Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win\ldpinch.DB & TR/Ransom.Gimemo.ucd (unter anderem?) via Drive-By erhalten (https://www.trojaner-board.de/116259-win-ldpinch-db-tr-ransom-gimemo-ucd-anderem-via-drive-by-erhalten.html)

verwanzt 02.06.2012 08:53
Win\ldpinch.DB & TR/Ransom.Gimemo.ucd (unter anderem?) via Drive-By erhalten
 
Guten Morgen!

Beim Surfen mit dem guten alten IE habe ich auf einen Link geklickt, der zu einer Nachrichtenseite führt. Schon beim Laden der Seite habe ich gesehen, dass der Java-Tay erscheint. Aber da war es schon zu spät ;-/

Avira hat daraufhin per Meldung darauf hingewiesen, dass sich in dem Ordner meiner Latex-Installation 3 Dateien mit folgendem Problem befinden: "Enthält Erkennungsmuster des Windows-Virus W32/Infector.Gen8". Latex selbst war zu diesem Zeitpunkt nicht offen(seit Monaten nicht, bin eher der MSOffice Typ). Scan über OS-Partition hat dann im oben genannten Ordner 28 Mal den
Windows-Virus W32/Infector.Gen8 reklamiert. Hab ich alles in Quarantäne verschieben lassen.

Dann habe ich mir meine Prozesse angesehen und mindestens einen gefunden, der nicht i.O. war (Name sah nach Random generiert aus). Der Prozess lies nicht dauerhaft stoppen, da er von Windows Host Prozess neu erzeugt wurde.

Windows Defender einer weiteren Windows Installation auf diesem Rechner erkannte folgendes:
Zitat:
Kategorie:
Kennwortstehlprogramm

Beschreibung:
Dieses Programm ist gefährlich. Es zeichnet Benutzerkennwörter auf.

Empfehlung:
Entfernen Sie diese Software unverzüglich.

Ressourcen:
containerfile:
F:\Users\mobile\AppData\Local\Temp\~!#19B0.tmp

file:
F:\Users\mobile\AppData\Local\Temp\~!#19B0.tmp->(UPX)->[DynDrop]->(UPX)
Ich bin den Anweisungen des Defenders gefolgt und kann den Prozess seitdem nicht mehr entdecken. Desweiteren habe ich alles aus dem App Data Ordner gelöscht was mir dubios vorkam und sich löschen lies (teilweise durch laufende Prozesse blockiert).

Ausserdem lädt sich ein Zeitgenosse (F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe) über den Autostart nach. Entfernen wird durch laufende Prozesse blockiert. Ich habe den Verweis erstmal nicht entfernt, um nicht noch weitere Spuren zu verwischen.

Weitere Auffälligkeit: Über den UAC Prompt wollte ein Befehlsprozessor meine Authorisierung. Bei Ablehnung erfolgt sofort erneute Nachfrage. Habe das erstmal nicht bestätigt und minimiert. Während ich diesen Text schreibe, ist die Nachfrage verschwunden - möglicherweise habe ich "Aus Versehen" bestätigt?

Die hier im Forum empfohlenen Schritte 1 und 2 habe ich durchgeführt. Folgend die Logs:

OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 02.06.2012 00:11:14 - Run 1
OTL by OldTimer - Version 3.2.45.0    Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 69,71% Memory free
7,35 Gb Paging File | 5,97 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,47 Gb Free Space | 30,14% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,26 Gb Free Space | 0,87% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,35 Gb Free Space | 2,46% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 00:06:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Downloads\OTL.exe
PRC - [2012.06.01 17:00:31 | 000,102,400 | --S- | M] () -- F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.01 17:00:31 | 000,102,400 | --S- | M] () -- F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 19 EE 8C 95 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
 
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.15 11:55:12 | 000,002,344 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.15 11:55:12 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.15 11:55:12 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CweWjhjf] F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O4 - Startup: F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe ()
O4 - Startup: F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 18:20:27 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Local\ttmkyhao
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:53:26 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 23:53:26 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 23:44:08 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012.06.01 23:44:03 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:17:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
[2012.06.01 17:38:16 | 000,001,124 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000UA.job
[2012.06.01 17:00:31 | 000,102,400 | --S- | M] () -- F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe
[2012.06.01 09:38:03 | 000,001,072 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000Core.job
 
========== Files Created - No Company Name ==========
 
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 19:44:58 | 000,102,400 | --S- | C] () -- F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
 
========== LOP Check ==========
 
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.01 23:45:21 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,028,602 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 

< End of report >
--- --- ---


Extras.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 02.06.2012 00:11:14 - Run 1
OTL by OldTimer - Version 3.2.45.0    Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 69,71% Memory free
7,35 Gb Paging File | 5,97 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,47 Gb Free Space | 30,14% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,26 Gb Free Space | 0,87% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,35 Gb Free Space | 2,46% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe |
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system |
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system |
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system |
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe |
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe |
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{A8D28D8C-E821-4244-A211-B21645129859}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe |
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe |
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe |
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{AA70EAF8-9121-4766-9733-296BF343D27C}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe |
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"VP Suite 5.0" = VP Suite 5.0
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2012 06:22:41 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e34    Startzeit: 01cd3c328f9b8a1e    Endzeit: 96    Anwendungspfad:
F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 29.05.2012 02:09:45 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1b98    Startzeit: 01cd3c9ed866a025    Endzeit: 824    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 29.05.2012 07:25:23 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.  .
 
Error - 29.05.2012 07:25:28 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.  .
 
Error - 29.05.2012 07:25:52 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.  .
 
Error - 29.05.2012 07:25:57 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.  .
 
Error - 31.05.2012 01:00:56 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 244c    Startzeit: 01cd3e958c5ecfbb    Endzeit: 19    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 01.06.2012 01:18:39 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 20d4    Startzeit: 01cd3f5be755c638    Endzeit: 13    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8193
Description =
 
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8211
Description =
 
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2010 08:54:41 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 06:35:08 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 82848 seconds with 120 seconds of active time.  This session ended with a
 crash.
 
Error - 24.02.2011 08:16:33 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2011 01:27:56 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.04.2012 03:09:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 08.04.2012 13:54:58 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 10.04.2012 06:41:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 11.04.2012 14:17:29 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 12.04.2012 04:25:50 | Computer Name = ***** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 13.04.2012 02:51:52 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
Error - 13.04.2012 15:23:11 | Computer Name = ***** | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 13.04.2012 15:23:12 | Computer Name = ***** | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---


Kann ich das System noch retten? ;(

kira 02.06.2012 20:41
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.03.15 11:55:12 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.15 11:55:12 | 000,002,344 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.15 11:55:12 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.15 11:55:12 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O4 - HKCU..\Run: [CweWjhjf] F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe ()
O4 - Startup: F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.06.01 17:38:16 | 000,001,124 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000UA.job
[2012.06.01 09:38:03 | 000,001,072 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000Core.job

:Files
F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe
 F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe
F:\Users\mobile\AppData\Local\ttmkyhao
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

2.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malwarevon hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

verwanzt 02.06.2012 22:43
Hallo kira,
Danke für deine Hilfsbereitschaft - leider habe ich in der Zwischenzeit schon Antivir einen Komplett-Scan durchführen lassen, Sorry! Ich halte jetzt die Finger still.

Kann ich trotzdem den von dir vorgeschlagenen Weg nehmen, oder ist das so nun nicht mehr möglich?

Folgendes Ergebnis lieferte der Scan:

Code:
F:\Users\mobile\AppData\Local\Temp\tfculjllhengxcet.exe
  [FUND]      Ist das Trojanische Pferd TR/Ransom.Gimemo.ucd
F:\Users\mobile\AppData\Local\Temp\~!#13C6.tmp
  [FUND]      Ist das Trojanische Pferd TR/Ransom.Gimemo.ucd
F:\Users\mobile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7841db00-4a59d7be
  [0] Archivtyp: ZIP
  --> pera/F.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.BL
  --> pera/pere.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.BM
F:\Users\mobile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c99f0e7-328f5147
  [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.636689.6
F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe
  [FUND]      Ist das Trojanische Pferd TR/Ransom.Gimemo.ucd
Ich habe alles in Quarantäne verschieben lassen.

kira 03.06.2012 06:44
nein, die Augaben sollten erledigt werden!

verwanzt 03.06.2012 12:51
Hi kira,

1. Fixen mit OTL (meinst du das Text-File?)

Code:
Files\Folders moved on Reboot...
F:\Users\mobile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

2. Scan Bericht Malwarebytes Anti Malware:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mobile :: **** [Administrator]

03.06.2012 09:52:50
mbam-log-2012-06-03 (09-52-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 643385
Laufzeit: 2 Stunde(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
3. Installierte Software:
Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        13.04.2011        4,53MB        9.20.00.0
Acer PowerSmart Manager        Acer Incorporated        30.05.2010                5.02.3000
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        18.08.2011        6,00MB        10.3.183.5
Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        20.04.2012        6,00MB        11.2.202.233
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver        Atheros Communications Inc.        28.05.2010                1.0.0.23
Avira AntiVir Personal - Free Antivirus        Avira GmbH        12.02.2012        61,8MB        10.2.0.707
CCleaner        Piriform        22.05.2012                3.19
Cisco Systems VPN Client 5.0.07.0290                28.03.2011        10,6MB       
Dropbox        Dropbox, Inc.        14.03.2012                1.2.52
ECL Viewer        SAP AG        13.10.2010                6.0
FASM version 0.16                21.11.2010               
Foxit Reader        Foxit Software Company        28.05.2010        10,6MB        3.3.1.518
Google Web Toolkit Developer Plugin for IE (x64)        Google        29.06.2011        0,32MB        1.2.9570
Google Web Toolkit Developer Plugin for IE (x86)        Google        03.10.2011        0,26MB        1.2.9570
InfoZoom 4.10        humanIT        20.06.2010        273MB        4.10.07
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        29.05.2010                8.15.10.2057
ISO Recorder        Alex Feinman        16.04.2011        1,63MB        3.1.0
Java(TM) 6 Update 23 (64-bit)        Oracle        20.12.2010        90,9MB        6.0.230
Java(TM) 6 Update 26        Oracle        01.11.2010        95,0MB        6.0.260
Java(TM) SE Development Kit 6 Update 23 (64-bit)        Oracle        20.12.2010        146,3MB        1.6.0.230
Launch Manager        Acer Inc.        30.05.2010                4.0.5
Malwarebytes Anti-Malware Version 1.61.0.1400        Malwarebytes Corporation        02.06.2012        18,0MB        1.61.0.1400
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        29.06.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        29.06.2011        2,94MB        4.0.30319
Microsoft Office File Validation Add-In        Microsoft Corporation        15.09.2011        7,95MB        14.0.5130.5003
Microsoft Office Ultimate 2007        Microsoft Corporation        17.12.2011                12.0.6425.1000
Microsoft Project Professional 2010        Microsoft Corporation        10.11.2011                14.0.6029.1000
Microsoft redistributable runtime DLLs VS2005 SP1(x86)        SAP        13.10.2010        5,72MB        8.0.50727.762
Microsoft Silverlight        Microsoft Corporation        22.02.2012        160,0MB        4.1.10111.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        22.06.2010        0,21MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        13.04.2011        0,77MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        13.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        02.06.2010        0,77MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        17.06.2011        0,77MB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        28.05.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        17.06.2011        0,59MB        9.0.30729.6161
Miranda IM 0.8.24                28.05.2010               
Mozilla Firefox (3.6.28)        Mozilla        11.04.2012                3.6.28 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        19.10.2010        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        19.10.2010        1,33MB        4.20.9876.0
MSXML4.0 redistributable        SAP        13.10.2010        3,70MB        4.0.0.0
Pidgin                30.05.2010                2.7.0
Protege 4.1        Stanford Center for Biomedical Informatics Research        24.04.2012                1.0.0.0
QIP 2005 8097 Jeak-Edition        jeak.de        17.11.2010        6,74MB        1.0.8097
SAP GUI 7.10        SAP AG        13.10.2010                7.10 Compilation 4
Skype™ 5.0        Skype Technologies S.A.        09.02.2011        15,2MB        5.0.156
SpeedFan (remove only)                01.07.2010               
Streamripper (Remove only)                02.04.2011               
TeX Live 2010                13.04.2011                2010
TeXnicCenter Version 1.0 Stable RC1        TeXnicCenter.org        13.04.2011                Version 1.0 Stable RC1
TortoiseSVN 1.6.12.20536 (64 bit)        TortoiseSVN        23.02.2011        21,8MB        1.6.20536
TrueCrypt        TrueCrypt Foundation        31.12.2010                7.0a
VLC media player 1.1.7        VideoLAN        04.02.2011                1.1.7
VMware Player        VMware, Inc        18.04.2011        391MB        3.1.4.16648               
Winamp        Nullsoft, Inc        02.04.2011                5.61
Zune        Microsoft Corporation        31.10.2011                04.08.2345.00
4. Der erneute Scan mit OTL ergab folgendes:
Code:
OTL logfile created on: 03.06.2012 12:12:22 - Run 2
OTL by OldTimer - Version 3.2.45.0    Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 43,54% Memory free
7,35 Gb Paging File | 5,10 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,27 Gb Free Space | 30,00% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,40 Gb Free Space | 1,35% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 00:06:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Downloads\OTL.exe
PRC - [2012.04.21 21:18:19 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.03 10:34:37 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 19 EE 8C 95 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
 
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CweWjhjf] F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 12:04:44 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.03 12:04:42 | 000,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2012.06.03 09:50:00 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\Malwarebytes
[2012.06.03 09:49:54 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 09:49:52 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012.06.03 09:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 09:49:51 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.03 09:40:55 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 12:17:02 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 12:04:44 | 000,000,839 | ---- | M] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:50:30 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 09:50:30 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 09:49:54 | 000,001,126 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 09:42:57 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012.06.03 09:42:52 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
[2012.06.03 12:04:44 | 000,000,839 | ---- | C] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
 
========== LOP Check ==========
 
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.03 09:44:24 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,028,854 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 03.06.2012 12:12:22 - Run 2
OTL by OldTimer - Version 3.2.45.0    Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 43,54% Memory free
7,35 Gb Paging File | 5,10 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,27 Gb Free Space | 30,00% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,40 Gb Free Space | 1,35% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
 
Computer Name: *****  | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe |
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system |
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system |
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system |
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe |
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe |
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{A8D28D8C-E821-4244-A211-B21645129859}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe |
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe |
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe |
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{AA70EAF8-9121-4766-9733-296BF343D27C}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe |
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.05.2012 01:00:56 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 244c    Startzeit: 01cd3e958c5ecfbb    Endzeit: 19    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 01.06.2012 01:18:39 | Computer Name = mobile-*****| Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 20d4    Startzeit: 01cd3f5be755c638    Endzeit: 13    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8193
Description =
 
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8211
Description =
 
Error - 02.06.2012 05:03:11 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
 Zeitstempel: 0x4b57c888  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xcc4  Startzeit der fehlerhaften Anwendung: 0x01cd403fe2592958
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: c6a42ad3-ac91-11e1-a993-e2d23d058f2c
 
Error - 02.06.2012 13:30:52 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: fa8    Startzeit: 01cd4044b1a99075    Endzeit: 70    Anwendungspfad:
F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 02.06.2012 17:21:53 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 57c0    Startzeit: 01cd40c3f4a4a3be    Endzeit: 16    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 03.06.2012 03:41:10 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7abf0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000020a4a
ID
 des fehlerhaften Prozesses: 0x218  Startzeit der fehlerhaften Anwendung: 0x01cd403fac206e2a
Pfad
 der fehlerhaften Anwendung: F:\Windows\system32\lsm.exe  Pfad des fehlerhaften Moduls:
 F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7c72c599-ad4f-11e1-a993-e2d23d058f2c
 
Error - 03.06.2012 03:41:15 | Computer Name = ***** | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess F:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 255. Der Computer muss neu gestartet werden.
 
Error - 03.06.2012 03:45:08 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
 Zeitstempel: 0x4b57c888  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xee4  Startzeit der fehlerhaften Anwendung: 0x01cd415ccadcda70
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0a194c7e-ad50-11e1-821e-005056c00008
 
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2010 08:54:41 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 06:35:08 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 82848 seconds with 120 seconds of active time.  This session ended with a
 crash.
 
Error - 24.02.2011 08:16:33 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2011 01:27:56 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.04.2012 03:09:43 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 08.04.2012 13:54:58 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 10.04.2012 06:41:43 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 11.04.2012 14:17:29 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 12.04.2012 04:25:50 | Computer Name = *****  | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.04.2012 02:42:52 | Computer Name = *****  | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.04.2012 02:42:52 | Computer Name = *****  | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 13.04.2012 02:51:52 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
Error - 13.04.2012 15:23:11 | Computer Name = *****  | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 13.04.2012 15:23:12 | Computer Name = *****  | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

kira 03.06.2012 16:44
habe übersehen, dass Du OTL falsch installiert hast:

1.
Hast Du OTL falsch installiert:
OTL muss auf dem Desktop gespechert werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Nach installation in der Log-Datei soll etwa so aussehen:
Zitat:
Folder = C:\Users\***\Desktop
2.
die Schritte 1. und 4. bitte nochmal:-> http://www.trojaner-board.de/116259-...tml#post838135

verwanzt 03.06.2012 19:04
Ok, da hab ich mich vertan.

Also Schritt 1:
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
File F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml not found.
File F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CweWjhjf not found.
File F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe not found.
File F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
File F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000UA.job not found.
File F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000Core.job not found.
========== FILES ==========
File\Folder F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe not found.
File\Folder F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe not found.
File\Folder F:\Users\mobile\AppData\Local\ttmkyhao not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
F:\Users\mobile\Desktop\cmd.bat deleted successfully.
F:\Users\mobile\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mobile
->Temp folder emptied: 445801 bytes
->Temporary Internet Files folder emptied: 2168637 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2655 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,00 mb
 
 
OTL by OldTimer - Version 3.2.46.0 log created on 06032012_192213

Files\Folders moved on Reboot...
F:\Users\mobile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2Z1N9Y6M\ads[2].htm moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2Z1N9Y6M\register[1].htm moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2K9KU7H9\116259-win-ldpinch-db-tr-ransom-gimemo-ucd-anderem-via-drive-by-erhalten[1].htm moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2K9KU7H9\ads[1].htm moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
F:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1796.log moved successfully.
File move failed. F:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot
Schritt 4:

OTL.txt:
Code:
OTL logfile created on: 03.06.2012 19:38:40 - Run 3
OTL by OldTimer - Version 3.2.46.0    Folder = F:\Users\mobile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 68,55% Memory free
7,35 Gb Paging File | 6,01 Gb Available in Paging File | 81,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,09 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 1,68 Gb Free Space | 5,72% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
 
Computer Name: *****  | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.03 19:21:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
PRC - [2012.04.21 21:18:19 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.03 10:34:37 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 19 EE 8C 95 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
 
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 19:21:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
[2012.06.03 12:04:44 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.03 12:04:42 | 000,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2012.06.03 09:50:00 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\Malwarebytes
[2012.06.03 09:49:54 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 09:49:52 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012.06.03 09:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 09:49:51 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.03 09:40:55 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 19:31:53 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 19:31:53 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 19:24:20 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012.06.03 19:24:15 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.03 19:21:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
[2012.06.03 19:17:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 12:04:44 | 000,000,839 | ---- | M] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
[2012.06.03 12:04:44 | 000,000,839 | ---- | C] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
 
========== LOP Check ==========
 
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.03 19:34:11 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,029,610 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
und Extras.txt:

Code:
OTL Extras logfile created on: 03.06.2012 19:38:40 - Run 3
OTL by OldTimer - Version 3.2.46.0    Folder = F:\Users\mobile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 68,55% Memory free
7,35 Gb Paging File | 6,01 Gb Available in Paging File | 81,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,09 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 1,68 Gb Free Space | 5,72% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe |
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system |
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system |
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system |
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe |
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe |
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{A8D28D8C-E821-4244-A211-B21645129859}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe |
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe |
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe |
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{AA70EAF8-9121-4766-9733-296BF343D27C}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe |
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8193
Description =
 
Error - 01.06.2012 05:11:47 | Computer Name = *****  | Source = System Restore | ID = 8211
Description =
 
Error - 02.06.2012 05:03:11 | Computer Name = *****  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
 Zeitstempel: 0x4b57c888  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xcc4  Startzeit der fehlerhaften Anwendung: 0x01cd403fe2592958
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: c6a42ad3-ac91-11e1-a993-e2d23d058f2c
 
Error - 02.06.2012 13:30:52 | Computer Name = *****  | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: fa8    Startzeit: 01cd4044b1a99075    Endzeit: 70    Anwendungspfad:
F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 02.06.2012 17:21:53 | Computer Name = *****  | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 57c0    Startzeit: 01cd40c3f4a4a3be    Endzeit: 16    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 03.06.2012 03:41:10 | Computer Name = *****  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7abf0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000020a4a
ID
 des fehlerhaften Prozesses: 0x218  Startzeit der fehlerhaften Anwendung: 0x01cd403fac206e2a
Pfad
 der fehlerhaften Anwendung: F:\Windows\system32\lsm.exe  Pfad des fehlerhaften Moduls:
 F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7c72c599-ad4f-11e1-a993-e2d23d058f2c
 
Error - 03.06.2012 03:41:15 | Computer Name = ***** | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess F:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 255. Der Computer muss neu gestartet werden.
 
Error - 03.06.2012 03:45:08 | Computer Name = *****  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
 Zeitstempel: 0x4b57c888  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xee4  Startzeit der fehlerhaften Anwendung: 0x01cd415ccadcda70
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0a194c7e-ad50-11e1-821e-005056c00008
 
Error - 03.06.2012 12:53:26 | Computer Name = *****  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7abf0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000020a4a
ID
 des fehlerhaften Prozesses: 0x218  Startzeit der fehlerhaften Anwendung: 0x01cd415c7db206e8
Pfad
 der fehlerhaften Anwendung: F:\Windows\system32\lsm.exe  Pfad des fehlerhaften Moduls:
 F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a29456da-ad9c-11e1-821e-d065d091096e
 
Error - 03.06.2012 12:53:28 | Computer Name = *****  | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess F:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 255. Der Computer muss neu gestartet werden.
 
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2010 08:54:41 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 06:35:08 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 82848 seconds with 120 seconds of active time.  This session ended with a
 crash.
 
Error - 24.02.2011 08:16:33 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2011 01:27:56 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.04.2012 03:09:43 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 08.04.2012 13:54:58 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 10.04.2012 06:41:43 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 11.04.2012 14:17:29 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 12.04.2012 04:25:50 | Computer Name = *****  | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.04.2012 02:42:52 | Computer Name = *****  | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.04.2012 02:42:52 | Computer Name = *****  | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 13.04.2012 02:51:52 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
Error - 13.04.2012 15:23:11 | Computer Name = *****  | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 13.04.2012 15:23:12 | Computer Name = *****  | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

kira 04.06.2012 07:00
1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

2.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

verwanzt 04.06.2012 16:52
Hi Kira,

1. Ergab:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
F:\Users\mobile\Desktop\cmd.bat deleted successfully.
F:\Users\mobile\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mobile
->Temp folder emptied: 429417 bytes
->Temporary Internet Files folder emptied: 78437058 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69961469 bytes
->Flash cache emptied: 1233 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6025 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 142,00 mb
 
 
OTL by OldTimer - Version 3.2.46.0 log created on 06042012_170121

Files\Folders moved on Reboot...
F:\Users\mobile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
F:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1792.log moved successfully.
File move failed. F:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Java lässt sich nicht installieren. Offline Installation: "Beim Erstellen der für die Installation erforderlichen temporären Datei ist ein Fehler aufgetreten".

kira 06.06.2012 04:39
was passiert wenn Du über "Java aktualisieren- über Systemsteuerung-> Nach Update suchen..." erledigst?
ansonsten mach bitte zunächst weiter

verwanzt 15.06.2012 08:46
Hi Kira,

in diesem Fall fehlt der Update Tab. (Auch schon über CMD als Admin versucht...). Auch das Automatische Update scheitert.

Davon abgesehen treten eigentlich keine Probleme auf. Seit einiger Zeit kommt es zum Teil dazu, dass beim Abspielen von Streams wie Youtube oder der ÖR Mediatheken das System zwischendurch mal für ca. 30 Sekunden hängt. Liegt aber möglicherweise am WLan oder dem Flash Plugin.

5. SUPERAntiSpyware Scan

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/07/2012 at 01:56 PM

Application Version : 5.0.1150

Core Rules Database Version : 8693
Trace Rules Database Version: 6505

Scan type      : Complete Scan
Total Scan Time : 02:17:56

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 528
Memory threats detected  : 0
Registry items scanned    : 67860
Registry threats detected : 0
File items scanned        : 118649
File threats detected    : 33

Adware.Tracking Cookie
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\A92S2GF0.txt [ Cookie:mobile@tradedoubler.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\JR9PN4I9.txt [ Cookie:mobile@doubleclick.net/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVRDD34T.txt [ Cookie:mobile@ad3.adfarm1.adition.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERCQ5I9L.txt [ Cookie:mobile@questionmarket.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\B5MUKS9C.txt [ Cookie:mobile@tracking.quisma.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CO744XBB.txt [ Cookie:mobile@adfarm1.adition.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8H3XG3B5.txt [ Cookie:mobile@revsci.net/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4THYLUPD.txt [ Cookie:mobile@ad.dyntracker.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SCR5XZPB.txt [ Cookie:mobile@ad.dyntracker.de/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2DGFFAKI.txt [ Cookie:mobile@atdmt.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9VCDZN0.txt [ Cookie:mobile@webmasterplan.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBZD2FJ3.txt [ Cookie:mobile@zanox.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXW66728.txt [ Cookie:mobile@adform.net/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\LRK3BEWJ.txt [ Cookie:mobile@ad1.adfarm1.adition.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\S4GOIAW6.txt [ Cookie:mobile@zanox-affiliate.de/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQJZZSFK.txt [ Cookie:mobile@ad.zanox.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\O234VNB3.txt [ Cookie:mobile@serving-sys.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\S02ES2D9.txt [ Cookie:mobile@counter.hitslink.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\URNBYJVA.txt [ Cookie:mobile@ad4.adfarm1.adition.com/ ]
        F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\XE2XB03C.txt [ Cookie:mobile@track.adform.net/ ]
        .doubleclick.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        .microsoftsto.112.2o7.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
        www.active-tracking.de [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
8.erneut einen Scan mit OTL

Extras.txt
Code:
OTL Extras logfile created on: 12.06.2012 21:17:08 - Run 4
OTL by OldTimer - Version 3.2.46.0    Folder = F:\Users\mobile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,03% Memory free
7,35 Gb Paging File | 4,97 Gb Available in Paging File | 67,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 40,77 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 8,75 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 1,09 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,32 Gb Free Space | 2,29% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe |
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system |
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system |
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system |
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe |
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe |
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe |
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe |
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe |
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe |
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe |
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe |
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2012 14:37:34 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:37:37 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:37:45 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:37:47 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:38:13 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:38:33 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:38:35 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:42:33 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:42:36 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
Error - 12.06.2012 14:42:38 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description =
 
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2010 08:54:41 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 06:35:08 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 82848 seconds with 120 seconds of active time.  This session ended with a
 crash.
 
Error - 24.02.2011 08:16:33 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2011 01:27:56 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.04.2012 03:27:38 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 06.04.2012 12:01:42 | Computer Name = ***** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 07.04.2012 03:09:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 08.04.2012 13:54:58 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 10.04.2012 06:41:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 11.04.2012 14:17:29 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 12.04.2012 04:25:50 | Computer Name = ***** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 13.04.2012 02:51:52 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
 
< End of report >
OTL.txt

Code:
OTL logfile created on: 12.06.2012 21:17:08 - Run 4
OTL by OldTimer - Version 3.2.46.0    Folder = F:\Users\mobile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,03% Memory free
7,35 Gb Paging File | 4,97 Gb Available in Paging File | 67,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 40,77 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 8,75 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 1,09 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,32 Gb Free Space | 2,29% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.03 19:21:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.21 21:18:19 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:31:52 | 000,010,240 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vprintproxy.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.01.01 12:03:49 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- F:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2010.11.03 10:34:37 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- F:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 F8 63 C1 CB 48 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
 
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.09 15:11:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.09 15:11:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 20:13:10 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.06 20:09:19 | 000,000,000 | ---D | C] -- F:\ProgramData\SUPERAntiSpyware.com
[2012.06.06 20:09:19 | 000,000,000 | ---D | C] -- F:\Program Files\SUPERAntiSpyware
[2012.06.04 17:28:45 | 000,892,360 | ---- | C] (Oracle Corporation) -- F:\Users\mobile\Desktop\JavaSetup7u4.exe
[2012.06.04 17:18:55 | 021,053,392 | ---- | C] (Oracle Corporation) -- F:\Users\mobile\Desktop\jre-7u4-windows-i586.exe
[2012.06.03 19:21:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
[2012.06.03 12:04:44 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.03 12:04:42 | 000,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2012.06.03 09:50:00 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\Malwarebytes
[2012.06.03 09:49:54 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 09:49:52 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012.06.03 09:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 09:49:51 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.03 09:40:55 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.12 21:17:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.12 18:14:13 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat[2012.06.10 10:36:32 | 000,000,999 | ---- | M] () -- F:\Users\mobile\Desktop\Dropbox.lnk
[2012.06.07 08:02:44 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 08:02:44 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 20:09:23 | 000,001,825 | ---- | M] () -- F:\Users\mobile\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.06 19:58:32 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.06 19:50:05 | 000,456,562 | ---- | M] () -- F:\Users\mobile\Desktop\cc_20120606_194931.reg
[2012.06.04 17:28:45 | 000,892,360 | ---- | M] (Oracle Corporation) -- F:\Users\mobile\Desktop\JavaSetup7u4.exe
[2012.06.04 17:18:55 | 021,053,392 | ---- | M] (Oracle Corporation) -- F:\Users\mobile\Desktop\jre-7u4-windows-i586.exe
[2012.06.03 19:21:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
[2012.06.03 12:04:44 | 000,000,839 | ---- | M] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
[2012.06.06 20:09:23 | 000,001,825 | ---- | C] () -- F:\Users\mobile\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.06 19:49:33 | 000,456,562 | ---- | C] () -- F:\Users\mobile\Desktop\cc_20120606_194931.reg
[2012.06.03 12:04:44 | 000,000,839 | ---- | C] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
 
========== LOP Check ==========
 
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.10 10:50:43 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,030,114 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

kira 15.06.2012 09:09
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.
Falls etwas findet in der Quarantäne verschieben!

► Hast Du ein Win7-CD?

verwanzt 15.06.2012 11:19
Eine Win7-CD habe ich leider nicht. (OEM und AA Lizensierung). Rechner hat auch kein optisches Laufwerk.

Keine Funde durch TDSSKiller.

Code:
12:03:16.0274 5000        TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
12:03:16.0430 5000        ============================================================
12:03:16.0430 5000        Current date / time: 2012/06/15 12:03:16.0430
12:03:16.0430 5000        SystemInfo:
12:03:16.0430 5000       
12:03:16.0430 5000        OS Version: 6.1.7601 ServicePack: 1.0
12:03:16.0430 5000        Product type: Workstation
12:03:16.0430 5000        ComputerName: *****
12:03:16.0430 5000        UserName: mobile
12:03:16.0430 5000        Windows directory: F:\Windows
12:03:16.0430 5000        System windows directory: F:\Windows
12:03:16.0430 5000        Running under WOW64
12:03:16.0430 5000        Processor architecture: Intel x64
12:03:16.0430 5000        Number of processors: 4
12:03:16.0430 5000        Page size: 0x1000
12:03:16.0430 5000        Boot type: Normal boot
12:03:16.0430 5000        ============================================================
12:03:18.0161 5000        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:03:18.0161 5000        ============================================================
12:03:18.0161 5000        \Device\Harddisk0\DR0:
12:03:18.0161 5000        MBR partitions:
12:03:18.0161 5000        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
12:03:18.0161 5000        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x120852B0
12:03:18.0193 5000        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A1C800, BlocksNum 0x3A98000
12:03:18.0193 5000        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x174B5000, BlocksNum 0xC350000
12:03:18.0224 5000        \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x23805800, BlocksNum 0x1C28800
12:03:18.0224 5000        ============================================================
12:03:18.0255 5000        C: <-> \Device\Harddisk0\DR0\Partition1
12:03:18.0302 5000        F: <-> \Device\Harddisk0\DR0\Partition2
12:03:18.0380 5000        H: <-> \Device\Harddisk0\DR0\Partition4
12:03:18.0380 5000        ============================================================
12:03:18.0380 5000        Initialize success
12:03:18.0380 5000        ============================================================
12:03:38.0488 5100        ============================================================
12:03:38.0488 5100        Scan started
12:03:38.0488 5100        Mode: Manual;
12:03:38.0488 5100        ============================================================
12:03:42.0295 5100        !SASCORE        (7d9d615201a483d6fa99491c2e655a5a) F:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:03:42.0295 5100        !SASCORE - ok
12:03:42.0497 5100        1394ohci        (a87d604aea360176311474c87a63bb88) F:\Windows\system32\drivers\1394ohci.sys
12:03:42.0497 5100        1394ohci - ok
12:03:42.0560 5100        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) F:\Windows\system32\drivers\ACPI.sys
12:03:42.0575 5100        ACPI - ok
12:03:42.0622 5100        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) F:\Windows\system32\drivers\acpipmi.sys
12:03:42.0622 5100        AcpiPmi - ok
12:03:42.0700 5100        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) F:\Windows\system32\DRIVERS\adp94xx.sys
12:03:42.0716 5100        adp94xx - ok
12:03:42.0747 5100        adpahci        (597f78224ee9224ea1a13d6350ced962) F:\Windows\system32\DRIVERS\adpahci.sys
12:03:42.0747 5100        adpahci - ok
12:03:42.0778 5100        adpu320        (e109549c90f62fb570b9540c4b148e54) F:\Windows\system32\DRIVERS\adpu320.sys
12:03:42.0794 5100        adpu320 - ok
12:03:42.0841 5100        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) F:\Windows\System32\aelupsvc.dll
12:03:42.0841 5100        AeLookupSvc - ok
12:03:42.0903 5100        AFD            (1c7857b62de5994a75b054a9fd4c3825) F:\Windows\system32\drivers\afd.sys
12:03:42.0919 5100        AFD - ok
12:03:42.0965 5100        agp440          (608c14dba7299d8cb6ed035a68a15799) F:\Windows\system32\drivers\agp440.sys
12:03:42.0965 5100        agp440 - ok
12:03:42.0981 5100        ALG            (3290d6946b5e30e70414990574883ddb) F:\Windows\System32\alg.exe
12:03:42.0981 5100        ALG - ok
12:03:43.0012 5100        aliide          (5812713a477a3ad7363c7438ca2ee038) F:\Windows\system32\drivers\aliide.sys
12:03:43.0012 5100        aliide - ok
12:03:43.0028 5100        amdide          (1ff8b4431c353ce385c875f194924c0c) F:\Windows\system32\drivers\amdide.sys
12:03:43.0028 5100        amdide - ok
12:03:43.0075 5100        AmdK8          (7024f087cff1833a806193ef9d22cda9) F:\Windows\system32\DRIVERS\amdk8.sys
12:03:43.0075 5100        AmdK8 - ok
12:03:43.0090 5100        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) F:\Windows\system32\DRIVERS\amdppm.sys
12:03:43.0090 5100        AmdPPM - ok
12:03:43.0137 5100        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) F:\Windows\system32\drivers\amdsata.sys
12:03:43.0137 5100        amdsata - ok
12:03:43.0184 5100        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) F:\Windows\system32\DRIVERS\amdsbs.sys
12:03:43.0184 5100        amdsbs - ok
12:03:43.0215 5100        amdxata        (540daf1cea6094886d72126fd7c33048) F:\Windows\system32\drivers\amdxata.sys
12:03:43.0215 5100        amdxata - ok
12:03:43.0480 5100        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:03:43.0480 5100        AntiVirSchedulerService - ok
12:03:43.0527 5100        AntiVirService  (72d90e56563165984224493069c69ed4) F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:03:43.0527 5100        AntiVirService - ok
12:03:43.0574 5100        AppID          (89a69c3f2f319b43379399547526d952) F:\Windows\system32\drivers\appid.sys
12:03:43.0574 5100        AppID - ok
12:03:43.0605 5100        AppIDSvc        (0bc381a15355a3982216f7172f545de1) F:\Windows\System32\appidsvc.dll
12:03:43.0605 5100        AppIDSvc - ok
12:03:43.0652 5100        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) F:\Windows\System32\appinfo.dll
12:03:43.0667 5100        Appinfo - ok
12:03:43.0714 5100        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) F:\Windows\System32\appmgmts.dll
12:03:43.0714 5100        AppMgmt - ok
12:03:43.0745 5100        arc            (c484f8ceb1717c540242531db7845c4e) F:\Windows\system32\DRIVERS\arc.sys
12:03:43.0761 5100        arc - ok
12:03:43.0761 5100        arcsas          (019af6924aefe7839f61c830227fe79c) F:\Windows\system32\DRIVERS\arcsas.sys
12:03:43.0761 5100        arcsas - ok
12:03:43.0808 5100        AsyncMac        (769765ce2cc62867468cea93969b2242) F:\Windows\system32\DRIVERS\asyncmac.sys
12:03:43.0808 5100        AsyncMac - ok
12:03:43.0839 5100        atapi          (02062c0b390b7729edc9e69c680a6f3c) F:\Windows\system32\drivers\atapi.sys
12:03:43.0839 5100        atapi - ok
12:03:43.0995 5100        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) F:\Windows\system32\DRIVERS\athrx.sys
12:03:44.0057 5100        athr - ok
12:03:44.0260 5100        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) F:\Windows\System32\Audiosrv.dll
12:03:44.0276 5100        AudioEndpointBuilder - ok
12:03:44.0291 5100        AudioSrv        (f23fef6d569fce88671949894a8becf1) F:\Windows\System32\Audiosrv.dll
12:03:44.0291 5100        AudioSrv - ok
12:03:44.0354 5100        avgntflt        (b1224e6b086cd6548315b04ab575a23e) F:\Windows\system32\DRIVERS\avgntflt.sys
12:03:44.0369 5100        avgntflt - ok
12:03:44.0385 5100        avipbb          (ed45f12cfa62b83765c9c1496758cc87) F:\Windows\system32\DRIVERS\avipbb.sys
12:03:44.0385 5100        avipbb - ok
12:03:44.0447 5100        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) F:\Windows\System32\AxInstSV.dll
12:03:44.0447 5100        AxInstSV - ok
12:03:44.0525 5100        b06bdrv        (3e5b191307609f7514148c6832bb0842) F:\Windows\system32\DRIVERS\bxvbda.sys
12:03:44.0572 5100        b06bdrv - ok
12:03:44.0635 5100        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) F:\Windows\system32\DRIVERS\b57nd60a.sys
12:03:44.0635 5100        b57nd60a - ok
12:03:44.0697 5100        BDESVC          (fde360167101b4e45a96f939f388aeb0) F:\Windows\System32\bdesvc.dll
12:03:44.0697 5100        BDESVC - ok
12:03:44.0713 5100        Beep            (16a47ce2decc9b099349a5f840654746) F:\Windows\system32\drivers\Beep.sys
12:03:44.0713 5100        Beep - ok
12:03:44.0806 5100        BFE            (82974d6a2fd19445cc5171fc378668a4) F:\Windows\System32\bfe.dll
12:03:44.0822 5100        BFE - ok
12:03:44.0900 5100        BITS            (1ea7969e3271cbc59e1730697dc74682) F:\Windows\System32\qmgr.dll
12:03:44.0915 5100        BITS - ok
12:03:44.0962 5100        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) F:\Windows\system32\DRIVERS\blbdrive.sys
12:03:44.0978 5100        blbdrive - ok
12:03:44.0993 5100        bowser          (6c02a83164f5cc0a262f4199f0871cf5) F:\Windows\system32\DRIVERS\bowser.sys
12:03:45.0009 5100        bowser - ok
12:03:45.0040 5100        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) F:\Windows\system32\DRIVERS\BrFiltLo.sys
12:03:45.0040 5100        BrFiltLo - ok
12:03:45.0056 5100        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) F:\Windows\system32\DRIVERS\BrFiltUp.sys
12:03:45.0056 5100        BrFiltUp - ok
12:03:45.0087 5100        Browser        (8ef0d5c41ec907751b8429162b1239ed) F:\Windows\System32\browser.dll
12:03:45.0087 5100        Browser - ok
12:03:45.0118 5100        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) F:\Windows\System32\Drivers\Brserid.sys
12:03:45.0134 5100        Brserid - ok
12:03:45.0134 5100        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) F:\Windows\System32\Drivers\BrSerWdm.sys
12:03:45.0149 5100        BrSerWdm - ok
12:03:45.0165 5100        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) F:\Windows\System32\Drivers\BrUsbMdm.sys
12:03:45.0165 5100        BrUsbMdm - ok
12:03:45.0181 5100        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) F:\Windows\System32\Drivers\BrUsbSer.sys
12:03:45.0181 5100        BrUsbSer - ok
12:03:45.0227 5100        BthEnum        (cf98190a94f62e405c8cb255018b2315) F:\Windows\system32\DRIVERS\BthEnum.sys
12:03:45.0227 5100        BthEnum - ok
12:03:45.0243 5100        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) F:\Windows\system32\DRIVERS\bthmodem.sys
12:03:45.0243 5100        BTHMODEM - ok
12:03:45.0305 5100        BthPan          (02dd601b708dd0667e1331fa8518e9ff) F:\Windows\system32\DRIVERS\bthpan.sys
12:03:45.0305 5100        BthPan - ok
12:03:45.0368 5100        BTHPORT        (64c198198501f7560ee41d8d1efa7952) F:\Windows\System32\Drivers\BTHport.sys
12:03:45.0383 5100        BTHPORT - ok
12:03:45.0446 5100        bthserv        (95f9c2976059462cbbf227f7aab10de9) F:\Windows\system32\bthserv.dll
12:03:45.0446 5100        bthserv - ok
12:03:45.0477 5100        BTHUSB          (f188b7394d81010767b6df3178519a37) F:\Windows\System32\Drivers\BTHUSB.sys
12:03:45.0477 5100        BTHUSB - ok
12:03:45.0524 5100        cdfs            (b8bd2bb284668c84865658c77574381a) F:\Windows\system32\DRIVERS\cdfs.sys
12:03:45.0524 5100        cdfs - ok
12:03:45.0571 5100        cdrom          (f036ce71586e93d94dab220d7bdf4416) F:\Windows\system32\drivers\cdrom.sys
12:03:45.0586 5100        cdrom - ok
12:03:45.0617 5100        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) F:\Windows\System32\certprop.dll
12:03:45.0617 5100        CertPropSvc - ok
12:03:45.0633 5100        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) F:\Windows\system32\DRIVERS\circlass.sys
12:03:45.0633 5100        circlass - ok
12:03:45.0695 5100        CLFS            (fe1ec06f2253f691fe36217c592a0206) F:\Windows\system32\CLFS.sys
12:03:45.0695 5100        CLFS - ok
12:03:45.0789 5100        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:03:45.0789 5100        clr_optimization_v2.0.50727_32 - ok
12:03:45.0836 5100        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) F:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:03:45.0836 5100        clr_optimization_v2.0.50727_64 - ok
12:03:45.0929 5100        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:03:45.0929 5100        clr_optimization_v4.0.30319_32 - ok
12:03:45.0961 5100        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:03:45.0961 5100        clr_optimization_v4.0.30319_64 - ok
12:03:45.0992 5100        CmBatt          (0840155d0bddf1190f84a663c284bd33) F:\Windows\system32\DRIVERS\CmBatt.sys
12:03:45.0992 5100        CmBatt - ok
12:03:46.0023 5100        cmdide          (e19d3f095812725d88f9001985b94edd) F:\Windows\system32\drivers\cmdide.sys
12:03:46.0023 5100        cmdide - ok
12:03:46.0085 5100        CNG            (c4943b6c962e4b82197542447ad599f4) F:\Windows\system32\Drivers\cng.sys
12:03:46.0101 5100        CNG - ok
12:03:46.0117 5100        Compbatt        (102de219c3f61415f964c88e9085ad14) F:\Windows\system32\DRIVERS\compbatt.sys
12:03:46.0132 5100        Compbatt - ok
12:03:46.0163 5100        CompositeBus    (03edb043586cceba243d689bdda370a8) F:\Windows\system32\drivers\CompositeBus.sys
12:03:46.0163 5100        CompositeBus - ok
12:03:46.0179 5100        COMSysApp - ok
12:03:46.0210 5100        crcdisk        (1c827878a998c18847245fe1f34ee597) F:\Windows\system32\DRIVERS\crcdisk.sys
12:03:46.0210 5100        crcdisk - ok
12:03:46.0257 5100        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) F:\Windows\system32\cryptsvc.dll
12:03:46.0257 5100        CryptSvc - ok
12:03:46.0319 5100        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) F:\Windows\system32\drivers\csc.sys
12:03:46.0335 5100        CSC - ok
12:03:46.0663 5100        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) F:\Windows\System32\cscsvc.dll
12:03:46.0709 5100        CscService - ok
12:03:46.0756 5100        CVirtA          (44bddeb03c84a1c993c992ffb5700357) F:\Windows\system32\DRIVERS\CVirtA64.sys
12:03:46.0756 5100        CVirtA - ok
12:03:46.0990 5100        CVPND          (66257cb4e4fb69887cddc71663741435) F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
12:03:47.0021 5100        CVPND - ok
12:03:47.0177 5100        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) F:\Windows\system32\Drivers\CVPNDRVA.sys
12:03:47.0177 5100        CVPNDRVA - ok
12:03:47.0271 5100        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) F:\Windows\system32\rpcss.dll
12:03:47.0271 5100        DcomLaunch - ok
12:03:47.0333 5100        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) F:\Windows\System32\defragsvc.dll
12:03:47.0349 5100        defragsvc - ok
12:03:47.0396 5100        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) F:\Windows\system32\Drivers\dfsc.sys
12:03:47.0396 5100        DfsC - ok
12:03:47.0458 5100        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) F:\Windows\system32\dhcpcore.dll
12:03:47.0474 5100        Dhcp - ok
12:03:47.0489 5100        discache        (13096b05847ec78f0977f2c0f79e9ab3) F:\Windows\system32\drivers\discache.sys
12:03:47.0505 5100        discache - ok
12:03:47.0552 5100        Disk            (9819eee8b5ea3784ec4af3b137a5244c) F:\Windows\system32\DRIVERS\disk.sys
12:03:47.0552 5100        Disk - ok
12:03:47.0614 5100        DNE            (05cb5910b3ca6019fc3cca815ee06ffb) F:\Windows\system32\DRIVERS\dne64x.sys
12:03:47.0614 5100        DNE - ok
12:03:47.0692 5100        Dnscache        (16835866aaa693c7d7fceba8fff706e4) F:\Windows\System32\dnsrslvr.dll
12:03:47.0708 5100        Dnscache - ok
12:03:47.0755 5100        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) F:\Windows\System32\dot3svc.dll
12:03:47.0770 5100        dot3svc - ok
12:03:47.0864 5100        dot4            (b42ed0320c6e41102fde0005154849bb) F:\Windows\system32\DRIVERS\Dot4.sys
12:03:47.0864 5100        dot4 - ok
12:03:47.0895 5100        Dot4Print      (e9f5969233c5d89f3c35e3a66a52a361) F:\Windows\system32\drivers\Dot4Prt.sys
12:03:47.0895 5100        Dot4Print - ok
12:03:47.0911 5100        dot4usb        (fd05a02b0370bc3000f402e543ca5814) F:\Windows\system32\DRIVERS\dot4usb.sys
12:03:47.0911 5100        dot4usb - ok
12:03:47.0957 5100        DPS            (b26f4f737e8f9df4f31af6cf31d05820) F:\Windows\system32\dps.dll
12:03:47.0957 5100        DPS - ok
12:03:47.0989 5100        drmkaud        (9b19f34400d24df84c858a421c205754) F:\Windows\system32\drivers\drmkaud.sys
12:03:47.0989 5100        drmkaud - ok
12:03:48.0145 5100        DsiWMIService  (55f6f3e0df82e0113082852347bf2c16) F:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:03:48.0160 5100        DsiWMIService - ok
12:03:48.0269 5100        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) F:\Windows\System32\drivers\dxgkrnl.sys
12:03:48.0301 5100        DXGKrnl - ok
12:03:48.0363 5100        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) F:\Windows\System32\eapsvc.dll
12:03:48.0363 5100        EapHost - ok
12:03:48.0628 5100        ebdrv          (dc5d737f51be844d8c82c695eb17372f) F:\Windows\system32\DRIVERS\evbda.sys
12:03:48.0722 5100        ebdrv - ok
12:03:48.0878 5100        EFS            (c118a82cd78818c29ab228366ebf81c3) F:\Windows\System32\lsass.exe
12:03:48.0878 5100        EFS - ok
12:03:48.0971 5100        ehRecvr        (c4002b6b41975f057d98c439030cea07) F:\Windows\ehome\ehRecvr.exe
12:03:48.0987 5100        ehRecvr - ok
12:03:49.0018 5100        ehSched        (4705e8ef9934482c5bb488ce28afc681) F:\Windows\ehome\ehsched.exe
12:03:49.0034 5100        ehSched - ok
12:03:49.0159 5100        elxstor        (0e5da5369a0fcaea12456dd852545184) F:\Windows\system32\DRIVERS\elxstor.sys
12:03:49.0174 5100        elxstor - ok
12:03:49.0361 5100        ePowerSvc      (30bb48f6e48436bb5f332832b142945c) F:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
12:03:49.0377 5100        ePowerSvc - ok
12:03:49.0533 5100        ErrDev          (34a3c54752046e79a126e15c51db409b) F:\Windows\system32\drivers\errdev.sys
12:03:49.0549 5100        ErrDev - ok
12:03:49.0611 5100        EventSystem    (4166f82be4d24938977dd1746be9b8a0) F:\Windows\system32\es.dll
12:03:49.0611 5100        EventSystem - ok
12:03:49.0658 5100        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) F:\Windows\system32\drivers\exfat.sys
12:03:49.0673 5100        exfat - ok
12:03:49.0689 5100        fastfat        (0adc83218b66a6db380c330836f3e36d) F:\Windows\system32\drivers\fastfat.sys
12:03:49.0689 5100        fastfat - ok
12:03:49.0783 5100        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) F:\Windows\system32\fxssvc.exe
12:03:49.0783 5100        Fax - ok
12:03:49.0798 5100        fdc            (d765d19cd8ef61f650c384f62fac00ab) F:\Windows\system32\DRIVERS\fdc.sys
12:03:49.0798 5100        fdc - ok
12:03:49.0829 5100        fdPHost        (0438cab2e03f4fb61455a7956026fe86) F:\Windows\system32\fdPHost.dll
12:03:49.0829 5100        fdPHost - ok
12:03:49.0845 5100        FDResPub        (802496cb59a30349f9a6dd22d6947644) F:\Windows\system32\fdrespub.dll
12:03:49.0845 5100        FDResPub - ok
12:03:49.0861 5100        FileInfo        (655661be46b5f5f3fd454e2c3095b930) F:\Windows\system32\drivers\fileinfo.sys
12:03:49.0876 5100        FileInfo - ok
12:03:49.0892 5100        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) F:\Windows\system32\drivers\filetrace.sys
12:03:49.0892 5100        Filetrace - ok
12:03:49.0907 5100        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) F:\Windows\system32\DRIVERS\flpydisk.sys
12:03:49.0907 5100        flpydisk - ok
12:03:49.0954 5100        FltMgr          (da6b67270fd9db3697b20fce94950741) F:\Windows\system32\drivers\fltmgr.sys
12:03:49.0970 5100        FltMgr - ok
12:03:50.0079 5100        FontCache      (5c4cb4086fb83115b153e47add961a0c) F:\Windows\system32\FntCache.dll
12:03:50.0110 5100        FontCache - ok
12:03:50.0219 5100        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) F:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:03:50.0219 5100        FontCache3.0.0.0 - ok
12:03:50.0266 5100        FsDepends      (d43703496149971890703b4b1b723eac) F:\Windows\system32\drivers\FsDepends.sys
12:03:50.0266 5100        FsDepends - ok
12:03:50.0282 5100        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) F:\Windows\system32\drivers\Fs_Rec.sys
12:03:50.0282 5100        Fs_Rec - ok
12:03:50.0360 5100        fvevol          (1f7b25b858fa27015169fe95e54108ed) F:\Windows\system32\DRIVERS\fvevol.sys
12:03:50.0360 5100        fvevol - ok
12:03:50.0391 5100        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) F:\Windows\system32\DRIVERS\gagp30kx.sys
12:03:50.0391 5100        gagp30kx - ok
12:03:50.0485 5100        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) F:\Windows\System32\gpsvc.dll
12:03:50.0500 5100        gpsvc - ok
12:03:50.0547 5100        hcmon          (d5fa01185a7d5a65724fd87b34e53f5b) F:\Windows\system32\drivers\hcmon.sys
12:03:50.0547 5100        hcmon - ok
12:03:50.0547 5100        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) F:\Windows\system32\drivers\hcw85cir.sys
12:03:50.0547 5100        hcw85cir - ok
12:03:50.0609 5100        HdAudAddService (975761c778e33cd22498059b91e7373a) F:\Windows\system32\drivers\HdAudio.sys
12:03:50.0625 5100        HdAudAddService - ok
12:03:50.0672 5100        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) F:\Windows\system32\drivers\HDAudBus.sys
12:03:50.0672 5100        HDAudBus - ok
12:03:50.0703 5100        HidBatt        (78e86380454a7b10a5eb255dc44a355f) F:\Windows\system32\DRIVERS\HidBatt.sys
12:03:50.0719 5100        HidBatt - ok
12:03:50.0719 5100        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) F:\Windows\system32\DRIVERS\hidbth.sys
12:03:50.0734 5100        HidBth - ok
12:03:50.0750 5100        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) F:\Windows\system32\DRIVERS\hidir.sys
12:03:50.0750 5100        HidIr - ok
12:03:50.0765 5100        hidserv        (bd9eb3958f213f96b97b1d897dee006d) F:\Windows\system32\hidserv.dll
12:03:50.0781 5100        hidserv - ok
12:03:50.0828 5100        HidUsb          (9592090a7e2b61cd582b612b6df70536) F:\Windows\system32\DRIVERS\hidusb.sys
12:03:50.0828 5100        HidUsb - ok
12:03:50.0875 5100        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) F:\Windows\system32\kmsvc.dll
12:03:50.0875 5100        hkmsvc - ok
12:03:50.0953 5100        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) F:\Windows\system32\ListSvc.dll
12:03:50.0953 5100        HomeGroupListener - ok
12:03:50.0999 5100        HomeGroupProvider (908acb1f594274965a53926b10c81e89) F:\Windows\system32\provsvc.dll
12:03:50.0999 5100        HomeGroupProvider - ok
12:03:51.0031 5100        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) F:\Windows\system32\drivers\HpSAMD.sys
12:03:51.0031 5100        HpSAMD - ok
12:03:51.0140 5100        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) F:\Windows\system32\drivers\HTTP.sys
12:03:51.0155 5100        HTTP - ok
12:03:51.0187 5100        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) F:\Windows\system32\drivers\hwpolicy.sys
12:03:51.0187 5100        hwpolicy - ok
12:03:51.0233 5100        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) F:\Windows\system32\drivers\i8042prt.sys
12:03:51.0233 5100        i8042prt - ok
12:03:51.0311 5100        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) F:\Windows\system32\drivers\iaStorV.sys
12:03:51.0327 5100        iaStorV - ok
12:03:51.0421 5100        IDriverT        (6f95324909b502e2651442c1548ab12f) F:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:03:51.0421 5100        IDriverT - ok
12:03:51.0561 5100        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) F:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:03:51.0577 5100        idsvc - ok
12:03:52.0185 5100        igfx            (7467ae8f96ea983423148c62458669fa) F:\Windows\system32\DRIVERS\igdkmd64.sys
12:03:52.0357 5100        igfx - ok
12:03:52.0528 5100        iirsp          (5c18831c61933628f5bb0ea2675b9d21) F:\Windows\system32\DRIVERS\iirsp.sys
12:03:52.0544 5100        iirsp - ok
12:03:52.0637 5100        IKEEXT          (fcd84c381e0140af901e58d48882d26b) F:\Windows\System32\ikeext.dll
12:03:52.0653 5100        IKEEXT - ok
12:03:52.0715 5100        Impcd          (c48567d80ad357613cd0eeade18780ae) F:\Windows\system32\DRIVERS\Impcd.sys
12:03:52.0731 5100        Impcd - ok
12:03:52.0778 5100        IntcDAud        (da24c1f66ee1b5a92e045376d7a44b58) F:\Windows\system32\DRIVERS\IntcDAud.sys
12:03:52.0793 5100        IntcDAud - ok
12:03:52.0825 5100        intelide        (f00f20e70c6ec3aa366910083a0518aa) F:\Windows\system32\drivers\intelide.sys
12:03:52.0825 5100        intelide - ok
12:03:52.0887 5100        intelppm        (ada036632c664caa754079041cf1f8c1) F:\Windows\system32\DRIVERS\intelppm.sys
12:03:52.0887 5100        intelppm - ok
12:03:52.0918 5100        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) F:\Windows\system32\ipbusenum.dll
12:03:52.0918 5100        IPBusEnum - ok
12:03:52.0949 5100        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) F:\Windows\system32\DRIVERS\ipfltdrv.sys
12:03:52.0949 5100        IpFilterDriver - ok
12:03:53.0043 5100        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) F:\Windows\System32\iphlpsvc.dll
12:03:53.0059 5100        iphlpsvc - ok
12:03:53.0090 5100        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) F:\Windows\system32\drivers\IPMIDrv.sys
12:03:53.0090 5100        IPMIDRV - ok
12:03:53.0137 5100        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) F:\Windows\system32\drivers\ipnat.sys
12:03:53.0137 5100        IPNAT - ok
12:03:53.0168 5100        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) F:\Windows\system32\drivers\irenum.sys
12:03:53.0168 5100        IRENUM - ok
12:03:53.0199 5100        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) F:\Windows\system32\drivers\isapnp.sys
12:03:53.0199 5100        isapnp - ok
12:03:53.0246 5100        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) F:\Windows\system32\drivers\msiscsi.sys
12:03:53.0261 5100        iScsiPrt - ok
12:03:53.0293 5100        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) F:\Windows\system32\drivers\kbdclass.sys
12:03:53.0293 5100        kbdclass - ok
12:03:53.0324 5100        kbdhid          (0705eff5b42a9db58548eec3b26bb484) F:\Windows\system32\drivers\kbdhid.sys
12:03:53.0324 5100        kbdhid - ok
12:03:53.0355 5100        KeyIso          (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:03:53.0355 5100        KeyIso - ok
12:03:53.0386 5100        KSecDD          (da1e991a61cfdd755a589e206b97644b) F:\Windows\system32\Drivers\ksecdd.sys
12:03:53.0386 5100        KSecDD - ok
12:03:53.0402 5100        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) F:\Windows\system32\Drivers\ksecpkg.sys
12:03:53.0417 5100        KSecPkg - ok
12:03:53.0449 5100        ksthunk        (6869281e78cb31a43e969f06b57347c4) F:\Windows\system32\drivers\ksthunk.sys
12:03:53.0449 5100        ksthunk - ok
12:03:53.0511 5100        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) F:\Windows\system32\msdtckrm.dll
12:03:53.0527 5100        KtmRm - ok
12:03:53.0589 5100        L1C            (39918db0efcf045a1ce6fabbf339f975) F:\Windows\system32\DRIVERS\L1C62x64.sys
12:03:53.0589 5100        L1C - ok
12:03:53.0651 5100        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) F:\Windows\system32\srvsvc.dll
12:03:53.0651 5100        LanmanServer - ok
12:03:53.0714 5100        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) F:\Windows\System32\wkssvc.dll
12:03:53.0729 5100        LanmanWorkstation - ok
12:03:53.0792 5100        lltdio          (1538831cf8ad2979a04c423779465827) F:\Windows\system32\DRIVERS\lltdio.sys
12:03:53.0792 5100        lltdio - ok
12:03:53.0854 5100        lltdsvc        (c1185803384ab3feed115f79f109427f) F:\Windows\System32\lltdsvc.dll
12:03:53.0870 5100        lltdsvc - ok
12:03:53.0901 5100        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) F:\Windows\System32\lmhsvc.dll
12:03:53.0901 5100        lmhosts - ok
12:03:53.0948 5100        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) F:\Windows\system32\DRIVERS\lsi_fc.sys
12:03:53.0948 5100        LSI_FC - ok
12:03:53.0963 5100        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) F:\Windows\system32\DRIVERS\lsi_sas.sys
12:03:53.0963 5100        LSI_SAS - ok
12:03:53.0995 5100        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) F:\Windows\system32\DRIVERS\lsi_sas2.sys
12:03:53.0995 5100        LSI_SAS2 - ok
12:03:54.0026 5100        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) F:\Windows\system32\DRIVERS\lsi_scsi.sys
12:03:54.0026 5100        LSI_SCSI - ok
12:03:54.0073 5100        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) F:\Windows\system32\drivers\luafv.sys
12:03:54.0073 5100        luafv - ok
12:03:54.0104 5100        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) F:\Windows\system32\Mcx2Svc.dll
12:03:54.0104 5100        Mcx2Svc - ok
12:03:54.0119 5100        megasas        (a55805f747c6edb6a9080d7c633bd0f4) F:\Windows\system32\DRIVERS\megasas.sys
12:03:54.0119 5100        megasas - ok
12:03:54.0151 5100        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) F:\Windows\system32\DRIVERS\MegaSR.sys
12:03:54.0166 5100        MegaSR - ok
12:03:54.0291 5100        Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) F:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:03:54.0291 5100        Microsoft Office Groove Audit Service - ok
12:03:54.0338 5100        MMCSS          (e40e80d0304a73e8d269f7141d77250b) F:\Windows\system32\mmcss.dll
12:03:54.0338 5100        MMCSS - ok
12:03:54.0369 5100        Modem          (800ba92f7010378b09f9ed9270f07137) F:\Windows\system32\drivers\modem.sys
12:03:54.0369 5100        Modem - ok
12:03:54.0400 5100        monitor        (b03d591dc7da45ece20b3b467e6aadaa) F:\Windows\system32\DRIVERS\monitor.sys
12:03:54.0400 5100        monitor - ok
12:03:54.0431 5100        mouclass        (7d27ea49f3c1f687d357e77a470aea99) F:\Windows\system32\DRIVERS\mouclass.sys
12:03:54.0431 5100        mouclass - ok
12:03:54.0463 5100        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) F:\Windows\system32\DRIVERS\mouhid.sys
12:03:54.0463 5100        mouhid - ok
12:03:54.0494 5100        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) F:\Windows\system32\drivers\mountmgr.sys
12:03:54.0494 5100        mountmgr - ok
12:03:54.0525 5100        mpio            (a44b420d30bd56e145d6a2bc8768ec58) F:\Windows\system32\drivers\mpio.sys
12:03:54.0541 5100        mpio - ok
12:03:54.0587 5100        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) F:\Windows\system32\drivers\mpsdrv.sys
12:03:54.0587 5100        mpsdrv - ok
12:03:54.0681 5100        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) F:\Windows\system32\mpssvc.dll
12:03:54.0697 5100        MpsSvc - ok
12:03:54.0743 5100        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) F:\Windows\system32\drivers\mrxdav.sys
12:03:54.0743 5100        MRxDAV - ok
12:03:54.0790 5100        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) F:\Windows\system32\DRIVERS\mrxsmb.sys
12:03:54.0806 5100        mrxsmb - ok
12:03:54.0853 5100        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) F:\Windows\system32\DRIVERS\mrxsmb10.sys
12:03:54.0868 5100        mrxsmb10 - ok
12:03:54.0915 5100        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) F:\Windows\system32\DRIVERS\mrxsmb20.sys
12:03:54.0915 5100        mrxsmb20 - ok
12:03:54.0931 5100        msahci          (c25f0bafa182cbca2dd3c851c2e75796) F:\Windows\system32\drivers\msahci.sys
12:03:54.0931 5100        msahci - ok
12:03:54.0977 5100        msdsm          (db801a638d011b9633829eb6f663c900) F:\Windows\system32\drivers\msdsm.sys
12:03:54.0993 5100        msdsm - ok
12:03:55.0024 5100        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) F:\Windows\System32\msdtc.exe
12:03:55.0040 5100        MSDTC - ok
12:03:55.0087 5100        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) F:\Windows\system32\drivers\Msfs.sys
12:03:55.0087 5100        Msfs - ok
12:03:55.0118 5100        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) F:\Windows\System32\drivers\mshidkmdf.sys
12:03:55.0118 5100        mshidkmdf - ok
12:03:55.0133 5100        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) F:\Windows\system32\drivers\msisadrv.sys
12:03:55.0133 5100        msisadrv - ok
12:03:55.0180 5100        MSiSCSI        (808e98ff49b155c522e6400953177b08) F:\Windows\system32\iscsiexe.dll
12:03:55.0196 5100        MSiSCSI - ok
12:03:55.0196 5100        msiserver - ok
12:03:55.0243 5100        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) F:\Windows\system32\drivers\MSKSSRV.sys
12:03:55.0243 5100        MSKSSRV - ok
12:03:55.0274 5100        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) F:\Windows\system32\drivers\MSPCLOCK.sys
12:03:55.0274 5100        MSPCLOCK - ok
12:03:55.0289 5100        MSPQM          (4ed981241db27c3383d72092b618a1d0) F:\Windows\system32\drivers\MSPQM.sys
12:03:55.0289 5100        MSPQM - ok
12:03:55.0336 5100        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) F:\Windows\system32\drivers\MsRPC.sys
12:03:55.0336 5100        MsRPC - ok
12:03:55.0367 5100        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) F:\Windows\system32\drivers\mssmbios.sys
12:03:55.0367 5100        mssmbios - ok
12:03:55.0383 5100        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) F:\Windows\system32\drivers\MSTEE.sys
12:03:55.0383 5100        MSTEE - ok
12:03:55.0399 5100        MTConfig        (7ea404308934e675bffde8edf0757bcd) F:\Windows\system32\DRIVERS\MTConfig.sys
12:03:55.0399 5100        MTConfig - ok
12:03:55.0414 5100        Mup            (f9a18612fd3526fe473c1bda678d61c8) F:\Windows\system32\Drivers\mup.sys
12:03:55.0430 5100        Mup - ok
12:03:55.0492 5100        napagent        (582ac6d9873e31dfa28a4547270862dd) F:\Windows\system32\qagentRT.dll
12:03:55.0508 5100        napagent - ok
12:03:55.0570 5100        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) F:\Windows\system32\DRIVERS\nwifi.sys
12:03:55.0586 5100        NativeWifiP - ok
12:03:55.0711 5100        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) F:\Windows\system32\drivers\ndis.sys
12:03:55.0726 5100        NDIS - ok
12:03:55.0742 5100        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) F:\Windows\system32\DRIVERS\ndiscap.sys
12:03:55.0742 5100        NdisCap - ok
12:03:55.0773 5100        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) F:\Windows\system32\DRIVERS\ndistapi.sys
12:03:55.0773 5100        NdisTapi - ok
12:03:55.0820 5100        Ndisuio        (136185f9fb2cc61e573e676aa5402356) F:\Windows\system32\DRIVERS\ndisuio.sys
12:03:55.0820 5100        Ndisuio - ok
12:03:55.0851 5100        NdisWan        (53f7305169863f0a2bddc49e116c2e11) F:\Windows\system32\DRIVERS\ndiswan.sys
12:03:55.0867 5100        NdisWan - ok
12:03:55.0913 5100        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) F:\Windows\system32\drivers\NDProxy.sys
12:03:55.0913 5100        NDProxy - ok
12:03:55.0929 5100        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) F:\Windows\system32\DRIVERS\netbios.sys
12:03:55.0929 5100        NetBIOS - ok
12:03:55.0976 5100        NetBT          (09594d1089c523423b32a4229263f068) F:\Windows\system32\DRIVERS\netbt.sys
12:03:55.0991 5100        NetBT - ok
12:03:56.0007 5100        Netlogon        (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:03:56.0007 5100        Netlogon - ok
12:03:56.0069 5100        Netman          (847d3ae376c0817161a14a82c8922a9e) F:\Windows\System32\netman.dll
12:03:56.0069 5100        Netman - ok
12:03:56.0116 5100        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) F:\Windows\System32\netprofm.dll
12:03:56.0132 5100        netprofm - ok
12:03:56.0194 5100        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) F:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:03:56.0210 5100        NetTcpPortSharing - ok
12:03:56.0241 5100        nfrd960        (77889813be4d166cdab78ddba990da92) F:\Windows\system32\DRIVERS\nfrd960.sys
12:03:56.0257 5100        nfrd960 - ok
12:03:56.0303 5100        NlaSvc          (1ee99a89cc788ada662441d1e9830529) F:\Windows\System32\nlasvc.dll
12:03:56.0319 5100        NlaSvc - ok
12:03:56.0335 5100        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) F:\Windows\system32\drivers\Npfs.sys
12:03:56.0335 5100        Npfs - ok
12:03:56.0366 5100        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) F:\Windows\system32\nsisvc.dll
12:03:56.0366 5100        nsi - ok
12:03:56.0381 5100        nsiproxy        (e7f5ae18af4168178a642a9247c63001) F:\Windows\system32\drivers\nsiproxy.sys
12:03:56.0381 5100        nsiproxy - ok
12:03:56.0537 5100        Ntfs            (a2f74975097f52a00745f9637451fdd8) F:\Windows\system32\drivers\Ntfs.sys
12:03:56.0600 5100        Ntfs - ok
12:03:56.0959 5100        Null            (9899284589f75fa8724ff3d16aed75c1) F:\Windows\system32\drivers\Null.sys
12:03:56.0959 5100        Null - ok
12:03:57.0005 5100        nvraid          (0a92cb65770442ed0dc44834632f66ad) F:\Windows\system32\drivers\nvraid.sys
12:03:57.0005 5100        nvraid - ok
12:03:57.0052 5100        nvstor          (dab0e87525c10052bf65f06152f37e4a) F:\Windows\system32\drivers\nvstor.sys
12:03:57.0052 5100        nvstor - ok
12:03:57.0115 5100        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) F:\Windows\system32\drivers\nv_agp.sys
12:03:57.0115 5100        nv_agp - ok
12:03:57.0239 5100        odserv          (1f0e05dff4f5a833168e49be1256f002) F:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:03:57.0255 5100        odserv - ok
12:03:57.0302 5100        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) F:\Windows\system32\drivers\ohci1394.sys
12:03:57.0302 5100        ohci1394 - ok
12:03:57.0364 5100        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) F:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:03:57.0364 5100        ose - ok
12:03:57.0785 5100        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:03:57.0910 5100        osppsvc - ok
12:03:58.0066 5100        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) F:\Windows\system32\pnrpsvc.dll
12:03:58.0097 5100        p2pimsvc - ok
12:03:58.0144 5100        p2psvc          (927463ecb02179f88e4b9a17568c63c3) F:\Windows\system32\p2psvc.dll
12:03:58.0160 5100        p2psvc - ok
12:03:58.0222 5100        Parport        (0086431c29c35be1dbc43f52cc273887) F:\Windows\system32\DRIVERS\parport.sys
12:03:58.0222 5100        Parport - ok
12:03:58.0269 5100        partmgr        (871eadac56b0a4c6512bbe32753ccf79) F:\Windows\system32\drivers\partmgr.sys
12:03:58.0269 5100        partmgr - ok
12:03:58.0316 5100        PcaSvc          (3aeaa8b561e63452c655dc0584922257) F:\Windows\System32\pcasvc.dll
12:03:58.0316 5100        PcaSvc - ok
12:03:58.0347 5100        pci            (94575c0571d1462a0f70bde6bd6ee6b3) F:\Windows\system32\drivers\pci.sys
12:03:58.0363 5100        pci - ok
12:03:58.0394 5100        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) F:\Windows\system32\drivers\pciide.sys
12:03:58.0394 5100        pciide - ok
12:03:58.0425 5100        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) F:\Windows\system32\DRIVERS\pcmcia.sys
12:03:58.0441 5100        pcmcia - ok
12:03:58.0456 5100        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) F:\Windows\system32\drivers\pcw.sys
12:03:58.0456 5100        pcw - ok
12:03:58.0519 5100        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) F:\Windows\system32\drivers\peauth.sys
12:03:58.0550 5100        PEAUTH - ok
12:03:58.0675 5100        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) F:\Windows\system32\peerdistsvc.dll
12:03:58.0721 5100        PeerDistSvc - ok
12:03:58.0815 5100        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) F:\Windows\SysWow64\perfhost.exe
12:03:58.0815 5100        PerfHost - ok
12:03:59.0049 5100        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) F:\Windows\system32\pla.dll
12:03:59.0111 5100        pla - ok
12:03:59.0189 5100        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) F:\Windows\system32\umpnpmgr.dll
12:03:59.0189 5100        PlugPlay - ok
12:03:59.0236 5100        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) F:\Windows\system32\pnrpauto.dll
12:03:59.0236 5100        PNRPAutoReg - ok
12:03:59.0267 5100        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) F:\Windows\system32\pnrpsvc.dll
12:03:59.0283 5100        PNRPsvc - ok
12:03:59.0345 5100        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) F:\Windows\System32\ipsecsvc.dll
12:03:59.0361 5100        PolicyAgent - ok
12:03:59.0408 5100        Power          (6ba9d927dded70bd1a9caded45f8b184) F:\Windows\system32\umpo.dll
12:03:59.0408 5100        Power - ok
12:03:59.0486 5100        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) F:\Windows\system32\DRIVERS\raspptp.sys
12:03:59.0486 5100        PptpMiniport - ok
12:03:59.0517 5100        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) F:\Windows\system32\DRIVERS\processr.sys
12:03:59.0533 5100        Processor - ok
12:03:59.0579 5100        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) F:\Windows\system32\profsvc.dll
12:03:59.0579 5100        ProfSvc - ok
12:03:59.0611 5100        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:03:59.0611 5100        ProtectedStorage - ok
12:03:59.0642 5100        Psched          (0557cf5a2556bd58e26384169d72438d) F:\Windows\system32\DRIVERS\pacer.sys
12:03:59.0657 5100        Psched - ok
12:03:59.0782 5100        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) F:\Windows\system32\DRIVERS\ql2300.sys
12:03:59.0845 5100        ql2300 - ok
12:03:59.0985 5100        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) F:\Windows\system32\DRIVERS\ql40xx.sys
12:04:00.0001 5100        ql40xx - ok
12:04:00.0047 5100        QWAVE          (906191634e99aea92c4816150bda3732) F:\Windows\system32\qwave.dll
12:04:00.0063 5100        QWAVE - ok
12:04:00.0079 5100        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) F:\Windows\system32\drivers\qwavedrv.sys
12:04:00.0079 5100        QWAVEdrv - ok
12:04:00.0110 5100        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) F:\Windows\system32\DRIVERS\rasacd.sys
12:04:00.0110 5100        RasAcd - ok
12:04:00.0157 5100        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) F:\Windows\system32\DRIVERS\AgileVpn.sys
12:04:00.0157 5100        RasAgileVpn - ok
12:04:00.0172 5100        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) F:\Windows\System32\rasauto.dll
12:04:00.0172 5100        RasAuto - ok
12:04:00.0235 5100        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) F:\Windows\system32\DRIVERS\rasl2tp.sys
12:04:00.0235 5100        Rasl2tp - ok
12:04:00.0281 5100        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) F:\Windows\System32\rasmans.dll
12:04:00.0297 5100        RasMan - ok
12:04:00.0313 5100        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) F:\Windows\system32\DRIVERS\raspppoe.sys
12:04:00.0328 5100        RasPppoe - ok
12:04:00.0344 5100        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) F:\Windows\system32\DRIVERS\rassstp.sys
12:04:00.0359 5100        RasSstp - ok
12:04:00.0406 5100        rdbss          (77f665941019a1594d887a74f301fa2f) F:\Windows\system32\DRIVERS\rdbss.sys
12:04:00.0422 5100        rdbss - ok
12:04:00.0437 5100        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) F:\Windows\system32\DRIVERS\rdpbus.sys
12:04:00.0437 5100        rdpbus - ok
12:04:00.0469 5100        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) F:\Windows\system32\DRIVERS\RDPCDD.sys
12:04:00.0469 5100        RDPCDD - ok
12:04:00.0515 5100        RDPDR          (1b6163c503398b23ff8b939c67747683) F:\Windows\system32\drivers\rdpdr.sys
12:04:00.0531 5100        RDPDR - ok
12:04:00.0547 5100        RDPENCDD        (bb5971a4f00659529a5c44831af22365) F:\Windows\system32\drivers\rdpencdd.sys
12:04:00.0547 5100        RDPENCDD - ok
12:04:00.0578 5100        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) F:\Windows\system32\drivers\rdprefmp.sys
12:04:00.0578 5100        RDPREFMP - ok
12:04:00.0625 5100        RDPWD          (6d76e6433574b058adcb0c50df834492) F:\Windows\system32\drivers\RDPWD.sys
12:04:00.0625 5100        RDPWD - ok
12:04:00.0687 5100        rdyboost        (34ed295fa0121c241bfef24764fc4520) F:\Windows\system32\drivers\rdyboost.sys
12:04:00.0687 5100        rdyboost - ok
12:04:00.0734 5100        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) F:\Windows\System32\mprdim.dll
12:04:00.0734 5100        RemoteAccess - ok
12:04:00.0765 5100        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) F:\Windows\system32\regsvc.dll
12:04:00.0781 5100        RemoteRegistry - ok
12:04:00.0827 5100        RFCOMM          (3dd798846e2c28102b922c56e71b7932) F:\Windows\system32\DRIVERS\rfcomm.sys
12:04:00.0827 5100        RFCOMM - ok
12:04:00.0874 5100        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) F:\Windows\System32\RpcEpMap.dll
12:04:00.0874 5100        RpcEptMapper - ok
12:04:00.0905 5100        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) F:\Windows\system32\locator.exe
12:04:00.0905 5100        RpcLocator - ok
12:04:00.0983 5100        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) F:\Windows\system32\rpcss.dll
12:04:00.0999 5100        RpcSs - ok
12:04:01.0046 5100        rspndr          (ddc86e4f8e7456261e637e3552e804ff) F:\Windows\system32\DRIVERS\rspndr.sys
12:04:01.0046 5100        rspndr - ok
12:04:01.0077 5100        s3cap          (e60c0a09f997826c7627b244195ab581) F:\Windows\system32\drivers\vms3cap.sys
12:04:01.0077 5100        s3cap - ok
12:04:01.0108 5100        SamSs          (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:04:01.0108 5100        SamSs - ok
12:04:01.0186 5100        SASDIFSV        (3289766038db2cb14d07dc84392138d5) F:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:04:01.0186 5100        SASDIFSV - ok
12:04:01.0217 5100        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) F:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:04:01.0217 5100        SASKUTIL - ok
12:04:01.0249 5100        sbp2port        (ac03af3329579fffb455aa2daabbe22b) F:\Windows\system32\drivers\sbp2port.sys
12:04:01.0249 5100        sbp2port - ok
12:04:01.0295 5100        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) F:\Windows\System32\SCardSvr.dll
12:04:01.0311 5100        SCardSvr - ok
12:04:01.0342 5100        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) F:\Windows\system32\DRIVERS\scfilter.sys
12:04:01.0342 5100        scfilter - ok
12:04:01.0483 5100        Schedule        (262f6592c3299c005fd6bec90fc4463a) F:\Windows\system32\schedsvc.dll
12:04:01.0498 5100        Schedule - ok
12:04:01.0545 5100        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) F:\Windows\System32\certprop.dll
12:04:01.0545 5100        SCPolicySvc - ok
12:04:01.0576 5100        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) F:\Windows\System32\SDRSVC.dll
12:04:01.0592 5100        SDRSVC - ok
12:04:01.0654 5100        secdrv          (3ea8a16169c26afbeb544e0e48421186) F:\Windows\system32\drivers\secdrv.sys
12:04:01.0654 5100        secdrv - ok
12:04:01.0685 5100        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) F:\Windows\system32\seclogon.dll
12:04:01.0701 5100        seclogon - ok
12:04:01.0732 5100        SENS            (c32ab8fa018ef34c0f113bd501436d21) F:\Windows\System32\sens.dll
12:04:01.0732 5100        SENS - ok
12:04:01.0748 5100        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) F:\Windows\system32\sensrsvc.dll
12:04:01.0748 5100        SensrSvc - ok
12:04:01.0763 5100        Serenum        (cb624c0035412af0debec78c41f5ca1b) F:\Windows\system32\DRIVERS\serenum.sys
12:04:01.0763 5100        Serenum - ok
12:04:01.0810 5100        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) F:\Windows\system32\DRIVERS\serial.sys
12:04:01.0810 5100        Serial - ok
12:04:01.0857 5100        sermouse        (1c545a7d0691cc4a027396535691c3e3) F:\Windows\system32\DRIVERS\sermouse.sys
12:04:01.0857 5100        sermouse - ok
12:04:01.0966 5100        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) F:\Windows\system32\sessenv.dll
12:04:01.0966 5100        SessionEnv - ok
12:04:01.0997 5100        sffdisk        (a554811bcd09279536440c964ae35bbf) F:\Windows\system32\drivers\sffdisk.sys
12:04:02.0013 5100        sffdisk - ok
12:04:02.0029 5100        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) F:\Windows\system32\drivers\sffp_mmc.sys
12:04:02.0029 5100        sffp_mmc - ok
12:04:02.0029 5100        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) F:\Windows\system32\drivers\sffp_sd.sys
12:04:02.0044 5100        sffp_sd - ok
12:04:02.0060 5100        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) F:\Windows\system32\DRIVERS\sfloppy.sys
12:04:02.0075 5100        sfloppy - ok
12:04:02.0122 5100        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) F:\Windows\System32\ipnathlp.dll
12:04:02.0138 5100        SharedAccess - ok
12:04:02.0185 5100        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) F:\Windows\System32\shsvcs.dll
12:04:02.0185 5100        ShellHWDetection - ok
12:04:02.0216 5100        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) F:\Windows\system32\DRIVERS\SiSRaid2.sys
12:04:02.0216 5100        SiSRaid2 - ok
12:04:02.0231 5100        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) F:\Windows\system32\DRIVERS\sisraid4.sys
12:04:02.0231 5100        SiSRaid4 - ok
12:04:02.0263 5100        Smb            (548260a7b8654e024dc30bf8a7c5baa4) F:\Windows\system32\DRIVERS\smb.sys
12:04:02.0263 5100        Smb - ok
12:04:02.0294 5100        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) F:\Windows\System32\snmptrap.exe
12:04:02.0309 5100        SNMPTRAP - ok
12:04:02.0419 5100        speedfan        (5f9785e7535f8f602cb294a54962c9e7) F:\Windows\syswow64\speedfan.sys
12:04:02.0419 5100        speedfan - ok
12:04:02.0450 5100        spldr          (b9e31e5cacdfe584f34f730a677803f9) F:\Windows\system32\drivers\spldr.sys
12:04:02.0450 5100        spldr - ok
12:04:02.0512 5100        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) F:\Windows\System32\spoolsv.exe
12:04:02.0528 5100        Spooler - ok
12:04:02.0793 5100        sppsvc          (e17e0188bb90fae42d83e98707efa59c) F:\Windows\system32\sppsvc.exe
12:04:02.0918 5100        sppsvc - ok
12:04:03.0058 5100        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) F:\Windows\system32\sppuinotify.dll
12:04:03.0058 5100        sppuinotify - ok
12:04:03.0136 5100        srv            (441fba48bff01fdb9d5969ebc1838f0b) F:\Windows\system32\DRIVERS\srv.sys
12:04:03.0152 5100        srv - ok
12:04:03.0230 5100        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) F:\Windows\system32\DRIVERS\srv2.sys
12:04:03.0245 5100        srv2 - ok
12:04:03.0292 5100        srvnet          (27e461f0be5bff5fc737328f749538c3) F:\Windows\system32\DRIVERS\srvnet.sys
12:04:03.0292 5100        srvnet - ok
12:04:03.0339 5100        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) F:\Windows\System32\ssdpsrv.dll
12:04:03.0355 5100        SSDPSRV - ok
12:04:03.0370 5100        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) F:\Windows\system32\sstpsvc.dll
12:04:03.0370 5100        SstpSvc - ok
12:04:03.0401 5100        stexstor        (f3817967ed533d08327dc73bc4d5542a) F:\Windows\system32\DRIVERS\stexstor.sys
12:04:03.0401 5100        stexstor - ok
12:04:03.0495 5100        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) F:\Windows\System32\wiaservc.dll
12:04:03.0511 5100        stisvc - ok
12:04:03.0542 5100        storflt        (7785dc213270d2fc066538daf94087e7) F:\Windows\system32\drivers\vmstorfl.sys
12:04:03.0542 5100        storflt - ok
12:04:03.0573 5100        StorSvc        (c40841817ef57d491f22eb103da587cc) F:\Windows\system32\storsvc.dll
12:04:03.0573 5100        StorSvc - ok
12:04:03.0604 5100        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) F:\Windows\system32\drivers\storvsc.sys
12:04:03.0620 5100        storvsc - ok
12:04:03.0635 5100        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) F:\Windows\system32\drivers\swenum.sys
12:04:03.0635 5100        swenum - ok
12:04:03.0713 5100        swprv          (e08e46fdd841b7184194011ca1955a0b) F:\Windows\System32\swprv.dll
12:04:03.0713 5100        swprv - ok
12:04:03.0885 5100        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) F:\Windows\system32\sysmain.dll
12:04:03.0947 5100        SysMain - ok
12:04:04.0088 5100        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) F:\Windows\System32\TabSvc.dll
12:04:04.0088 5100        TabletInputService - ok
12:04:04.0135 5100        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) F:\Windows\System32\tapisrv.dll
12:04:04.0150 5100        TapiSrv - ok
12:04:04.0197 5100        TBS            (1be03ac720f4d302ea01d40f588162f6) F:\Windows\System32\tbssvc.dll
12:04:04.0213 5100        TBS - ok
12:04:04.0384 5100        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) F:\Windows\system32\drivers\tcpip.sys
12:04:04.0447 5100        Tcpip - ok
12:04:04.0743 5100        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) F:\Windows\system32\DRIVERS\tcpip.sys
12:04:04.0759 5100        TCPIP6 - ok
12:04:04.0899 5100        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) F:\Windows\system32\drivers\tcpipreg.sys
12:04:04.0915 5100        tcpipreg - ok
12:04:04.0946 5100        TDPIPE          (3371d21011695b16333a3934340c4e7c) F:\Windows\system32\drivers\tdpipe.sys
12:04:04.0961 5100        TDPIPE - ok
12:04:04.0993 5100        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) F:\Windows\system32\drivers\tdtcp.sys
12:04:04.0993 5100        TDTCP - ok
12:04:05.0055 5100        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) F:\Windows\system32\DRIVERS\tdx.sys
12:04:05.0055 5100        tdx - ok
12:04:05.0102 5100        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) F:\Windows\system32\drivers\termdd.sys
12:04:05.0102 5100        TermDD - ok
12:04:05.0164 5100        TermService    (2e648163254233755035b46dd7b89123) F:\Windows\System32\termsrv.dll
12:04:05.0180 5100        TermService - ok
12:04:05.0211 5100        Themes          (f0344071948d1a1fa732231785a0664c) F:\Windows\system32\themeservice.dll
12:04:05.0211 5100        Themes - ok
12:04:05.0242 5100        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) F:\Windows\system32\mmcss.dll
12:04:05.0242 5100        THREADORDER - ok
12:04:05.0258 5100        TrkWks          (7e7afd841694f6ac397e99d75cead49d) F:\Windows\System32\trkwks.dll
12:04:05.0258 5100        TrkWks - ok
12:04:05.0320 5100        truecrypt      (ea43de1743c1ba0d2d17b8db90c91d88) F:\Windows\system32\drivers\truecrypt.sys
12:04:05.0336 5100        truecrypt - ok
12:04:05.0414 5100        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) F:\Windows\servicing\TrustedInstaller.exe
12:04:05.0414 5100        TrustedInstaller - ok
12:04:05.0445 5100        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) F:\Windows\system32\DRIVERS\tssecsrv.sys
12:04:05.0445 5100        tssecsrv - ok
12:04:05.0507 5100        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) F:\Windows\system32\drivers\tsusbflt.sys
12:04:05.0507 5100        TsUsbFlt - ok
12:04:05.0570 5100        tunnel          (3566a8daafa27af944f5d705eaa64894) F:\Windows\system32\DRIVERS\tunnel.sys
12:04:05.0570 5100        tunnel - ok
12:04:05.0601 5100        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) F:\Windows\system32\DRIVERS\uagp35.sys
12:04:05.0601 5100        uagp35 - ok
12:04:05.0648 5100        udfs            (ff4232a1a64012baa1fd97c7b67df593) F:\Windows\system32\DRIVERS\udfs.sys
12:04:05.0663 5100        udfs - ok
12:04:05.0788 5100        ufad-ws60      (215462ae7e6a897d675e84dd1e3b3b56) F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
12:04:05.0804 5100        ufad-ws60 - ok
12:04:05.0835 5100        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) F:\Windows\system32\UI0Detect.exe
12:04:05.0851 5100        UI0Detect - ok
12:04:05.0882 5100        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) F:\Windows\system32\drivers\uliagpkx.sys
12:04:05.0882 5100        uliagpkx - ok
12:04:05.0913 5100        umbus          (dc54a574663a895c8763af0fa1ff7561) F:\Windows\system32\drivers\umbus.sys
12:04:05.0913 5100        umbus - ok
12:04:05.0944 5100        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) F:\Windows\system32\DRIVERS\umpass.sys
12:04:05.0944 5100        UmPass - ok
12:04:05.0975 5100        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) F:\Windows\System32\umrdp.dll
12:04:05.0991 5100        UmRdpService - ok
12:04:06.0053 5100        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) F:\Windows\System32\upnphost.dll
12:04:06.0069 5100        upnphost - ok
12:04:06.0100 5100        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) F:\Windows\system32\DRIVERS\usbccgp.sys
12:04:06.0100 5100        usbccgp - ok
12:04:06.0147 5100        usbcir          (af0892a803fdda7492f595368e3b68e7) F:\Windows\system32\drivers\usbcir.sys
12:04:06.0147 5100        usbcir - ok
12:04:06.0178 5100        usbehci        (c025055fe7b87701eb042095df1a2d7b) F:\Windows\system32\drivers\usbehci.sys
12:04:06.0178 5100        usbehci - ok
12:04:06.0241 5100        usbhub          (287c6c9410b111b68b52ca298f7b8c24) F:\Windows\system32\DRIVERS\usbhub.sys
12:04:06.0256 5100        usbhub - ok
12:04:06.0272 5100        usbohci        (9840fc418b4cbd632d3d0a667a725c31) F:\Windows\system32\drivers\usbohci.sys
12:04:06.0272 5100        usbohci - ok
12:04:06.0319 5100        usbprint        (73188f58fb384e75c4063d29413cee3d) F:\Windows\system32\DRIVERS\usbprint.sys
12:04:06.0334 5100        usbprint - ok
12:04:06.0365 5100        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) F:\Windows\system32\DRIVERS\usbscan.sys
12:04:06.0365 5100        usbscan - ok
12:04:06.0397 5100        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) F:\Windows\system32\DRIVERS\USBSTOR.SYS
12:04:06.0412 5100        USBSTOR - ok
12:04:06.0443 5100        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) F:\Windows\system32\drivers\usbuhci.sys
12:04:06.0443 5100        usbuhci - ok
12:04:06.0490 5100        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) F:\Windows\System32\Drivers\usbvideo.sys
12:04:06.0506 5100        usbvideo - ok
12:04:06.0537 5100        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) F:\Windows\System32\uxsms.dll
12:04:06.0537 5100        UxSms - ok
12:04:06.0584 5100        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:04:06.0584 5100        VaultSvc - ok
12:04:06.0631 5100        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) F:\Windows\system32\drivers\vdrvroot.sys
12:04:06.0631 5100        vdrvroot - ok
12:04:06.0693 5100        vds            (8d6b481601d01a456e75c3210f1830be) F:\Windows\System32\vds.exe
12:04:06.0709 5100        vds - ok
12:04:06.0755 5100        vga            (da4da3f5e02943c2dc8c6ed875de68dd) F:\Windows\system32\DRIVERS\vgapnp.sys
12:04:06.0771 5100        vga - ok
12:04:06.0787 5100        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) F:\Windows\System32\drivers\vga.sys
12:04:06.0787 5100        VgaSave - ok
12:04:06.0833 5100        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) F:\Windows\system32\drivers\vhdmp.sys
12:04:06.0833 5100        vhdmp - ok
12:04:06.0865 5100        viaide          (e5689d93ffe4e5d66c0178761240dd54) F:\Windows\system32\drivers\viaide.sys
12:04:06.0865 5100        viaide - ok
12:04:06.0989 5100        VMAuthdService  (11dcd7a2a0b1f8532b80f5aa98f9903e) F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
12:04:06.0989 5100        VMAuthdService - ok
12:04:07.0036 5100        vmbus          (86ea3e79ae350fea5331a1303054005f) F:\Windows\system32\drivers\vmbus.sys
12:04:07.0052 5100        vmbus - ok
12:04:07.0083 5100        VMBusHID        (7de90b48f210d29649380545db45a187) F:\Windows\system32\drivers\VMBusHID.sys
12:04:07.0083 5100        VMBusHID - ok
12:04:07.0130 5100        vmci            (4c8a14dbd410b510a88f77cb645f2c2a) F:\Windows\system32\drivers\vmci.sys
12:04:07.0130 5100        vmci - ok
12:04:07.0161 5100        vmkbd          (ffc30caeeb2fc5fee8568cff74edeaed) F:\Windows\system32\drivers\VMkbd.sys
12:04:07.0161 5100        vmkbd - ok
12:04:07.0192 5100        VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) F:\Windows\system32\DRIVERS\vmnetadapter.sys
12:04:07.0192 5100        VMnetAdapter - ok
12:04:07.0208 5100        VMnetBridge    (fb54ef3aa613d2832fd3812e7cb2fc75) F:\Windows\system32\DRIVERS\vmnetbridge.sys
12:04:07.0208 5100        VMnetBridge - ok
12:04:07.0223 5100        VMnetDHCP - ok
12:04:07.0223 5100        VMnetuserif    (d0b809f6a9fb437c2b880c3ca8c10780) F:\Windows\system32\drivers\vmnetuserif.sys
12:04:07.0239 5100        VMnetuserif - ok
12:04:07.0317 5100        VMUSBArbService (19368f7c4dc6ef444b826249fc8a0e30) F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
12:04:07.0317 5100        VMUSBArbService - ok
12:04:07.0333 5100        VMware NAT Service - ok
12:04:07.0364 5100        vmx86          (541a6d6536710fd0602ec3aa24a81756) F:\Windows\system32\drivers\vmx86.sys
12:04:07.0364 5100        vmx86 - ok
12:04:07.0395 5100        volmgr          (d2aafd421940f640b407aefaaebd91b0) F:\Windows\system32\drivers\volmgr.sys
12:04:07.0395 5100        volmgr - ok
12:04:07.0442 5100        volmgrx        (a255814907c89be58b79ef2f189b843b) F:\Windows\system32\drivers\volmgrx.sys
12:04:07.0457 5100        volmgrx - ok
12:04:07.0489 5100        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) F:\Windows\system32\drivers\volsnap.sys
12:04:07.0504 5100        volsnap - ok
12:04:07.0567 5100        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) F:\Windows\system32\DRIVERS\vsmraid.sys
12:04:07.0582 5100        vsmraid - ok
12:04:07.0723 5100        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) F:\Windows\system32\vssvc.exe
12:04:07.0754 5100        VSS - ok
12:04:07.0863 5100        vstor2-ws60    (e61c910e2ddf4797c1b1f9239636e894) F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
12:04:07.0863 5100        vstor2-ws60 - ok
12:04:07.0988 5100        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) F:\Windows\system32\DRIVERS\vwifibus.sys
12:04:07.0988 5100        vwifibus - ok
12:04:08.0019 5100        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) F:\Windows\system32\DRIVERS\vwififlt.sys
12:04:08.0019 5100        vwififlt - ok
12:04:08.0035 5100        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) F:\Windows\system32\DRIVERS\vwifimp.sys
12:04:08.0035 5100        vwifimp - ok
12:04:08.0097 5100        W32Time        (1c9d80cc3849b3788048078c26486e1a) F:\Windows\system32\w32time.dll
12:04:08.0113 5100        W32Time - ok
12:04:08.0128 5100        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) F:\Windows\system32\DRIVERS\wacompen.sys
12:04:08.0128 5100        WacomPen - ok
12:04:08.0191 5100        WANARP          (356afd78a6ed4457169241ac3965230c) F:\Windows\system32\DRIVERS\wanarp.sys
12:04:08.0191 5100        WANARP - ok
12:04:08.0206 5100        Wanarpv6        (356afd78a6ed4457169241ac3965230c) F:\Windows\system32\DRIVERS\wanarp.sys
12:04:08.0222 5100        Wanarpv6 - ok
12:04:08.0362 5100        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) F:\Windows\system32\wbengine.exe
12:04:08.0425 5100        wbengine - ok
12:04:08.0565 5100        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) F:\Windows\System32\wbiosrvc.dll
12:04:08.0581 5100        WbioSrvc - ok
12:04:08.0643 5100        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) F:\Windows\System32\wcncsvc.dll
12:04:08.0659 5100        wcncsvc - ok
12:04:08.0690 5100        WcsPlugInService (20f7441334b18cee52027661df4a6129) F:\Windows\System32\WcsPlugInService.dll
12:04:08.0690 5100        WcsPlugInService - ok
12:04:08.0752 5100        Wd              (72889e16ff12ba0f235467d6091b17dc) F:\Windows\system32\DRIVERS\wd.sys
12:04:08.0752 5100        Wd - ok
12:04:08.0815 5100        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) F:\Windows\system32\drivers\Wdf01000.sys
12:04:08.0830 5100        Wdf01000 - ok
12:04:08.0861 5100        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) F:\Windows\system32\wdi.dll
12:04:08.0861 5100        WdiServiceHost - ok
12:04:08.0877 5100        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) F:\Windows\system32\wdi.dll
12:04:08.0877 5100        WdiSystemHost - ok
12:04:08.0939 5100        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) F:\Windows\System32\webclnt.dll
12:04:08.0955 5100        WebClient - ok
12:04:09.0002 5100        Wecsvc          (c749025a679c5103e575e3b48e092c43) F:\Windows\system32\wecsvc.dll
12:04:09.0017 5100        Wecsvc - ok
12:04:09.0033 5100        wercplsupport  (7e591867422dc788b9e5bd337a669a08) F:\Windows\System32\wercplsupport.dll
12:04:09.0033 5100        wercplsupport - ok
12:04:09.0080 5100        WerSvc          (6d137963730144698cbd10f202e9f251) F:\Windows\System32\WerSvc.dll
12:04:09.0080 5100        WerSvc - ok
12:04:09.0158 5100        WfpLwf          (611b23304bf067451a9fdee01fbdd725) F:\Windows\system32\DRIVERS\wfplwf.sys
12:04:09.0158 5100        WfpLwf - ok
12:04:09.0173 5100        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) F:\Windows\system32\drivers\wimmount.sys
12:04:09.0173 5100        WIMMount - ok
12:04:09.0220 5100        WinDefend - ok
12:04:09.0220 5100        WinHttpAutoProxySvc - ok
12:04:09.0298 5100        Winmgmt        (19b07e7e8915d701225da41cb3877306) F:\Windows\system32\wbem\WMIsvc.dll
12:04:09.0298 5100        Winmgmt - ok
12:04:09.0470 5100        WinRM          (bcb1310604aa415c4508708975b3931e) F:\Windows\system32\WsmSvc.dll
12:04:09.0532 5100        WinRM - ok
12:04:09.0704 5100        WinUSB          (fe88b288356e7b47b74b13372add906d) F:\Windows\system32\DRIVERS\WinUSB.sys
12:04:09.0704 5100        WinUSB - ok
12:04:09.0797 5100        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) F:\Windows\System32\wlansvc.dll
12:04:09.0813 5100        Wlansvc - ok
12:04:09.0844 5100        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) F:\Windows\system32\drivers\wmiacpi.sys
12:04:09.0844 5100        WmiAcpi - ok
12:04:09.0922 5100        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) F:\Windows\system32\wbem\WmiApSrv.exe
12:04:09.0922 5100        wmiApSrv - ok
12:04:09.0969 5100        WMPNetworkSvc - ok
12:04:10.0063 5100        WMZuneComm      (83b6ca03c846fcd47f9883d77d1eb27b) F:\Program Files\Zune\WMZuneComm.exe
12:04:10.0078 5100        WMZuneComm - ok
12:04:10.0109 5100        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) F:\Windows\System32\wpcsvc.dll
12:04:10.0125 5100        WPCSvc - ok
12:04:10.0141 5100        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) F:\Windows\system32\wpdbusenum.dll
12:04:10.0156 5100        WPDBusEnum - ok
12:04:10.0187 5100        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) F:\Windows\system32\drivers\ws2ifsl.sys
12:04:10.0187 5100        ws2ifsl - ok
12:04:10.0203 5100        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) F:\Windows\System32\wscsvc.dll
12:04:10.0203 5100        wscsvc - ok
12:04:10.0203 5100        WSearch - ok
12:04:10.0406 5100        wuauserv        (9df12edbc698b0bc353b3ef84861e430) F:\Windows\system32\wuaueng.dll
12:04:10.0468 5100        wuauserv - ok
12:04:10.0609 5100        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) F:\Windows\system32\drivers\WudfPf.sys
12:04:10.0609 5100        WudfPf - ok
12:04:10.0655 5100        WUDFRd          (cf8d590be3373029d57af80914190682) F:\Windows\system32\DRIVERS\WUDFRd.sys
12:04:10.0671 5100        WUDFRd - ok
12:04:10.0718 5100        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) F:\Windows\System32\WUDFSvc.dll
12:04:10.0733 5100        wudfsvc - ok
12:04:10.0780 5100        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) F:\Windows\System32\wwansvc.dll
12:04:10.0796 5100        WwanSvc - ok
12:04:11.0420 5100        ZuneNetworkSvc  (67b787c34fb2888d01b130ae007042d8) F:\Program Files\Zune\ZuneNss.exe
12:04:11.0623 5100        ZuneNetworkSvc - ok
12:04:11.0732 5100        ZuneWlanCfgSvc  (4d89fc1c20cf655739efac5da81a67bc) F:\Program Files\Zune\ZuneWlanCfgSvc.exe
12:04:11.0747 5100        ZuneWlanCfgSvc - ok
12:04:11.0810 5100        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:04:12.0091 5100        \Device\Harddisk0\DR0 - ok
12:04:12.0106 5100        Boot (0x1200)  (1d80c71112f84c01d1065821600c4420) \Device\Harddisk0\DR0\Partition0
12:04:12.0106 5100        \Device\Harddisk0\DR0\Partition0 - ok
12:04:12.0122 5100        Boot (0x1200)  (88324b35b9c9da4f2e101047b9e09566) \Device\Harddisk0\DR0\Partition1
12:04:12.0122 5100        \Device\Harddisk0\DR0\Partition1 - ok
12:04:12.0153 5100        Boot (0x1200)  (8ee0055263cfeb7eb2e70a81e628e433) \Device\Harddisk0\DR0\Partition2
12:04:12.0153 5100        \Device\Harddisk0\DR0\Partition2 - ok
12:04:12.0184 5100        Boot (0x1200)  (842c9a7ec519afbde4e3e51ff2e7ccf0) \Device\Harddisk0\DR0\Partition3
12:04:12.0184 5100        \Device\Harddisk0\DR0\Partition3 - ok
12:04:12.0215 5100        Boot (0x1200)  (b96f32b784acd97bb39d74bb5d221af4) \Device\Harddisk0\DR0\Partition4
12:04:12.0215 5100        \Device\Harddisk0\DR0\Partition4 - ok
12:04:12.0215 5100        ============================================================
12:04:12.0215 5100        Scan finished
12:04:12.0215 5100        ============================================================
12:04:12.0215 5092        Detected object count: 0
12:04:12.0215 5092        Actual detected object count: 0

kira 15.06.2012 12:18
Mit Hilfe eine auf der Platte liegende Recovery (versteckte Partition auf der Platte) kannst "per Hand" das System in den Auslieferungszustand zurück versetzen?

verwanzt 15.06.2012 19:58
Nein, leider auch nicht.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129