTT_ROW': LTTCheck.exe
 
[ Media Center Events ]
Error - 17.11.2012 07:57:36 | Computer Name = Siegfried-THINK | Source = MCUpdate | ID = 0
Description = 12:57:34 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 05.01.2013 15:18:15 | Computer Name = Siegfried-THINK | Source = MCUpdate | ID = 0
Description = 20:18:15 - Fehler beim Herstellen der Internetverbindung.  20:18:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.01.2013 15:18:49 | Computer Name = Siegfried-THINK | Source = MCUpdate | ID = 0
Description = 20:18:44 - Fehler beim Herstellen der Internetverbindung.  20:18:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.01.2013 16:19:19 | Computer Name = Siegfried-THINK | Source = MCUpdate | ID = 0
Description = 21:19:19 - Fehler beim Herstellen der Internetverbindung.  21:19:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.01.2013 16:19:49 | Computer Name = Siegfried-THINK | Source = MCUpdate | ID = 0
Description = 21:19:48 - Fehler beim Herstellen der Internetverbindung.  21:19:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 03.07.2013 06:12:32 | Computer Name = Siegfried-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 03.07.2013 09:11:08 | Computer Name = Siegfried-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 03.07.2013 12:22:03 | Computer Name = Siegfried-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 03.07.2013 18:07:39 | Computer Name = Siegfried-THINK | Source = DCOM | ID = 10010
Description = 
 
Error - 04.07.2013 04:16:17 | Computer Name = Siegfried-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 04.07.2013 17:52:32 | Computer Name = Siegfried-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 05.07.2013 04:11:36 | Computer Name = Siegfried-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
Error - 05.07.2013 04:31:39 | Computer Name = Siegfried-THINK | Source = SCardSvr | ID = 610
Description = 
 
Error - 05.07.2013 05:30:25 | Computer Name = Siegfried-THINK | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\System32\IWMSSvc.dll  Fehlercode: 87  
 
Error - 05.07.2013 05:32:09 | Computer Name = Siegfried-THINK | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde nicht richtig gestartet.
 
 
< End of report >
         
--- --- ---
__________________

Alt 05.07.2013, 14:19   #4
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.07.2013, 10:46   #5
Serafim
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hallo,

hier ist der Inhalt von TDSSKiller:

Code:
ATTFilter
11:41:31.0153 5536  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:41:31.0393 5536  ============================================================
11:41:31.0393 5536  Current date / time: 2013/07/09 11:41:31.0393
11:41:31.0393 5536  SystemInfo:
11:41:31.0393 5536  
11:41:31.0393 5536  OS Version: 6.1.7601 ServicePack: 1.0
11:41:31.0393 5536  Product type: Workstation
11:41:31.0393 5536  ComputerName: SIEGFRIED-THINK
11:41:31.0393 5536  UserName: Siegfried
11:41:31.0393 5536  Windows directory: C:\Windows
11:41:31.0393 5536  System windows directory: C:\Windows
11:41:31.0393 5536  Running under WOW64
11:41:31.0393 5536  Processor architecture: Intel x64
11:41:31.0393 5536  Number of processors: 4
11:41:31.0393 5536  Page size: 0x1000
11:41:31.0393 5536  Boot type: Normal boot
11:41:31.0393 5536  ============================================================
11:41:32.0246 5536  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:41:32.0249 5536  ============================================================
11:41:32.0250 5536  \Device\Harddisk0\DR0:
11:41:32.0250 5536  MBR partitions:
11:41:32.0250 5536  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
11:41:32.0250 5536  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x201DEFF8
11:41:32.0272 5536  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x20437E60, BlocksNum 0xC624C03
11:41:32.0272 5536  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2CA5CA63, BlocksNum 0x1388B3B
11:41:32.0272 5536  ============================================================
11:41:32.0310 5536  C: <-> \Device\Harddisk0\DR0\Partition2
11:41:32.0333 5536  D: <-> \Device\Harddisk0\DR0\Partition3
11:41:32.0379 5536  Q: <-> \Device\Harddisk0\DR0\Partition4
11:41:32.0379 5536  ============================================================
11:41:32.0379 5536  Initialize success
11:41:32.0379 5536  ============================================================
11:41:47.0163 4176  ============================================================
11:41:47.0163 4176  Scan started
11:41:47.0163 4176  Mode: Manual; SigCheck; TDLFS; 
11:41:47.0163 4176  ============================================================
11:41:47.0351 4176  ================ Scan system memory ========================
11:41:47.0351 4176  System memory - ok
11:41:47.0352 4176  ================ Scan services =============================
11:41:47.0539 4176  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:41:47.0625 4176  1394ohci - ok
11:41:47.0694 4176  [ 0FC813D822BFC06169CE4E0D00669021 ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
11:41:47.0743 4176  5U877 - ok
11:41:47.0880 4176  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
11:41:47.0889 4176  AAV UpdateService - ok
11:41:47.0951 4176  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:41:47.0964 4176  ACPI - ok
11:41:48.0012 4176  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:41:48.0082 4176  AcpiPmi - ok
11:41:48.0284 4176  [ 5C612044C7C9786D49C6BEC1BED33232 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
11:41:48.0306 4176  AcrSch2Svc - ok
11:41:48.0424 4176  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:41:48.0432 4176  AdobeARMservice - ok
11:41:48.0604 4176  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:41:48.0646 4176  AdobeFlashPlayerUpdateSvc - ok
11:41:48.0715 4176  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:41:48.0767 4176  adp94xx - ok
11:41:48.0816 4176  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:41:48.0848 4176  adpahci - ok
11:41:48.0886 4176  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:41:48.0915 4176  adpu320 - ok
11:41:48.0965 4176  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:41:48.0998 4176  AeLookupSvc - ok
11:41:49.0053 4176  [ ABCF9C80EAACE03021BB7F450EB8993F ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
11:41:49.0067 4176  afcdp - ok
11:41:49.0152 4176  [ 1AEA25F70F12ABB494A4E35E1D717414 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
11:41:49.0223 4176  afcdpsrv - ok
11:41:49.0299 4176  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:41:49.0385 4176  AFD - ok
11:41:49.0431 4176  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:41:49.0454 4176  agp440 - ok
11:41:49.0477 4176  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:41:49.0567 4176  ALG - ok
11:41:49.0595 4176  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:41:49.0617 4176  aliide - ok
11:41:49.0648 4176  [ 8F6C0FF277DBFE5EBED24E3543DA7BFA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:41:49.0694 4176  AMD External Events Utility - ok
11:41:49.0709 4176  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:41:49.0735 4176  amdide - ok
11:41:49.0779 4176  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:41:49.0824 4176  AmdK8 - ok
11:41:49.0970 4176  [ 9673319070166E26660EBA4EDF316FA2 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
11:41:50.0174 4176  amdkmdag - ok
11:41:50.0220 4176  [ 430D06D63952848E64CBBF23B5C1479E ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:41:50.0263 4176  amdkmdap - ok
11:41:50.0289 4176  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:41:50.0335 4176  AmdPPM - ok
11:41:50.0389 4176  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:41:50.0415 4176  amdsata - ok
11:41:50.0459 4176  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:41:50.0484 4176  amdsbs - ok
11:41:50.0495 4176  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:41:50.0504 4176  amdxata - ok
11:41:50.0554 4176  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:41:50.0623 4176  AppID - ok
11:41:50.0667 4176  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:41:50.0742 4176  AppIDSvc - ok
11:41:50.0804 4176  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
11:41:50.0848 4176  Appinfo - ok
11:41:50.0893 4176  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:41:50.0952 4176  AppMgmt - ok
11:41:50.0994 4176  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:41:51.0015 4176  arc - ok
11:41:51.0023 4176  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:41:51.0047 4176  arcsas - ok
11:41:51.0075 4176  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:41:51.0158 4176  AsyncMac - ok
11:41:51.0185 4176  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:41:51.0194 4176  atapi - ok
11:41:51.0334 4176  [ 9673319070166E26660EBA4EDF316FA2 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:41:51.0531 4176  atikmdag - ok
11:41:51.0587 4176  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:41:51.0658 4176  AudioEndpointBuilder - ok
11:41:51.0687 4176  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:41:51.0726 4176  AudioSrv - ok
11:41:51.0768 4176  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:41:51.0859 4176  AxInstSV - ok
11:41:51.0907 4176  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
11:41:51.0979 4176  b06bdrv - ok
11:41:52.0026 4176  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:41:52.0092 4176  b57nd60a - ok
11:41:52.0228 4176  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
11:41:52.0239 4176  BBSvc - ok
11:41:52.0281 4176  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
11:41:52.0294 4176  BBUpdate - ok
11:41:52.0320 4176  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:41:52.0386 4176  BDESVC - ok
11:41:52.0441 4176  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:41:52.0513 4176  Beep - ok
11:41:52.0590 4176  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:41:52.0653 4176  BFE - ok
11:41:52.0710 4176  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:41:52.0781 4176  BITS - ok
11:41:52.0830 4176  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:41:52.0872 4176  blbdrive - ok
11:41:52.0907 4176  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:41:52.0932 4176  bowser - ok
11:41:52.0965 4176  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:41:53.0051 4176  BrFiltLo - ok
11:41:53.0078 4176  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:41:53.0100 4176  BrFiltUp - ok
11:41:53.0137 4176  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
11:41:53.0194 4176  Browser - ok
11:41:53.0206 4176  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:41:53.0303 4176  Brserid - ok
11:41:53.0316 4176  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:41:53.0390 4176  BrSerWdm - ok
11:41:53.0443 4176  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:41:53.0484 4176  BrUsbMdm - ok
11:41:53.0488 4176  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:41:53.0525 4176  BrUsbSer - ok
11:41:53.0586 4176  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:41:53.0681 4176  BthEnum - ok
11:41:53.0717 4176  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:41:53.0760 4176  BTHMODEM - ok
11:41:53.0782 4176  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:41:53.0826 4176  BthPan - ok
11:41:53.0888 4176  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:41:53.0981 4176  BTHPORT - ok
11:41:54.0013 4176  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:41:54.0082 4176  bthserv - ok
11:41:54.0109 4176  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:41:54.0149 4176  BTHUSB - ok
11:41:54.0186 4176  [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
11:41:54.0208 4176  btusbflt - ok
11:41:54.0263 4176  [ A72A9101F9730DB7332714E566614E4D ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:41:54.0284 4176  btwaudio - ok
11:41:54.0309 4176  [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
11:41:54.0330 4176  btwavdt - ok
11:41:54.0369 4176  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:41:54.0386 4176  btwl2cap - ok
11:41:54.0414 4176  [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:41:54.0433 4176  btwrchid - ok
11:41:54.0481 4176  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:41:54.0528 4176  cdfs - ok
11:41:54.0582 4176  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
11:41:54.0628 4176  cdrom - ok
11:41:54.0686 4176  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:41:54.0742 4176  CertPropSvc - ok
11:41:54.0766 4176  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:41:54.0809 4176  circlass - ok
11:41:54.0933 4176  [ ED81E81752CA817AFA740C14AD05BC6C ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
11:41:54.0947 4176  cjpcsc - ok
11:41:54.0988 4176  [ 06E1F5228399FC49A8D026DA38DB6784 ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
11:41:55.0007 4176  cjusb - ok
11:41:55.0041 4176  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:41:55.0058 4176  CLFS - ok
11:41:55.0122 4176  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:41:55.0183 4176  clr_optimization_v2.0.50727_32 - ok
11:41:55.0236 4176  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:41:55.0266 4176  clr_optimization_v2.0.50727_64 - ok
11:41:55.0326 4176  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:41:55.0335 4176  clr_optimization_v4.0.30319_32 - ok
11:41:55.0355 4176  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:41:55.0364 4176  clr_optimization_v4.0.30319_64 - ok
11:41:55.0393 4176  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:41:55.0429 4176  CmBatt - ok
11:41:55.0444 4176  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:41:55.0468 4176  cmdide - ok
11:41:55.0508 4176  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
11:41:55.0529 4176  CNG - ok
11:41:55.0549 4176  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:41:55.0558 4176  Compbatt - ok
11:41:55.0596 4176  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:41:55.0634 4176  CompositeBus - ok
11:41:55.0651 4176  COMSysApp - ok
11:41:55.0667 4176  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:41:55.0688 4176  crcdisk - ok
11:41:55.0737 4176  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:41:55.0775 4176  CryptSvc - ok
11:41:55.0807 4176  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
11:41:55.0876 4176  CSC - ok
11:41:55.0925 4176  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
11:41:55.0955 4176  CscService - ok
11:41:56.0016 4176  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:41:56.0076 4176  DcomLaunch - ok
11:41:56.0132 4176  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:41:56.0219 4176  defragsvc - ok
11:41:56.0267 4176  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:41:56.0326 4176  DfsC - ok
11:41:56.0390 4176  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:41:56.0444 4176  Dhcp - ok
11:41:56.0468 4176  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:41:56.0534 4176  discache - ok
11:41:56.0577 4176  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:41:56.0587 4176  Disk - ok
11:41:56.0616 4176  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:41:56.0669 4176  Dnscache - ok
11:41:56.0711 4176  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:41:56.0784 4176  dot3svc - ok
11:41:56.0817 4176  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:41:56.0878 4176  DPS - ok
11:41:56.0923 4176  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:41:56.0961 4176  drmkaud - ok
11:41:57.0010 4176  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:41:57.0053 4176  DXGKrnl - ok
11:41:57.0089 4176  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:41:57.0139 4176  EapHost - ok
11:41:57.0215 4176  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
11:41:57.0357 4176  ebdrv - ok
11:41:57.0391 4176  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:41:57.0402 4176  EFS - ok
11:41:57.0497 4176  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:41:57.0612 4176  ehRecvr - ok
11:41:57.0647 4176  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:41:57.0684 4176  ehSched - ok
11:41:57.0738 4176  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:41:57.0790 4176  elxstor - ok
11:41:57.0814 4176  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:41:57.0869 4176  ErrDev - ok
11:41:57.0898 4176  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:41:57.0953 4176  EventSystem - ok
11:41:58.0059 4176  [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:41:58.0086 4176  EvtEng - ok
11:41:58.0117 4176  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:41:58.0186 4176  exfat - ok
11:41:58.0213 4176  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:41:58.0287 4176  fastfat - ok
11:41:58.0341 4176  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:41:58.0401 4176  Fax - ok
11:41:58.0430 4176  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:41:58.0475 4176  fdc - ok
11:41:58.0510 4176  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:41:58.0560 4176  fdPHost - ok
11:41:58.0581 4176  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:41:58.0640 4176  FDResPub - ok
11:41:58.0667 4176  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:41:58.0677 4176  FileInfo - ok
11:41:58.0687 4176  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:41:58.0759 4176  Filetrace - ok
11:41:58.0780 4176  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:41:58.0801 4176  flpydisk - ok
11:41:58.0843 4176  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:41:58.0857 4176  FltMgr - ok
11:41:58.0939 4176  [ F0CC1A9106F9FB0F704F6ED95622B43E ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
11:41:58.0948 4176  fltsrv - ok
11:41:58.0999 4176  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
11:41:59.0041 4176  FontCache - ok
11:41:59.0081 4176  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:41:59.0088 4176  FontCache3.0.0.0 - ok
11:41:59.0124 4176  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:41:59.0145 4176  FsDepends - ok
11:41:59.0182 4176  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:41:59.0191 4176  Fs_Rec - ok
11:41:59.0256 4176  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:41:59.0272 4176  fvevol - ok
11:41:59.0332 4176  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:41:59.0353 4176  gagp30kx - ok
11:41:59.0417 4176  [ B93252C4C5A3733ECD5522CAF88DE02D ] GigasetGenericUSB_x64 C:\Windows\system32\DRIVERS\GigasetGenericUSB_x64.sys
11:41:59.0456 4176  GigasetGenericUSB_x64 - ok
11:41:59.0497 4176  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:41:59.0537 4176  gpsvc - ok
11:41:59.0722 4176  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:41:59.0730 4176  gupdate - ok
11:41:59.0766 4176  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:41:59.0776 4176  gupdatem - ok
11:41:59.0802 4176  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:41:59.0860 4176  hcw85cir - ok
11:41:59.0896 4176  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:41:59.0949 4176  HdAudAddService - ok
11:41:59.0979 4176  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:42:00.0010 4176  HDAudBus - ok
11:42:00.0044 4176  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
11:42:00.0063 4176  HECIx64 - ok
11:42:00.0082 4176  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:42:00.0118 4176  HidBatt - ok
11:42:00.0142 4176  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:42:00.0180 4176  HidBth - ok
11:42:00.0201 4176  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:42:00.0249 4176  HidIr - ok
11:42:00.0272 4176  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:42:00.0326 4176  hidserv - ok
11:42:00.0369 4176  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
11:42:00.0392 4176  HidUsb - ok
11:42:00.0423 4176  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:42:00.0527 4176  hkmsvc - ok
11:42:00.0567 4176  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:42:00.0655 4176  HomeGroupListener - ok
11:42:00.0688 4176  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:42:00.0719 4176  HomeGroupProvider - ok
11:42:00.0777 4176  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:42:00.0801 4176  HpSAMD - ok
11:42:00.0851 4176  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:42:00.0913 4176  HTTP - ok
11:42:00.0950 4176  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:42:00.0962 4176  hwpolicy - ok
11:42:01.0037 4176  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:42:01.0061 4176  i8042prt - ok
11:42:01.0132 4176  [ 85977CD13FC16069CE0AF7943A811775 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:42:01.0146 4176  iaStor - ok
11:42:01.0183 4176  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:42:01.0224 4176  iaStorV - ok
11:42:01.0255 4176  [ 3761FAB385F1C2F51B2FAD48CFABBE9D ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
11:42:01.0273 4176  IBMPMDRV - ok
11:42:01.0282 4176  [ FC22310F3862E2C7C8722EF4778D5CC3 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
11:42:01.0291 4176  IBMPMSVC - ok
11:42:01.0339 4176  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:42:01.0465 4176  idsvc - ok
11:42:01.0603 4176  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:42:01.0827 4176  igfx - ok
11:42:01.0851 4176  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:42:01.0872 4176  iirsp - ok
11:42:01.0981 4176  [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
11:42:02.0005 4176  IJPLMSVC - ok
11:42:02.0056 4176  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:42:02.0174 4176  IKEEXT - ok
11:42:02.0210 4176  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
11:42:02.0254 4176  Impcd - ok
11:42:02.0364 4176  [ 1C11E5D258BC374E7FBD598D75E49B75 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:42:02.0438 4176  IntcAzAudAddService - ok
11:42:02.0456 4176  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:42:02.0480 4176  intelide - ok
11:42:02.0514 4176  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:42:02.0546 4176  intelppm - ok
11:42:02.0595 4176  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:42:02.0629 4176  IPBusEnum - ok
11:42:02.0658 4176  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:02.0731 4176  IpFilterDriver - ok
11:42:02.0778 4176  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:42:02.0808 4176  iphlpsvc - ok
11:42:02.0837 4176  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:42:02.0881 4176  IPMIDRV - ok
11:42:02.0912 4176  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:42:02.0988 4176  IPNAT - ok
11:42:03.0049 4176  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:42:03.0095 4176  IRENUM - ok
11:42:03.0156 4176  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:42:03.0178 4176  isapnp - ok
11:42:03.0228 4176  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:42:03.0275 4176  iScsiPrt - ok
11:42:03.0361 4176  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:42:03.0369 4176  IviRegMgr - ok
11:42:03.0392 4176  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
11:42:03.0414 4176  kbdclass - ok
11:42:03.0478 4176  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:42:03.0500 4176  kbdhid - ok
11:42:03.0524 4176  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:42:03.0535 4176  KeyIso - ok
11:42:03.0605 4176  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:42:03.0614 4176  KSecDD - ok
11:42:03.0652 4176  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:42:03.0665 4176  KSecPkg - ok
11:42:03.0726 4176  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:42:03.0788 4176  ksthunk - ok
11:42:03.0840 4176  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:42:03.0906 4176  KtmRm - ok
11:42:03.0979 4176  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:42:04.0032 4176  LanmanServer - ok
11:42:04.0080 4176  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:42:04.0129 4176  LanmanWorkstation - ok
11:42:04.0208 4176  [ 70481DABD9ADAB51A6933C5893B82925 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
11:42:04.0214 4176  LENOVO.CAMMUTE - ok
11:42:04.0264 4176  [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:42:04.0270 4176  LENOVO.MICMUTE - ok
11:42:04.0278 4176  [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
11:42:04.0296 4176  lenovo.smi - ok
11:42:04.0306 4176  [ D0DAF6A22037F6DEE706A095C647AA41 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
11:42:04.0313 4176  LENOVO.TPKNRSVC - ok
11:42:04.0324 4176  [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
11:42:04.0331 4176  Lenovo.VIRTSCRLSVC - ok
11:42:04.0381 4176  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:42:04.0431 4176  lltdio - ok
11:42:04.0465 4176  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:42:04.0580 4176  lltdsvc - ok
11:42:04.0597 4176  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:42:04.0642 4176  lmhosts - ok
11:42:04.0702 4176  [ 5460828F8951D310B42B442877603B8D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:42:04.0713 4176  LMS - ok
11:42:04.0739 4176  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:42:04.0760 4176  LSI_FC - ok
11:42:04.0777 4176  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:42:04.0799 4176  LSI_SAS - ok
11:42:04.0811 4176  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:42:04.0835 4176  LSI_SAS2 - ok
11:42:04.0853 4176  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:42:04.0876 4176  LSI_SCSI - ok
11:42:04.0906 4176  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:42:04.0965 4176  luafv - ok
11:42:05.0099 4176  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
11:42:05.0162 4176  McComponentHostService - ok
11:42:05.0217 4176  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:42:05.0281 4176  Mcx2Svc - ok
11:42:05.0316 4176  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:42:05.0337 4176  megasas - ok
11:42:05.0356 4176  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:42:05.0399 4176  MegaSR - ok
11:42:05.0425 4176  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:42:05.0483 4176  MMCSS - ok
11:42:05.0501 4176  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:42:05.0561 4176  Modem - ok
11:42:05.0603 4176  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:42:05.0631 4176  monitor - ok
11:42:05.0677 4176  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
11:42:05.0697 4176  mouclass - ok
11:42:05.0731 4176  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:42:05.0767 4176  mouhid - ok
11:42:05.0806 4176  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:42:05.0819 4176  mountmgr - ok
11:42:05.0892 4176  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:42:05.0926 4176  MozillaMaintenance - ok
11:42:05.0963 4176  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:42:05.0997 4176  mpio - ok
11:42:06.0007 4176  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:42:06.0042 4176  mpsdrv - ok
11:42:06.0087 4176  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:42:06.0144 4176  MpsSvc - ok
11:42:06.0201 4176  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:42:06.0245 4176  MRxDAV - ok
11:42:06.0282 4176  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:06.0312 4176  mrxsmb - ok
11:42:06.0340 4176  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:06.0354 4176  mrxsmb10 - ok
11:42:06.0364 4176  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:06.0396 4176  mrxsmb20 - ok
11:42:06.0432 4176  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:42:06.0441 4176  msahci - ok
11:42:06.0454 4176  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:42:06.0483 4176  msdsm - ok
11:42:06.0495 4176  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:42:06.0550 4176  MSDTC - ok
11:42:06.0589 4176  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:42:06.0632 4176  Msfs - ok
11:42:06.0642 4176  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:42:06.0706 4176  mshidkmdf - ok
11:42:06.0732 4176  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:42:06.0743 4176  msisadrv - ok
11:42:06.0782 4176  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:42:06.0871 4176  MSiSCSI - ok
11:42:06.0874 4176  msiserver - ok
11:42:06.0899 4176  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:42:06.0965 4176  MSKSSRV - ok
11:42:06.0998 4176  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:42:07.0051 4176  MSPCLOCK - ok
11:42:07.0071 4176  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:42:07.0133 4176  MSPQM - ok
11:42:07.0189 4176  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:42:07.0202 4176  MsRPC - ok
11:42:07.0242 4176  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:42:07.0251 4176  mssmbios - ok
11:42:07.0265 4176  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:42:07.0332 4176  MSTEE - ok
11:42:07.0351 4176  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:42:07.0371 4176  MTConfig - ok
11:42:07.0408 4176  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:42:07.0420 4176  Mup - ok
11:42:07.0455 4176  [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:42:07.0514 4176  MyWiFiDHCPDNS - ok
11:42:07.0553 4176  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:42:07.0622 4176  napagent - ok
11:42:07.0672 4176  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:42:07.0720 4176  NativeWifiP - ok
11:42:07.0794 4176  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:42:07.0817 4176  NDIS - ok
11:42:07.0844 4176  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:42:07.0892 4176  NdisCap - ok
11:42:07.0923 4176  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:42:07.0998 4176  NdisTapi - ok
11:42:08.0053 4176  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:42:08.0118 4176  Ndisuio - ok
11:42:08.0154 4176  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:42:08.0245 4176  NdisWan - ok
11:42:08.0288 4176  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:42:08.0344 4176  NDProxy - ok
11:42:08.0360 4176  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:42:08.0428 4176  NetBIOS - ok
11:42:08.0473 4176  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:42:08.0571 4176  NetBT - ok
11:42:08.0597 4176  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:42:08.0609 4176  Netlogon - ok
11:42:08.0666 4176  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:42:08.0721 4176  Netman - ok
11:42:08.0729 4176  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:42:08.0776 4176  netprofm - ok
11:42:08.0812 4176  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:42:08.0908 4176  NetTcpPortSharing - ok
11:42:09.0061 4176  [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
11:42:09.0323 4176  NETw5s64 - ok
11:42:09.0463 4176  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
11:42:09.0662 4176  netw5v64 - ok
11:42:09.0863 4176  [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service C:\Users\Siegfried\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
11:42:09.0955 4176  Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
11:42:09.0956 4176  Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
11:42:09.0981 4176  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:42:10.0001 4176  nfrd960 - ok
11:42:10.0044 4176  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:42:10.0074 4176  NlaSvc - ok
11:42:10.0105 4176  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:42:10.0147 4176  Npfs - ok
11:42:10.0169 4176  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:42:10.0223 4176  nsi - ok
11:42:10.0245 4176  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:42:10.0311 4176  nsiproxy - ok
11:42:10.0382 4176  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:42:10.0418 4176  Ntfs - ok
11:42:10.0443 4176  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:42:10.0518 4176  Null - ok
11:42:10.0543 4176  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:42:10.0569 4176  nvraid - ok
11:42:10.0617 4176  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:42:10.0641 4176  nvstor - ok
11:42:10.0670 4176  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:42:10.0691 4176  nv_agp - ok
11:42:10.0718 4176  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:42:10.0738 4176  ohci1394 - ok
11:42:10.0761 4176  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:42:10.0825 4176  p2pimsvc - ok
11:42:10.0856 4176  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:42:10.0890 4176  p2psvc - ok
11:42:10.0916 4176  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:42:10.0939 4176  Parport - ok
11:42:10.0990 4176  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:42:11.0000 4176  partmgr - ok
11:42:11.0005 4176  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:42:11.0022 4176  PcaSvc - ok
11:42:11.0115 4176  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{127174DC-C366ED8B-06020200}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
11:42:11.0164 4176  PCDSRVC{127174DC-C366ED8B-06020200}_0 - ok
11:42:11.0203 4176  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:42:11.0214 4176  pci - ok
11:42:11.0245 4176  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:42:11.0269 4176  pciide - ok
11:42:11.0303 4176  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:42:11.0333 4176  pcmcia - ok
11:42:11.0353 4176  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:42:11.0363 4176  pcw - ok
11:42:11.0386 4176  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:42:11.0455 4176  PEAUTH - ok
11:42:11.0513 4176  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:42:11.0636 4176  PeerDistSvc - ok
11:42:11.0724 4176  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:42:11.0774 4176  PerfHost - ok
11:42:11.0847 4176  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:42:11.0977 4176  pla - ok
11:42:12.0032 4176  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:42:12.0092 4176  PlugPlay - ok
11:42:12.0111 4176  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:42:12.0145 4176  PNRPAutoReg - ok
11:42:12.0172 4176  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:42:12.0185 4176  PNRPsvc - ok
11:42:12.0221 4176  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:42:12.0286 4176  PolicyAgent - ok
11:42:12.0323 4176  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
11:42:12.0387 4176  Power - ok
11:42:12.0470 4176  [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
11:42:12.0492 4176  Power Manager DBC Service - ok
11:42:12.0544 4176  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:42:12.0594 4176  PptpMiniport - ok
11:42:12.0616 4176  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:42:12.0658 4176  Processor - ok
11:42:12.0699 4176  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:42:12.0749 4176  ProfSvc - ok
11:42:12.0764 4176  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:42:12.0773 4176  ProtectedStorage - ok
11:42:12.0794 4176  [ 515A7C5A0886FCC60901916785EFD549 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
11:42:12.0811 4176  psadd - ok
11:42:12.0858 4176  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:42:12.0907 4176  Psched - ok
11:42:12.0970 4176  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:42:13.0121 4176  ql2300 - ok
11:42:13.0157 4176  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:42:13.0180 4176  ql40xx - ok
11:42:13.0226 4176  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:42:13.0267 4176  QWAVE - ok
11:42:13.0284 4176  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:42:13.0315 4176  QWAVEdrv - ok
11:42:13.0350 4176  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:42:13.0415 4176  RasAcd - ok
11:42:13.0447 4176  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:42:13.0495 4176  RasAgileVpn - ok
11:42:13.0500 4176  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:42:13.0604 4176  RasAuto - ok
11:42:13.0660 4176  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:42:13.0735 4176  Rasl2tp - ok
11:42:13.0780 4176  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:42:13.0833 4176  RasMan - ok
11:42:13.0864 4176  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:42:13.0925 4176  RasPppoe - ok
11:42:13.0943 4176  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:42:14.0010 4176  RasSstp - ok
11:42:14.0037 4176  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:42:14.0128 4176  rdbss - ok
11:42:14.0155 4176  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:42:14.0202 4176  rdpbus - ok
11:42:14.0225 4176  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:42:14.0296 4176  RDPCDD - ok
11:42:14.0342 4176  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:42:14.0409 4176  RDPDR - ok
11:42:14.0430 4176  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:42:14.0499 4176  RDPENCDD - ok
11:42:14.0521 4176  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:42:14.0567 4176  RDPREFMP - ok
11:42:14.0599 4176  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:42:14.0644 4176  RDPWD - ok
11:42:14.0664 4176  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:42:14.0678 4176  rdyboost - ok
11:42:14.0753 4176  [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:42:14.0771 4176  RegSrvc - ok
11:42:14.0798 4176  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:42:14.0869 4176  RemoteAccess - ok
11:42:14.0910 4176  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:42:14.0999 4176  RemoteRegistry - ok
11:42:15.0054 4176  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:42:15.0103 4176  RFCOMM - ok
11:42:15.0107 4176  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:42:15.0163 4176  RpcEptMapper - ok
11:42:15.0207 4176  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:42:15.0463 4176  RpcLocator - ok
11:42:15.0512 4176  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:42:15.0556 4176  RpcSs - ok
11:42:15.0600 4176  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:42:15.0653 4176  rspndr - ok
11:42:15.0733 4176  [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
11:42:15.0758 4176  RSUSBSTOR - ok
11:42:15.0931 4176  [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
11:42:15.0953 4176  RTHDMIAzAudService - ok
11:42:16.0043 4176  [ 24452CCCC3808B5AB0341A384BB72200 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
11:42:16.0067 4176  RtkAudioService - ok
11:42:16.0269 4176  [ 5B04929EF24F87E239B880FAAE410E3A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:42:16.0342 4176  RTL8167 - ok
11:42:16.0391 4176  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:42:16.0470 4176  s3cap - ok
11:42:16.0487 4176  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:42:16.0499 4176  SamSs - ok
11:42:16.0621 4176  [ 07310DF9FD1A62790B5A011048D8E121 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
11:42:16.0631 4176  SAVAdminService - ok
11:42:16.0695 4176  [ C3999EF390EB460A636E9FFBA040BF8A ] SAVOnAccess     C:\Windows\system32\DRIVERS\savonaccess.sys
11:42:16.0716 4176  SAVOnAccess - ok
11:42:16.0775 4176  [ D31E18B53B0E52C234568BB61EEC7940 ] SAVService      C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
11:42:16.0783 4176  SAVService - ok
11:42:16.0818 4176  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:42:16.0840 4176  sbp2port - ok
11:42:16.0889 4176  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:42:16.0924 4176  SCardSvr - ok
11:42:16.0964 4176  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:42:17.0048 4176  scfilter - ok
11:42:17.0105 4176  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:42:17.0160 4176  Schedule - ok
11:42:17.0193 4176  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:42:17.0225 4176  SCPolicySvc - ok
11:42:17.0305 4176  [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
11:42:17.0328 4176  ScrybeUpdater - ok
11:42:17.0370 4176  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
11:42:17.0411 4176  sdbus - ok
11:42:17.0452 4176  [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter       C:\Windows\system32\DRIVERS\sdcfilter.sys
11:42:17.0470 4176  sdcfilter - ok
11:42:17.0537 4176  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:42:17.0594 4176  SDRSVC - ok
11:42:17.0626 4176  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:42:17.0684 4176  secdrv - ok
11:42:17.0727 4176  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:42:17.0790 4176  seclogon - ok
11:42:17.0826 4176  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:42:17.0860 4176  SENS - ok
11:42:17.0870 4176  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:42:17.0914 4176  SensrSvc - ok
11:42:17.0941 4176  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:42:17.0962 4176  Serenum - ok
11:42:17.0974 4176  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:42:17.0996 4176  Serial - ok
11:42:18.0028 4176  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:42:18.0048 4176  sermouse - ok
11:42:18.0084 4176  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:42:18.0153 4176  SessionEnv - ok
11:42:18.0192 4176  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:42:18.0228 4176  sffdisk - ok
11:42:18.0254 4176  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:42:18.0294 4176  sffp_mmc - ok
11:42:18.0312 4176  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:42:18.0357 4176  sffp_sd - ok
11:42:18.0360 4176  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:42:18.0403 4176  sfloppy - ok
11:42:18.0451 4176  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:42:18.0818 4176  SharedAccess - ok
11:42:18.0874 4176  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:42:18.0934 4176  ShellHWDetection - ok
11:42:18.0989 4176  [ 380B52126E62C6C2D3C8BA805AADFDC7 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
11:42:18.0997 4176  Shockprf - ok
11:42:19.0023 4176  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:42:19.0043 4176  SiSRaid2 - ok
11:42:19.0082 4176  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:42:19.0105 4176  SiSRaid4 - ok
11:42:19.0147 4176  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:42:19.0194 4176  Smb - ok
11:42:19.0233 4176  [ FDB6E127DF739D4911319F0C8D339CAF ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
11:42:19.0247 4176  snapman - ok
11:42:19.0273 4176  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:42:19.0285 4176  SNMPTRAP - ok
11:42:19.0337 4176  [ 89F663C9ACA369C0E327C00D2C220AA9 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
11:42:19.0347 4176  Sophos AutoUpdate Service - ok
11:42:19.0424 4176  [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
11:42:19.0435 4176  Sophos Web Control Service - ok
11:42:19.0475 4176  [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
11:42:19.0494 4176  SophosBootDriver - ok
11:42:19.0532 4176  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:42:19.0544 4176  spldr - ok
11:42:19.0580 4176  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
11:42:19.0638 4176  Spooler - ok
11:42:19.0718 4176  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:42:19.0810 4176  sppsvc - ok
11:42:19.0845 4176  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:42:19.0916 4176  sppuinotify - ok
11:42:19.0964 4176  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:42:19.0998 4176  srv - ok
11:42:20.0008 4176  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:42:20.0047 4176  srv2 - ok
11:42:20.0089 4176  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:42:20.0126 4176  SrvHsfHDA - ok
11:42:20.0167 4176  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:42:20.0303 4176  SrvHsfV92 - ok
11:42:20.0337 4176  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:42:20.0383 4176  SrvHsfWinac - ok
11:42:20.0415 4176  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:42:20.0440 4176  srvnet - ok
11:42:20.0487 4176  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:42:20.0540 4176  SSDPSRV - ok
11:42:20.0566 4176  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:42:20.0607 4176  SstpSvc - ok
11:42:20.0733 4176  [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
11:42:20.0751 4176  StarMoney 8.0 OnlineUpdate - ok
11:42:20.0777 4176  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:42:20.0803 4176  stexstor - ok
11:42:20.0851 4176  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:42:20.0890 4176  stisvc - ok
11:42:20.0930 4176  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:42:20.0939 4176  storflt - ok
11:42:20.0972 4176  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
11:42:21.0027 4176  StorSvc - ok
11:42:21.0055 4176  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:42:21.0075 4176  storvsc - ok
11:42:21.0141 4176  [ 7F7958C5B40F9441D1E8D704310D46FF ] SUService       c:\Program Files (x86)\Lenovo\System Update\SUService.exe
11:42:21.0162 4176  SUService ( UnsignedFile.Multi.Generic ) - warning
11:42:21.0162 4176  SUService - detected UnsignedFile.Multi.Generic (1)
11:42:21.0202 4176  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:42:21.0221 4176  swenum - ok
11:42:21.0350 4176  [ FF4057FF51ED100C0003B2FE128C2194 ] swi_service     C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
11:42:21.0405 4176  swi_service - ok
11:42:21.0574 4176  [ 79FF2406BB7EB7DACB12EE3DBF8F91AE ] swi_update_64   C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
11:42:21.0699 4176  swi_update_64 - ok
11:42:21.0739 4176  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:42:21.0831 4176  swprv - ok
11:42:22.0048 4176  [ A214C8AA6A6C06C9DBAB1310E38DAB4A ] syncagentsrv    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
11:42:22.0154 4176  syncagentsrv - ok
11:42:22.0207 4176  [ 8DF6C536ECE3B538978B53C223AB905D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:42:22.0268 4176  SynTP - ok
11:42:22.0332 4176  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:42:22.0418 4176  SysMain - ok
11:42:22.0478 4176  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:42:22.0531 4176  TabletInputService - ok
11:42:22.0576 4176  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:42:22.0636 4176  TapiSrv - ok
11:42:22.0672 4176  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:42:22.0745 4176  TBS - ok
11:42:22.0823 4176  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:42:22.0859 4176  Tcpip - ok
11:42:22.0934 4176  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:42:22.0973 4176  TCPIP6 - ok
11:42:23.0016 4176  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:42:23.0047 4176  tcpipreg - ok
11:42:23.0089 4176  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:42:23.0122 4176  TDPIPE - ok
11:42:23.0183 4176  [ 843DAFC2CD4ED5D57FA40FD2000C6296 ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
11:42:23.0210 4176  tdrpman - ok
11:42:23.0244 4176  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:42:23.0282 4176  TDTCP - ok
11:42:23.0324 4176  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:42:23.0371 4176  tdx - ok
11:42:23.0490 4176  [ 4283D7125BA4BD0CB50BB0F78B54257A ] TelekomNM6      C:\Users\Siegfried\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
11:42:23.0500 4176  TelekomNM6 - ok
11:42:23.0538 4176  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:42:23.0559 4176  TermDD - ok
11:42:23.0600 4176  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:42:23.0709 4176  TermService - ok
11:42:23.0734 4176  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:42:23.0775 4176  Themes - ok
11:42:23.0810 4176  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:42:23.0849 4176  THREADORDER - ok
11:42:23.0899 4176  [ 31C9790525705B292F3B30F6676873CD ] tib_mounter     C:\Windows\system32\DRIVERS\tib_mounter.sys
11:42:23.0926 4176  tib_mounter - ok
11:42:23.0944 4176  [ 5523C729F1ED31B63C88490AF3D220FA ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
11:42:23.0951 4176  TPDIGIMN - ok
11:42:23.0980 4176  [ ECB098A3404ACB8A05F0673DC086BB43 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
11:42:24.0002 4176  TPHDEXLGSVC - ok
11:42:24.0063 4176  [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:42:24.0069 4176  TPHKSVC - ok
11:42:24.0103 4176  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
11:42:24.0165 4176  TPM - ok
11:42:24.0189 4176  [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
11:42:24.0206 4176  TPPWRIF - ok
11:42:24.0236 4176  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:42:24.0295 4176  TrkWks - ok
11:42:24.0349 4176  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
11:42:24.0372 4176  truecrypt - ok
11:42:24.0431 4176  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:42:24.0494 4176  TrustedInstaller - ok
11:42:24.0545 4176  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:42:24.0588 4176  tssecsrv - ok
11:42:24.0637 4176  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:42:24.0693 4176  TsUsbFlt - ok
11:42:24.0768 4176  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:42:24.0824 4176  tunnel - ok
11:42:24.0864 4176  [ 53FF5F00EAB07E329ABE48AE3DE4F5D7 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
11:42:24.0871 4176  TurboB - ok
11:42:24.0936 4176  [ B670DF651F00194434ADC6B326743709 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
11:42:24.0958 4176  TurboBoost - ok
11:42:25.0001 4176  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:42:25.0021 4176  uagp35 - ok
11:42:25.0066 4176  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:42:25.0116 4176  udfs - ok
11:42:25.0177 4176  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:42:25.0218 4176  UI0Detect - ok
11:42:25.0293 4176  [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
11:42:25.0319 4176  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
11:42:25.0319 4176  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
11:42:25.0347 4176  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:42:25.0369 4176  uliagpkx - ok
11:42:25.0418 4176  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:42:25.0490 4176  umbus - ok
11:42:25.0540 4176  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:42:25.0581 4176  UmPass - ok
11:42:25.0623 4176  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
11:42:25.0674 4176  UmRdpService - ok
11:42:25.0757 4176  [ 9E89C2D6945389270DE067CE51FF7425 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:42:25.0799 4176  UNS - ok
11:42:25.0828 4176  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:42:25.0881 4176  upnphost - ok
11:42:25.0924 4176  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:42:25.0962 4176  usbccgp - ok
11:42:26.0006 4176  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:42:26.0034 4176  usbcir - ok
11:42:26.0049 4176  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
11:42:26.0089 4176  usbehci - ok
11:42:26.0126 4176  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:42:26.0169 4176  usbhub - ok
11:42:26.0194 4176  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:42:26.0229 4176  usbohci - ok
11:42:26.0279 4176  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:42:26.0318 4176  usbprint - ok
11:42:26.0355 4176  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:42:26.0377 4176  usbscan - ok
11:42:26.0389 4176  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:42:26.0453 4176  USBSTOR - ok
11:42:26.0474 4176  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:42:26.0509 4176  usbuhci - ok
11:42:26.0566 4176  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:42:26.0593 4176  usbvideo - ok
11:42:26.0618 4176  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:42:26.0663 4176  UxSms - ok
11:42:26.0686 4176  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:42:26.0697 4176  VaultSvc - ok
11:42:26.0736 4176  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:42:26.0747 4176  vdrvroot - ok
11:42:26.0783 4176  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:42:26.0855 4176  vds - ok
11:42:26.0889 4176  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:42:26.0915 4176  vga - ok
11:42:26.0933 4176  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:42:27.0000 4176  VgaSave - ok
11:42:27.0039 4176  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:42:27.0084 4176  vhdmp - ok
11:42:27.0151 4176  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:42:27.0175 4176  viaide - ok
11:42:27.0212 4176  [ 927CBC96C4635F235301411E530FB56E ] vididr          C:\Windows\system32\DRIVERS\vididr.sys
11:42:27.0221 4176  vididr - ok
11:42:27.0243 4176  [ 88B4E5C396003BCF479CA4D9BE851D57 ] vidsflt         C:\Windows\system32\DRIVERS\vidsflt.sys
11:42:27.0253 4176  vidsflt - ok
11:42:27.0300 4176  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:42:27.0311 4176  vmbus - ok
11:42:27.0350 4176  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:42:27.0385 4176  VMBusHID - ok
11:42:27.0409 4176  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:42:27.0419 4176  volmgr - ok
11:42:27.0461 4176  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:42:27.0474 4176  volmgrx - ok
11:42:27.0489 4176  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:42:27.0503 4176  volsnap - ok
11:42:27.0541 4176  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:42:27.0570 4176  vsmraid - ok
11:42:27.0632 4176  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:42:27.0756 4176  VSS - ok
11:42:27.0779 4176  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:42:27.0828 4176  vwifibus - ok
11:42:27.0853 4176  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:42:27.0878 4176  vwififlt - ok
11:42:27.0907 4176  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
11:42:27.0943 4176  vwifimp - ok
11:42:27.0992 4176  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:42:28.0068 4176  W32Time - ok
11:42:28.0081 4176  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:42:28.0118 4176  WacomPen - ok
11:42:28.0180 4176  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:42:28.0240 4176  WANARP - ok
11:42:28.0264 4176  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:42:28.0296 4176  Wanarpv6 - ok
11:42:28.0352 4176  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:42:28.0578 4176  WatAdminSvc - ok
11:42:28.0635 4176  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:42:28.0729 4176  wbengine - ok
11:42:28.0760 4176  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:42:28.0793 4176  WbioSrvc - ok
11:42:28.0829 4176  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:42:28.0857 4176  wcncsvc - ok
11:42:28.0861 4176  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:42:28.0893 4176  WcsPlugInService - ok
11:42:28.0926 4176  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:42:28.0948 4176  Wd - ok
11:42:29.0022 4176  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:42:29.0043 4176  Wdf01000 - ok
11:42:29.0047 4176  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:42:29.0153 4176  WdiServiceHost - ok
11:42:29.0156 4176  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:42:29.0173 4176  WdiSystemHost - ok
11:42:29.0243 4176  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:42:29.0312 4176  WebClient - ok
11:42:29.0339 4176  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:42:29.0400 4176  Wecsvc - ok
11:42:29.0404 4176  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:42:29.0442 4176  wercplsupport - ok
11:42:29.0466 4176  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:42:29.0538 4176  WerSvc - ok
11:42:29.0579 4176  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:42:29.0624 4176  WfpLwf - ok
11:42:29.0639 4176  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:42:29.0658 4176  WIMMount - ok
11:42:29.0691 4176  WinDefend - ok
11:42:29.0710 4176  WinHttpAutoProxySvc - ok
11:42:29.0758 4176  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:42:29.0794 4176  Winmgmt - ok
11:42:29.0860 4176  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:42:30.0004 4176  WinRM - ok
11:42:30.0051 4176  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:42:30.0092 4176  Wlansvc - ok
11:42:30.0142 4176  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:42:30.0171 4176  wlcrasvc - ok
11:42:30.0280 4176  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:42:30.0321 4176  wlidsvc - ok
11:42:30.0376 4176  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:42:30.0415 4176  WmiAcpi - ok
11:42:30.0452 4176  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:42:30.0508 4176  wmiApSrv - ok
11:42:30.0547 4176  WMPNetworkSvc - ok
11:42:30.0568 4176  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:42:30.0598 4176  WPCSvc - ok
11:42:30.0632 4176  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:42:30.0645 4176  WPDBusEnum - ok
11:42:30.0660 4176  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:42:30.0721 4176  ws2ifsl - ok
11:42:30.0743 4176  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:42:30.0781 4176  wscsvc - ok
11:42:30.0785 4176  WSearch - ok
11:42:30.0854 4176  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:42:30.0899 4176  wuauserv - ok
11:42:30.0932 4176  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:42:31.0021 4176  WudfPf - ok
11:42:31.0040 4176  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:42:31.0080 4176  WUDFRd - ok
11:42:31.0106 4176  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:42:31.0151 4176  wudfsvc - ok
11:42:31.0195 4176  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:42:31.0261 4176  WwanSvc - ok
11:42:31.0318 4176  ================ Scan global ===============================
11:42:31.0339 4176  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:42:31.0390 4176  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:42:31.0412 4176  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:42:31.0435 4176  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:42:31.0467 4176  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:42:31.0470 4176  [Global] - ok
11:42:31.0470 4176  ================ Scan MBR ==================================
11:42:31.0486 4176  [ F2634EFAB9E22A7870007C2453CEFE38 ] \Device\Harddisk0\DR0
11:42:31.0946 4176  \Device\Harddisk0\DR0 - ok
11:42:31.0946 4176  ================ Scan VBR ==================================
11:42:31.0948 4176  [ 17C352BD5C69443640830BD4BF1FE56C ] \Device\Harddisk0\DR0\Partition1
11:42:31.0950 4176  \Device\Harddisk0\DR0\Partition1 - ok
11:42:31.0977 4176  [ C141221942BCF8B8EA3C276EC29F3CC6 ] \Device\Harddisk0\DR0\Partition2
11:42:31.0979 4176  \Device\Harddisk0\DR0\Partition2 - ok
11:42:31.0981 4176  [ 06A24F3ED535E000CE21C5696C150907 ] \Device\Harddisk0\DR0\Partition3
11:42:31.0983 4176  \Device\Harddisk0\DR0\Partition3 - ok
11:42:32.0006 4176  [ DD78A3FF984243D40B254D362C93A6CC ] \Device\Harddisk0\DR0\Partition4
11:42:32.0007 4176  \Device\Harddisk0\DR0\Partition4 - ok
11:42:32.0008 4176  ============================================================
11:42:32.0008 4176  Scan finished
11:42:32.0008 4176  ============================================================
11:42:32.0015 5780  Detected object count: 3
11:42:32.0015 5780  Actual detected object count: 3
11:44:55.0114 5780  Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:55.0114 5780  Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:55.0115 5780  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:55.0115 5780  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:44:55.0116 5780  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
11:44:55.0116 5780  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:45:23.0734 5960  Deinitialize success
         


Alt 09.07.2013, 10:50   #6
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Win32/Small.CA-Virus

Alt 09.07.2013, 12:57   #7
Serafim
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,

so... hier ist jetzt noch die combofix.txt

Code:
ATTFilter
ComboFix 13-07-09.01 - Siegfried 09.07.2013  13:18:39.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3957.1566 [GMT 2:00]
ausgeführt von:: c:\users\Siegfried\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\6189c538-c102-424b-b645-3fb824a63826.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
Q:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-09 bis 2013-07-09  ))))))))))))))))))))))))))))))
.
.
2013-07-09 11:32 . 2013-07-09 11:32	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2013-07-09 11:32 . 2013-07-09 11:32	--------	d-----w-	c:\users\Erika\AppData\Local\temp
2013-07-09 11:32 . 2013-07-09 11:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-09 11:18 . 2013-07-09 11:18	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCFA0057-3D32-4B95-A7A4-55AE60AC00B0}\offreg.dll
2013-07-09 07:22 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCFA0057-3D32-4B95-A7A4-55AE60AC00B0}\mpengine.dll
2013-07-05 11:11 . 2013-07-05 15:51	--------	d-----w-	c:\users\Siegfried\AppData\Roaming\TrueCrypt
2013-07-05 11:10 . 2013-07-05 11:10	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2013-07-05 11:10 . 2013-07-05 11:10	--------	d-----w-	c:\program files\TrueCrypt
2013-06-14 20:43 . 2013-06-08 12:28	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-14 20:43 . 2013-06-08 14:08	279040	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-06-14 20:43 . 2013-06-08 11:41	218112	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-14 20:43 . 2013-06-08 11:13	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-06-14 20:43 . 2013-06-08 14:08	1365504	----a-w-	c:\windows\system32\urlmon.dll
2013-06-14 20:43 . 2013-06-08 14:06	2648064	----a-w-	c:\windows\system32\iertutil.dll
2013-06-14 20:43 . 2013-06-08 14:06	526336	----a-w-	c:\windows\system32\ieui.dll
2013-06-14 20:42 . 2013-06-08 14:06	15404544	----a-w-	c:\windows\system32\ieframe.dll
2013-06-14 20:42 . 2013-06-08 14:07	19233792	----a-w-	c:\windows\system32\mshtml.dll
2013-06-12 09:11 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:05 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-06-12 09:05 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:33 . 2012-04-19 08:36	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 18:33 . 2011-05-14 16:03	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 10:00 . 2011-03-29 13:29	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-09 12:55 . 2010-06-24 10:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-03-29 13:02	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 10:04	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 10:04	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 10:04	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 10:04	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 10:04	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 10:04	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 21:49	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-02-14 929272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6049096]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943856]
.
c:\users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Netzmanager.lnk - c:\users\Siegfried\Netzmanager\netzmanager.exe /Autostart [2012-7-20 14134784]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-18 1083680]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys;c:\windows\SYSNATIVE\DRIVERS\cjusb.sys [x]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe;c:\windows\SysWOW64\cjpcsc.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\users\Siegfried\Netzmanager\NMInfraIS2\Netzmanager_Service.exe ;c:\users\Siegfried\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\users\Siegfried\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys;c:\users\Siegfried\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 14:25	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 18:33]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 21:17]
.
2013-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 21:17]
.
2013-06-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2013-06-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2013-07-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 02:51	2741024	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 02:51	2741024	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 02:51	2741024	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-15 11049576]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YYA^de&ptb=9724A557-6BF6-4DA9-B1EF-1977726E1F7B&si=swissconverter
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Siegfried\AppData\Roaming\Mozilla\Firefox\Profiles\9rsq7463.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9724A557-6BF6-4DA9-B1EF-1977726E1F7B&n=77fd044f&ind=2013070415&p2=^Y6^xdm043^YYA^de&si=swissconverter&searchfor=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk - c:\program files (x86)\ANYCOM\Blue USB-120-240\BTTray.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-09  13:51:13
ComboFix-quarantined-files.txt  2013-07-09 11:51
.
Vor Suchlauf: 11 Verzeichnis(se), 217.031.520.256 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 217.645.240.320 Bytes frei
.
- - End Of File - - 9236D79F570886FC92F48E61B3B7AA6A
D41D8CD98F00B204E9800998ECF8427E
         

Alt 09.07.2013, 13:01   #8
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,
1.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.


2.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.07.2013, 10:03   #9
Serafim
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,

hier die Logfile von Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Siegfried :: SIEGFRIED-THINK [Administrator]

Schutz: Aktiviert

09.07.2013 14:09:04
mbam-log-2013-07-09 (14-09-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 479712
Laufzeit: 1 Stunde(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und hier von ccleaner:

Code:
ATTFilter
AAVUpdateManager	Wolters Kluwer Deutschland GmbH	10.12.2011	32,0 MB	18.00.0000 notwendig
Access Help	Lenovo	03.03.2011		3.00 notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	12.06.2013	6,00 MB	11.7.700.224 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	12.06.2013	6,00 MB	11.7.700.224 notwendig
Adobe Reader X (10.1.7) - Deutsch	Adobe Systems Incorporated	15.05.2013	169 MB	10.1.7notwendig
Anzeige am Bildschirm		03.03.2011		6.10.00 notwendig
ATI Catalyst Install Manager	ATI Technologies, Inc.	03.03.2011	22,1 MB	3.0.762.0 notwendig
ATI Uninstaller	ATI Technologies, Inc.	03.03.2011		8.70-100113a-098836C-Lenovo notwendig
Bing Bar	Microsoft Corporation	26.04.2012	464 KB	7.1.361.0 unbekannt
Canon Inkjet Printer/Scanner/Fax Extended Survey Program		28.08.2011 notwendig		
Canon MP Navigator EX 4.0		28.08.2011		notwendig
Canon Solution Menu EX		28.08.2011		notwendig
CanoScan LiDE 210 Scanner Driver		28.08.2011	notwendig	
CCleaner	Piriform	19.06.2013		4.03 notwendig
Corel Burn.Now Lenovo Edition	Corel Corporation	03.03.2011	80,9 MB	4.5.0 notwendig
Corel DVD MovieFactory Lenovo Edition	Corel Corporation	03.03.2011	318 MB	7.0.0 notwendig
Create Recovery Media	Lenovo Group Limited	03.03.2011	9,50 MB	1.20.0.00 notwendig
cyberJack Base Components	REINER SCT	21.03.2013		6.10.0 notwendig
DriverTuner 3.1.0.0	LionSea SoftWare	13.11.2012	24,7 MB	3.1.0.0 notwendig
ElsterFormular	Landesfinanzdirektion Thüringen	31.05.2013	188 MB	14.3.11574 notwendig
Gigaset QuickSync	Gigaset Communications GmbH	06.01.2013	8,59 MB	8.0.0856.1 notwendig
Google Chrome	Google Inc.	22.04.2011		27.0.1453.116 notwendig
Google Earth	Google	27.03.2013	173 MB	7.0.3.8542 notwendig
Integrated Camera Driver Installer Package Ver.1.0.1.7	RICOH	03.03.2011		1.0.1.7 notwendig
Integrated Camera TWAIN	Chicony Electronics Co.,Ltd.	03.03.2011		1.0.8.601 notwendig
Intel(R) Management Engine Components	Intel Corporation	03.03.2011		6.0.0.1179 notwendig
Intel(R) PROSet/Wireless WiFi-Software	Intel Corporation	03.03.2011	132 MB	13.02.0000 notwendig
Intel(R) Turbo Boost Technology Driver	Intel Corporation	03.03.2011		01.00.01.1002 notwendig
InterVideo WinDVD 8	InterVideo Inc.	03.03.2011	163 MB	8.0.20.199 notwendig
Java(TM) 6 Update 17 (64-bit)	Sun Microsystems, Inc.	03.03.2011	90,8 MB	6.0.170 notwendig
Java(TM) 6 Update 22	Oracle	20.04.2011	97,0 MB	6.0.220 notwendig
Kyocera Product Library	Kyocera Mita Corporation	20.04.2011		2.0.0713 notwendig
Lenovo Auto Scroll Utility		03.03.2011		1.00 notwendig
Lenovo System Interface Driver		03.03.2011		1.02 notwendig
Lenovo ThinkVantage Toolbox	PC-Doctor, Inc.	06.09.2011		6.0.5849.23 notwendig
Lenovo Warranty Information	Lenovo	03.03.2011	893 KB	1.0.0004.00 notwendig
Lenovo Welcome	Lenovo	03.03.2011		notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	09.07.2013	19,2 MB	1.75.0.1300 unbekannt
McAfee Security Scan Plus	McAfee, Inc.	12.02.2013	10,2 MB	3.0.318.3 unbekannt
Message Center Plus	Lenovo Group Limited	03.03.2011	1,70 MB	2.0.0012.00 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	05.04.2011	38,8 MB	4.0.30319 unbekannt
Microsoft Silverlight	Microsoft Corporation	14.03.2013	50,6 MB	5.1.20125.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	03.03.2011	1,69 MB	3.1.0000 unbkannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	21.04.2011	260 KB	8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	21.04.2011	250 KB	8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	300 KB	8.0.61001 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	03.03.2011	832 KB	8.0.61000 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	03.03.2011	788 KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.06.2011	788 KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	17.05.2011	244 KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	28.03.2011	592 KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	600 KB	9.0.30729.6161 unbekannt
Microsoft WSE 3.0 Runtime	Microsoft Corp.	26.12.2012	942 KB	3.0.5305.0 unbekannt
Mobile Broadband	Lenovo	03.03.2011	16,4 MB	3.6.0034 notwendig
Mozilla Firefox 22.0 (x86 de)	Mozilla	28.06.2013	45,8 MB	22.0 notwendig
Mozilla Maintenance Service	Mozilla	28.06.2013	333 KB	22.0 notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	29.03.2011	1,27 MB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	29.03.2011	1,33 MB	4.20.9876.0 unbekannt
Netzmanager		03.03.2011		notwendig
Netzmanager	Deutsche Telekom AG	26.12.2012		1.071 notwendig
OpenOffice.org 3.3	OpenOffice.org	20.04.2011	414 MB	3.3.9567 notwendig
P7S Viewer	Secure Soft	27.06.2011	3,87 MB	4.0 notwendig
Realtek Ethernet Controller Driver For Windows Vista and Later	Realtek	03.03.2011		1.00.0010 notwendig
Realtek HDMI Audio Driver for ATI	Realtek Semiconductor Corp.	03.03.2011		6.0.1.6034 notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	03.03.2011		6.0.1.6146 notwendig
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	03.03.2011		6.1.7600.30113 notwendig
Registry Patch to arrange icons in Device and Printers folder of Windows 7		03.03.2011		1.00 unbekannt
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7		03.03.2011		1.00 unbekannt
Sophos Anti-Virus	Sophos Limited	12.06.2013	86,7 MB	10.2.8 notwendig
Sophos AutoUpdate	Sophos Limited	14.02.2013	14,3 MB	2.9.0.344 notwendig
StarMoney 8.0 S-Edition	Star Finanz GmbH	14.05.2011		8.0 notwendig
Steuer-Taxi 2010	Akademische Arbeitsgemeinschaft Verlag	05.04.2012	241 MB	15.15 notwendig
STEUEReasy 2011	Akademische Arbeitsgemeinschaft Verlag	27.05.2013	277 MB	16.17 notwendig
STEUEReasy 2012	Wolters Kluwer Deutschland GmbH	26.05.2013	287 MB	17.13 notwendig
STEUEReasy 2013	Wolters Kluwer Deutschland GmbH	20.05.2013	302 MB	18.09 notwendig
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe	Synaptics Inc.	14.10.2012	14,0 MB	1.6.5.17120 unbekannt
Synaptics Pointing Device Driver	Synaptics Incorporated	14.10.2012	46,4 MB	15.2.20.0 unbekannt
System Update	Lenovo	03.03.2011	11,5 MB	4.00.0032 notwendig
ThinkPad Bluetooth with Enhanced Data Rate Software	Broadcom Corporation	03.03.2011	144 MB	6.2.1.1400 notwendig
ThinkPad Energie-Manager		03.03.2011		3.30 notwendig
ThinkPad Power Management Driver		03.03.2011		1.60.0.4 notwendig
ThinkVantage Communications Utility	Lenovo	03.03.2011	2,43 MB	1.41 notwendig
ThinkVantage System für aktiven Festplattenschutz	Lenovo	03.03.2011	15,6 MB	1.74 notwendig
ThinkVantage System Update		03.03.2011		notwendig
True Image 2013	Acronis	27.12.2012	318 MB	16.0.5551 notwendig
TrueCrypt	TrueCrypt Foundation	05.07.2013		7.1a notwendig
Windows Live Essentials	Microsoft Corporation	03.03.2011		15.4.3502.0922 unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	03.03.2011	5,57 MB	15.4.5722.2 unbekannt
Windows-Treiberpaket - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002)	Intel	03.03.2011		01/15/2010 9.5.7.1002 unbekannt
Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013)	Intel	03.03.2011		06/04/2009 7.0.0.1013 unbekannt
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)	Intel	03.03.2011		06/04/2009 1.0.0.0002 unbekannt
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)	Intel	03.03.2011		10/28/2009 9.1.1.1022 unbekannt
Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)	Intel	04.03.2011		10/28/2009 9.1.1.1022 unbekannt
Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020)	Intel	03.03.2011		08/20/2009 9.1.1.1020 unbekannt
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)	Lenovo	03.03.2011		11/18/2009 1.60.0.4 unbekannt
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (01/26/2010 5.10.0.6034)	Realtek Semiconductor Corp.	03.03.2011		01/26/2010 5.10.0.6034 notwendig
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (01/26/2010 6.0.1.6034)	Realtek Semiconductor Corp.	03.03.2011		01/26/2010 6.0.1.6034 notwendig
Windows-Treiberpaket - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146)	Realtek Semiconductor Corp.	03.03.2011		06/29/2010 6.0.1.6146 notwendig
Überwachungstool für die Intel® Turbo-Boost-Technik	Intel	03.03.2011	1,13 MB	1.0.186.3 unbekannt
         

Alt 10.07.2013, 12:12   #10
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



bHi,
es sind 2 Logs zu erstellen, poste sie bitte gleichzeitig.

1.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Bing
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
McAfee
Windows Live : alle von dir nicht verwendeten.

Öffne bitte CCleaner, analysieren, starten, PC neustarten.
2.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

neustarten.
3.
Lade bitte Hitmanpro:
HitmanPro - Download - Filepony
Doppelklicken, Scan klicken, nichts löschen.
Weiter klicken, Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.07.2013, 14:05   #11
Serafim
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,

hier die Log von ADWCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 10/07/2013 um 14:40:17 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Siegfried - SIEGFRIED-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Siegfried\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Siegfried\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Siegfried\AppData\Roaming\Mozilla\Firefox\Profiles\9rsq7463.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.tb.ask.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YYA^de&ptb=9724A557-6BF6-4DA9-B1EF-1977726E1F7B&si=swissconverter --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Siegfried\AppData\Roaming\Mozilla\Firefox\Profiles\9rsq7463.default\prefs.js

Gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3241949&SearchSource=1[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "FileConverter 1.3 Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3241949");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask Web Search");
Gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Wikipedia (de)");
Gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?p[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=9724A557-6BF6-4DA9[...]

Datei : C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qkgbab47.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Siegfried\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Erika\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3100 octets] - [10/07/2013 14:40:17]

########## EOF - C:\AdwCleaner[S1].txt - [3160 octets] ##########
         
--- --- ---

[/CODE]

Log von HitmanPro

Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : SIEGFRIED-THINK
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Siegfried-THINK\Siegfried
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-10 14:46:39
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 13m 56s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 480

   Objects scanned . . . : 1.660.033
   Files scanned . . . . : 55.899
   Remnants scanned  . . : 561.794 files / 1.042.340 keys

Cookies _____________________________________________________________________

   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:2o7.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ad.360yield.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ad.dyntracker.de
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ad.movad.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ad.zanox.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ads.adacado.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ads.undertone.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:adtech.de
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:advertising.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:adviva.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:apmebf.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:atdmt.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:de.sitestat.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:doubleclick.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:fastclick.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:invitemedia.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:kqv.112.2o7.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:loyaltypartner.122.2o7.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:mediaplex.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:overture.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:revsci.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:ru4.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:serving-sys.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:specificclick.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:statcounter.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:track.adform.net
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:track.effiliation.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:tradedoubler.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\2yvrg1nr.default\cookies.sqlite:xiti.com
   C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qkgbab47.default\cookies.sqlite:acronis.122.2o7.net
   C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qkgbab47.default\cookies.sqlite:atdmt.com
   C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qkgbab47.default\cookies.sqlite:de.sitestat.com
   C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qkgbab47.default\cookies.sqlite:doubleclick.net
   C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qkgbab47.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qkgbab47.default\cookies.sqlite:tradedoubler.com
   C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\qkgbab47.default\cookies.sqlite:xiti.com
   C:\Users\Siegfried\AppData\Roaming\Mozilla\Firefox\Profiles\9rsq7463.default\cookies.sqlite:apmebf.com
   C:\Users\Siegfried\AppData\Roaming\Mozilla\Firefox\Profiles\9rsq7463.default\cookies.sqlite:doubleclick.net
         

Alt 10.07.2013, 14:20   #12
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,
Browser schließen bitte, Hitmanpro gefundenes löschen lassen, neustarten, neues OTL Log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.07.2013, 15:27   #13
Serafim
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hier ist das neue OTL-Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.07.2013 16:13:58 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Siegfried\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 54,62% Memory free
7,73 Gb Paging File | 5,76 Gb Available in Paging File | 74,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 256,94 Gb Total Space | 204,59 Gb Free Space | 79,63% Space Free | Partition Type: NTFS
Drive D: | 99,07 Gb Total Space | 98,24 Gb Free Space | 99,16% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 1,37 Gb Free Space | 13,98% Space Free | Partition Type: NTFS
 
Computer Name: SIEGFRIED-THINK | User Name: Siegfried | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.05 11:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siegfried\Desktop\OTL.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.23 01:49:41 | 002,890,232 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2013.02.14 23:30:23 | 000,237,048 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2013.02.14 23:30:21 | 000,929,272 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2013.02.14 23:29:06 | 000,217,592 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2013.01.29 22:21:05 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.12.27 22:07:26 | 003,729,400 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.12.21 15:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.08.23 04:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2012.08.23 04:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2012.08.18 22:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012.07.24 16:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012.05.09 23:25:15 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012.03.19 22:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.04.20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.04.20 14:23:28 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010.04.20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.07 07:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.04.07 05:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.04.01 07:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.12.21 11:49:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 06:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.11 10:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009.11.04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.23 04:35:38 | 013,873,200 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
MOD - [2012.08.23 04:31:22 | 001,590,656 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
MOD - [2012.07.24 15:48:28 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
MOD - [2011.04.20 12:53:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.13 15:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.01.13 16:04:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.18 07:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.07.10 14:06:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.28 00:11:33 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.23 01:49:41 | 002,890,232 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2013.02.14 23:30:23 | 000,237,048 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2013.02.14 23:29:06 | 000,217,592 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2013.01.29 22:21:05 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2013.01.29 22:18:39 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)
SRV - [2012.12.27 22:07:26 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.12.21 15:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.08.23 04:50:44 | 001,127,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012.08.18 22:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Users\Siegfried\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012.05.09 23:25:15 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.03.19 22:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010.08.24 20:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010.07.15 07:23:58 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2010.04.20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010.04.20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.04.07 07:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.04.07 05:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.04.05 21:55:01 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 14:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.03.05 11:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.03.05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.03.05 11:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.11.04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.29 18:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.07.05 13:10:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.01.29 22:26:27 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2012.12.27 22:07:27 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.12.27 22:07:24 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012.12.27 22:07:20 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2012.12.27 22:07:18 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012.12.27 22:07:16 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2012.12.27 22:07:13 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.12.27 22:07:12 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012.10.08 14:09:34 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
DRV:64bit: - [2012.03.05 21:53:58 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.29 11:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 15:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.01.13 15:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.24 20:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010.07.15 07:23:48 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.03.17 23:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.03.17 12:30:36 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.02.08 14:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.15 06:23:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 06:23:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.15 06:23:00 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.01.13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.30 08:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 07:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.02 12:58:12 | 000,258,560 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.09.29 18:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.02 04:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 07:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.02.09 11:06:31 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2008.05.12 11:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2011.06.27 17:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Users\Siegfried\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{31CA554A-5500-4812-875C-F4719B5572E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{3EEE0C04-FCC8-4DA9-8801-8DE8D162280E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{A45A69E5-9511-4C45-9AAF-7F5F8F3DA4CA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{D9A8C407-B63A-4232-AEAD-0612A4782451}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: fb_add_on%40avm.de:1.7.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2011.06.21 15:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.06.21 15:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Extensions
[2011.06.21 15:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.07.05 11:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Firefox\Profiles\9rsq7463.default\extensions
[2013.04.13 11:11:31 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Siegfried\AppData\Roaming\mozilla\Firefox\Profiles\9rsq7463.default\extensions\fb_add_on@avm.de
[2011.06.21 15:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siegfried\AppData\Roaming\mozilla\Sunbird\Profiles\9tzvolni.default\extensions
[2013.07.04 15:58:53 | 000,009,612 | ---- | M] () -- C:\Users\Siegfried\AppData\Roaming\mozilla\firefox\profiles\9rsq7463.default\searchplugins\ask-web-search.xml
[2013.06.28 00:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.06.28 00:11:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.06.28 00:11:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.06.28 00:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.28 00:11:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2013.07.09 13:32:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Limited)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Users\Siegfried\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C7522CC-4D4C-429F-B803-8D9E9B89D770}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E0C0BFF-17C4-4830-B483-7D2926513271}: DhcpNameServer = 192.168.0.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.10 14:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.07.10 14:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.07.10 14:15:59 | 000,972,712 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.07.10 14:15:58 | 001,093,032 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.07.10 14:15:58 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.07.10 14:15:50 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.07.10 14:15:50 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.07.10 14:15:50 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.07.10 14:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.07.10 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.07.10 14:06:18 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.07.10 14:06:18 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.07.10 14:01:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.09 17:42:01 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\Documents\Telekom
[2013.07.09 17:22:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.09 15:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.07.09 14:07:25 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Roaming\Malwarebytes
[2013.07.09 14:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.09 14:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.09 14:07:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.07.09 14:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.07.09 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\Programs
[2013.07.09 13:51:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.09 13:15:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.09 13:15:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.09 13:15:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.07.09 13:15:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.07.09 13:15:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.09 13:06:05 | 005,087,643 | R--- | C] (Swearware) -- C:\Users\Siegfried\Desktop\ComboFix.exe
[2013.07.09 11:40:04 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Siegfried\Desktop\tdsskiller.exe
[2013.07.06 11:26:47 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{BC6C353C-8B77-4108-92DE-DA6E80BBC1B4}
[2013.07.05 13:11:17 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Roaming\TrueCrypt
[2013.07.05 13:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.07.05 13:10:35 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.07.05 13:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013.07.05 11:50:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Siegfried\Desktop\OTL.exe
[2013.07.05 00:14:54 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{F9ADF71E-D4B5-4FFA-8106-4BAFB1705DB6}
[2013.07.02 12:07:37 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{071CE1FF-171E-4315-A241-15A56EA0A2DE}
[2013.06.29 01:27:43 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{9539EFFE-A316-4F6B-A9E5-E36C96AB0BAD}
[2013.06.28 00:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.25 01:34:04 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{F7C1803F-8051-48AE-A7D1-47DF1B9B44C4}
[2013.06.20 15:14:49 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{FF48B5CC-DA2E-4D9D-B077-5047E3FB8924}
[2013.06.18 18:53:40 | 000,000,000 | ---D | C] -- C:\Users\Siegfried\AppData\Local\{6625C0C1-09EB-4B85-90A1-823BFDDE746A}
[2013.06.14 22:43:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.14 22:43:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.12 11:59:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 11:59:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 11:59:35 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 11:59:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 11:59:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 11:59:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 11:59:35 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 11:59:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 11:59:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 11:59:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 11:59:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 11:59:33 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 11:59:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 11:06:26 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 11:06:26 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 11:06:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 11:06:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 11:06:13 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 11:06:04 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 11:06:04 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 11:06:03 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 11:06:03 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 11:06:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 11:06:03 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 11:05:34 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 11:05:34 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.10 16:12:09 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.10 16:11:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.10 16:11:24 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.10 16:02:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.10 15:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.10 14:52:41 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 14:52:41 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.10 14:46:39 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.10 14:23:47 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.07.10 14:15:44 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.07.10 14:15:44 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.07.10 14:15:44 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.07.10 14:15:44 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.07.10 14:15:44 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.07.10 14:15:44 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.07.10 14:08:29 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.10 14:06:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.07.10 14:06:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.07.09 17:53:27 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.09 17:53:27 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.09 17:53:27 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.09 17:53:27 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.09 17:53:27 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.09 15:33:01 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.09 14:07:09 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.09 13:32:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.07.09 13:06:15 | 005,087,643 | R--- | M] (Swearware) -- C:\Users\Siegfried\Desktop\ComboFix.exe
[2013.07.09 11:40:08 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Siegfried\Desktop\tdsskiller.exe
[2013.07.05 13:25:27 | 002,088,837 | ---- | M] () -- C:\Users\Siegfried\Documents\truecrypt.rtf
[2013.07.05 13:10:37 | 000,000,886 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.07.05 13:10:35 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.07.05 11:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siegfried\Desktop\OTL.exe
[2013.07.04 13:01:26 | 003,320,813 | ---- | M] () -- C:\Users\Siegfried\Documents\Trojaner Anfrage.rtf
[2013.06.28 14:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2013.06.28 14:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.06.20 16:27:02 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.16 16:41:43 | 000,004,693 | ---- | M] () -- C:\Users\Siegfried\Documents\RENTE  EURO- SFR  mit Berechnung.rtf
 
========== Files Created - No Company Name ==========
 
[2013.07.10 14:46:39 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.10 14:08:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.07.10 14:08:29 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.10 14:06:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.09 15:33:01 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.09 14:07:09 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.07.09 13:15:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.09 13:15:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.09 13:15:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.09 13:15:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.09 13:15:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.09 13:15:35 | 000,060,416 | ---- | C] () -- C:\Windows\NIRCMD.exe
[2013.07.05 13:25:27 | 002,088,837 | ---- | C] () -- C:\Users\Siegfried\Documents\truecrypt.rtf
[2013.07.05 13:10:37 | 000,000,886 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.07.04 13:01:26 | 003,320,813 | ---- | C] () -- C:\Users\Siegfried\Documents\Trojaner Anfrage.rtf
[2013.06.28 10:52:15 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2013.03.21 12:17:37 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.10.14 18:42:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.08.28 16:12:45 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT
[2011.05.22 21:50:30 | 000,000,680 | RHS- | C] () -- C:\Users\Siegfried\ntuser.pol
[2011.05.08 16:27:38 | 000,020,540 | ---- | C] () -- C:\Users\Siegfried\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 929 bytes -> C:\Users\Siegfried\Documents\Re-Reiserücktritt-ERV,Antwort.eml:OECustomProperty
@Alternate Data Stream - 1252 bytes -> C:\Users\Siegfried\Documents\Re-Reiserücktritt-ERV.eml:OECustomProperty

< End of report >
         
--- --- ---

Alt 10.07.2013, 18:17   #14
markusg
/// Malware-holic
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.07.2013, 09:36   #15
Serafim
 
Win32/Small.CA-Virus - Standard

Win32/Small.CA-Virus



Hi,

hier die neue Log von OTL:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PWMTRV deleted successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Erika
->Temp folder emptied: 1819 bytes
->Temporary Internet Files folder emptied: 11697577 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 617220717 bytes
->Google Chrome cache emptied: 1905008 bytes
->Flash cache emptied: 2585 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5049639 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60070246 bytes
->Google Chrome cache emptied: 7842957 bytes
->Flash cache emptied: 651 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Siegfried
->Temp folder emptied: 8767414 bytes
->Temporary Internet Files folder emptied: 501906 bytes
->Java cache emptied: 619508 bytes
->FireFox cache emptied: 58540948 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 709 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118988012 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 668 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 850,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07112013_101901

Files\Folders moved on Reboot...
C:\Users\Siegfried\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Siegfried\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Ansonsten funktioniert alles einwandfrei.

Antwort

Themen zu Win32/Small.CA-Virus
64 bit, ausführung, bekannte, beseitigung, bewirkt, bitte um hilfe, compu, computers, computervirus, defender, fehler, funktionier, funktioniert, gen, melde, meldet, normale, sophos, wartungscenter, win, win32/small.ca, win32/small.ca-virus, windows, windows 7, windows 7 64 bit, windows defender




Ähnliche Themen: Win32/Small.CA-Virus


  1. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 16.12.2013 (4)
  2. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 28.11.2013 (2)
  3. WIN 7 Starter: Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 15.11.2013 (3)
  4. Win 7 x64: Entfernen des Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 31.10.2013 (15)
  5. win32/small.ca virus
    Plagegeister aller Art und deren Bekämpfung - 22.09.2013 (22)
  6. win32/small.ca-virus
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (9)
  7. Win32/Small.ca Virus
    Log-Analyse und Auswertung - 24.07.2013 (11)
  8. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 22.07.2013 (13)
  9. Entfernen des Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (41)
  10. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (10)
  11. Win32/Small.CA-Virus entfernen
    Log-Analyse und Auswertung - 03.07.2013 (13)
  12. Win32/Small.CA-Virus .... 100.000-ste -.-
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (11)
  13. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (48)
  14. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (7)
  15. Win32/Small.CA-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (13)
  16. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 06.03.2013 (1)
  17. Win32/Small.CA-Virus
    Log-Analyse und Auswertung - 03.01.2013 (8)

Zum Thema Win32/Small.CA-Virus - Das Wartungscenter meines Computers (mit Windows 7 64 bit) meldet mir: "Windows hat Win32/Small.CA, einen bekannten Computervirus, auf Ihrem PC erkannt. Win32/Small.CA hat bewirkt, dass Ihr PC 1 Mal nicht - Win32/Small.CA-Virus...
Archiv
Du betrachtest: Win32/Small.CA-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.