Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir (https://www.trojaner-board.de/138777-kommandozeile-laesst-mehr-oeffnen-kein-zugriff-antivir.html)

matzepatze 25.07.2013 19:02

Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir
 
Hallo,

seit gestern habe ich ein paar Probleme auf meinen Windows Vista System. Die Kommandozeile lässt sich nicht mehr öffnen. Nicht aus dem Menü und auch nicht aus dem System32-Ordner. Ich habe probeweise einen neuen Benutzer erstellt, welcher die Kommandozeile ausführen kann. Beim Bearbeiten der Schritte zur Log-Erstellung konnte ich feststellen, dass sich AntiVir nicht deaktivieren lässt.

Zur Sicherheit hier die Logs:

OTL:

Zitat:

OTL logfile created on: 7/25/2013 11:03:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matze\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 62.93% Memory free
8.17 Gb Paging File | 6.09 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.47 Gb Total Space | 35.48 Gb Free Space | 12.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.51 Gb Free Space | 25.14% Space Free | Partition Type: NTFS

Computer Name: MATZEBOOK | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/25 11:01:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
PRC - [2013/06/27 10:39:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/06/27 10:39:10 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/06/27 10:39:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/03 03:06:06 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2013/04/03 03:05:58 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/20 15:20:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/06/04 20:15:53 | 000,210,920 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2011/02/28 10:44:18 | 001,579,520 | ---- | M] (ESRI) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
PRC - [2010/11/09 10:25:38 | 001,386,320 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008/10/13 15:57:54 | 000,962,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/10/13 15:53:48 | 004,378,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/10/13 12:16:50 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/06 14:40:26 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/01/16 21:06:32 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Spyware Terminator\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/06/20 15:20:52 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/25 21:42:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2008/10/16 19:05:00 | 001,449,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 18:27:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/17 14:23:00 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/07/17 14:22:52 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV - [2013/07/21 09:35:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/27 10:39:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/27 10:39:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/26 16:17:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/03 03:06:12 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/20 15:20:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/04 20:17:41 | 004,382,968 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/06/04 20:15:53 | 000,210,920 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2010/11/09 10:25:38 | 001,386,320 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
SRV - [2010/11/08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 21:42:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lmabcoms.exe -- (lmab_device)
SRV - [2009/03/30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 12:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/13 12:18:16 | 000,743,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/24 15:09:10 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013/04/30 11:11:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/04/30 11:11:00 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/04/30 11:10:59 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/02/12 04:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/07 19:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/06/04 20:19:18 | 000,035,368 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\oanet.sys -- (OAnet)
DRV:64bit: - [2012/02/29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/26 21:49:10 | 000,016,760 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\sepdal.sys -- (sepdal)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2010/11/08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/11/05 13:58:12 | 000,273,088 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AF9035BDA.sys -- (AF9035BDA)
DRV:64bit: - [2009/11/02 15:38:02 | 000,865,344 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\dvb7700all.sys -- (mod7700)
DRV:64bit: - [2009/10/01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 15:05:45 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm147.sys -- (tdrpman147)
DRV:64bit: - [2009/06/03 15:05:33 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/06/03 15:05:33 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/06/03 15:05:24 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snman380.sys -- (snapman380)
DRV:64bit: - [2009/04/11 07:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/11/17 08:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/10/23 07:45:58 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/10/23 07:45:56 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/10/23 07:45:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/09/22 13:44:28 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/28 07:09:32 | 003,154,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2008/08/06 14:40:30 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/07/23 11:51:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/07/17 14:23:14 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/06/19 14:22:46 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/21 04:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/12/06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/10/10 17:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2006/11/07 03:52:50 | 000,086,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/07 01:13:44 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/11/07 01:13:42 | 000,094,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/02 09:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/04/20 08:22:00 | 000,141,888 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\SENTINEL64.SYS -- (Sentinel)
DRV - [2012/06/04 20:19:18 | 000,040,512 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/06/04 20:19:17 | 000,061,624 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2012/06/04 20:16:11 | 000,061,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2004/04/05 08:57:46 | 000,966,352 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Capi20.sys -- (CAPI20)
DRV - [2003/03/19 14:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DETEWECP.SYS -- (DETEWECP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8CC1B7C0-3FDB-4368-82C6-F39F339FB180}
IE:64bit: - HKLM\..\SearchScopes\{8CC1B7C0-3FDB-4368-82C6-F39F339FB180}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\XChangePDFViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 09:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 09:50:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/25 17:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox351\components [2010/02/20 10:50:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox351\plugins [2012/09/25 17:13:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/26 16:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/26 16:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files (x86)\BirdieSync\Sunbird Service [2010/09/23 17:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files (x86)\BirdieSync\Thunderbird Service [2010/09/23 17:19:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 09:26:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 09:50:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/25 17:13:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/26 16:17:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/26 16:17:40 | 000,000,000 | ---D | M]

[2010/01/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2010/01/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/25 17:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions
[2010/04/29 08:43:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/29 19:37:30 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions\firefox@tvunetworks.com
[2011/12/19 14:17:47 | 000,000,933 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\11-suche.xml
[2011/12/19 14:17:47 | 000,002,419 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 14:17:47 | 000,010,525 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\gmx-suche.xml
[2011/12/19 14:17:47 | 000,002,457 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\lastminute.xml
[2011/12/19 14:17:47 | 000,005,508 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\webde-suche.xml
[2013/06/25 09:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/20 09:50:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012/06/18 10:30:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/18 10:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 10:30:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/02/15 22:04:06 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012/06/18 10:30:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/18 10:30:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/18 10:30:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={goo gle:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox351\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2009/05/25 14:27:19 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\Win32\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: NameServer = 134.245.10.7,134.245.1.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F424424-480A-472D-AC66-23A440330559}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_NewBlue.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_NewBlue.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{135e0603-773c-11e2-bd6a-0023ae11b0be}\Shell - "" = AutoRun
O33 - MountPoints2\{135e0603-773c-11e2-bd6a-0023ae11b0be}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8b2a9945-e0d2-11de-b77b-0023ae11b0be}\Shell - "" = AutoRun
O33 - MountPoints2\{8b2a9945-e0d2-11de-b77b-0023ae11b0be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{b0707254-bcd2-11e0-8c2a-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{b0707254-bcd2-11e0-8c2a-00215ca0d0f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{de74f350-79f9-11df-a286-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{de74f350-79f9-11df-a286-00215ca0d0f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{fab8016b-075b-11e0-84c3-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{fab8016b-075b-11e0-84c3-00215ca0d0f1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/25 11:01:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
[2013/07/24 15:09:10 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013/07/24 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Spyware Terminator
[2013/07/24 15:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013/07/24 15:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013/07/24 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013/07/22 03:01:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ythu
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ylpayp
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ilkid
[2013/06/26 16:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Users\Matze\AppData\Local\*.tmp files -> C:\Users\Matze\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/25 11:02:54 | 000,377,856 | ---- | M] () -- C:\Users\Matze\Desktop\gmer_2.1.19163.exe
[2013/07/25 11:01:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
[2013/07/25 10:46:56 | 000,000,000 | ---- | M] () -- C:\Users\Matze\defogger_reenable
[2013/07/25 10:45:50 | 000,050,477 | ---- | M] () -- C:\Users\Matze\Desktop\Defogger.exe
[2013/07/25 10:10:53 | 000,178,149 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/07/25 10:10:53 | 000,178,149 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/07/25 10:10:23 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 10:10:22 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 10:10:17 | 003,181,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/25 10:09:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 09:46:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/24 15:09:10 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013/07/24 15:08:36 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013/07/24 08:06:37 | 000,001,782 | -H-- | M] () -- C:\Users\Matze\Documents\Default.rdp
[2013/07/21 09:35:40 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/21 09:05:19 | 000,000,600 | ---- | M] () -- C:\Users\Matze\AppData\Local\PUTTY.RND
[2013/07/21 05:32:47 | 000,000,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
[2013/07/18 19:10:47 | 001,776,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 19:10:47 | 000,753,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/07/18 19:10:47 | 000,703,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 19:10:47 | 000,174,794 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/07/18 19:10:47 | 000,148,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/16 12:57:52 | 000,011,544 | ---- | M] () -- C:\Users\Matze\Desktop\fert_var.R
[2013/07/15 15:34:32 | 000,000,508 | ---- | M] () -- C:\Users\Matze\Desktop\_1_lhs_nitrate004.R
[2013/07/13 08:31:02 | 000,002,044 | ---- | M] () -- C:\Users\Matze\Desktop\Google Chrome.lnk
[2013/07/13 08:25:41 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
[2013/07/12 20:00:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
[2013/07/08 13:01:58 | 000,767,723 | ---- | M] () -- C:\Users\Matze\Desktop\Svoboda 2013 Nitrogen leaching losses after biogas residue application to maize.pdf
[2013/07/08 13:01:15 | 001,161,686 | ---- | M] () -- C:\Users\Matze\Desktop\Svoboda 2013 Crop production for biogas and water protection—A trade-off.pdf
[2013/07/08 08:16:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job
[2013/07/08 08:00:49 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/07 11:13:36 | 000,041,158 | ---- | M] () -- C:\Users\Matze\Desktop\Filipinski 2009 - Nährstoffausträge bei ökologisch und konventioneller beritschafteten Boden-Dauerbeobachtungsflächen in SH.pdf
[2013/07/07 11:02:56 | 002,921,444 | ---- | M] () -- C:\Users\Matze\Desktop\Kunkel 2012 Modellierung der Denitrifikation im Boden und.pdf
[2013/07/07 10:57:08 | 001,375,797 | ---- | M] () -- C:\Users\Matze\Desktop\Nmin Bauernblatt_Artikelserie_Artikel_7.pdf
[2013/07/05 16:36:46 | 001,842,004 | ---- | M] () -- C:\Users\Matze\Desktop\Munz 2011 Reducing monitoring gaps at the aquifer-river interface by modelling groundwater-surface water exchange flow patterns.pdf
[2013/07/05 16:35:14 | 001,251,889 | ---- | M] () -- C:\Users\Matze\Desktop\Saenger 2005 A numerical study of surface-subsurface exchange processes at a riffle-pool pair in the Lahn River, Germany.pdf
[2013/07/05 16:33:55 | 000,705,320 | ---- | M] () -- C:\Users\Matze\Desktop\Krause 2007 The impact of groundwater–surface water interactions on the water balance of a mesoscale lowland river catchment in norteastern Germany.pdf
[2013/07/05 16:31:53 | 000,671,065 | ---- | M] () -- C:\Users\Matze\Desktop\Harbaugh - Modflow.pdf
[2013/07/05 15:22:39 | 000,005,142 | ---- | M] () -- C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R
[2013/07/05 14:32:35 | 014,343,128 | ---- | M] () -- C:\Users\Matze\Desktop\DIPCON 2010 Diffuse Pollution and Eutrophication.pdf
[2013/07/05 10:21:54 | 000,003,448 | ---- | M] () -- C:\Users\Matze\Documents\no3leachsub.pdf
[2013/07/02 09:15:44 | 000,002,255 | ---- | M] () -- C:\Users\Matze\Desktop\nitrate_shape.R
[1 C:\Users\Matze\AppData\Local\*.tmp files -> C:\Users\Matze\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/25 11:02:59 | 000,377,856 | ---- | C] () -- C:\Users\Matze\Desktop\gmer_2.1.19163.exe
[2013/07/25 10:46:56 | 000,000,000 | ---- | C] () -- C:\Users\Matze\defogger_reenable
[2013/07/25 10:46:08 | 000,050,477 | ---- | C] () -- C:\Users\Matze\Desktop\Defogger.exe
[2013/07/24 15:08:36 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013/07/16 08:20:10 | 000,000,508 | ---- | C] () -- C:\Users\Matze\Desktop\_1_lhs_nitrate004.R
[2013/07/15 22:46:15 | 000,011,544 | ---- | C] () -- C:\Users\Matze\Desktop\fert_var.R
[2013/07/13 08:25:41 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
[2013/07/12 20:00:42 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
[2013/07/08 13:01:57 | 000,767,723 | ---- | C] () -- C:\Users\Matze\Desktop\Svoboda 2013 Nitrogen leaching losses after biogas residue application to maize.pdf
[2013/07/08 13:00:38 | 001,161,686 | ---- | C] () -- C:\Users\Matze\Desktop\Svoboda 2013 Crop production for biogas and water protection—A trade-off.pdf
[2013/07/07 11:13:36 | 000,041,158 | ---- | C] () -- C:\Users\Matze\Desktop\Filipinski 2009 - Nährstoffausträge bei ökologisch und konventioneller beritschafteten Boden-Dauerbeobachtungsflächen in SH.pdf
[2013/07/07 11:02:56 | 002,921,444 | ---- | C] () -- C:\Users\Matze\Desktop\Kunkel 2012 Modellierung der Denitrifikation im Boden und.pdf
[2013/07/07 10:57:07 | 001,375,797 | ---- | C] () -- C:\Users\Matze\Desktop\Nmin Bauernblatt_Artikelserie_Artikel_7.pdf
[2013/07/05 16:36:46 | 001,842,004 | ---- | C] () -- C:\Users\Matze\Desktop\Munz 2011 Reducing monitoring gaps at the aquifer-river interface by modelling groundwater-surface water exchange flow patterns.pdf
[2013/07/05 16:35:13 | 001,251,889 | ---- | C] () -- C:\Users\Matze\Desktop\Saenger 2005 A numerical study of surface-subsurface exchange processes at a riffle-pool pair in the Lahn River, Germany.pdf
[2013/07/05 16:33:55 | 000,705,320 | ---- | C] () -- C:\Users\Matze\Desktop\Krause 2007 The impact of groundwater–surface water interactions on the water balance of a mesoscale lowland river catchment in norteastern Germany.pdf
[2013/07/05 16:31:52 | 000,671,065 | ---- | C] () -- C:\Users\Matze\Desktop\Harbaugh - Modflow.pdf
[2013/07/05 14:31:59 | 014,343,128 | ---- | C] () -- C:\Users\Matze\Desktop\DIPCON 2010 Diffuse Pollution and Eutrophication.pdf
[2013/07/05 12:59:06 | 000,005,142 | ---- | C] () -- C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R
[2013/07/05 10:21:54 | 000,003,448 | ---- | C] () -- C:\Users\Matze\Documents\no3leachsub.pdf
[2013/07/02 09:15:36 | 000,002,255 | ---- | C] () -- C:\Users\Matze\Desktop\nitrate_shape.R
[2013/05/31 15:26:39 | 000,000,268 | ---- | C] () -- C:\Users\Matze\advanced_ip_scanner_MAC.bin
[2013/03/08 13:13:35 | 000,002,276 | ---- | C] () -- C:\Users\Matze\.recently-used.xbel
[2013/02/18 22:37:16 | 021,748,128 | ---- | C] () -- C:\Users\Matze\AppData\Local\TempFullTiltPokerEuSetup.exe
[2013/02/13 11:00:47 | 000,131,504 | ---- | C] () -- C:\Users\Matze\testjabref.xml
[2013/01/28 16:42:58 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/17 18:19:04 | 000,313,014 | ---- | C] () -- C:\Users\Matze\Gewässer.rar
[2012/06/18 11:31:34 | 001,756,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/19 16:46:27 | 000,061,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/05/19 16:46:27 | 000,061,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2012/02/17 09:39:29 | 000,047,832 | ---- | C] () -- C:\Users\Matze\Meine Konten_20120217T083929.gsb
[2012/02/16 21:59:15 | 000,019,036 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216205915.gnucash
[2012/02/16 21:53:57 | 000,018,792 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216205357.gnucash
[2012/02/16 19:15:17 | 000,016,473 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216181517.gnucash
[2012/02/16 18:39:13 | 000,016,348 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173913.gnucash
[2012/02/16 18:37:51 | 000,005,608 | ---- | C] () -- C:\Users\Matze\AppData\Local\recently-used.xbel
[2012/02/16 18:37:39 | 000,016,182 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173739.gnucash
[2012/02/16 18:30:25 | 000,016,019 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173025.gnucash
[2012/02/16 18:14:28 | 000,004,097 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216171428.gnucash
[2012/02/16 18:07:11 | 000,000,610 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170711.gnucash
[2012/02/16 18:06:24 | 000,016,013 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170624.gnucash
[2012/02/16 18:00:11 | 000,004,228 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170011.gnucash
[2012/02/16 17:51:43 | 000,004,470 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216165143.gnucash
[2012/02/16 17:24:17 | 000,004,075 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216162417.gnucash
[2012/02/16 17:22:15 | 000,019,032 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash
[2012/02/07 15:07:42 | 000,000,600 | ---- | C] () -- C:\Users\Matze\AppData\Local\PUTTY.RND
[2012/02/01 18:27:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2011/09/27 13:52:04 | 000,026,162 | ---- | C] () -- C:\Users\Matze\holzrahmen_drahtgflech+.2011_09_27_13_52_04.0.svg
[2011/09/27 13:19:24 | 000,022,771 | ---- | C] () -- C:\Users\Matze\Neues Dokument 13.2011_09_27_13_19_24.0.svg
[2010/11/25 20:16:25 | 000,004,096 | -H-- | C] () -- C:\Users\Matze\AppData\Local\keyfile3.drm
[2010/09/28 20:28:44 | 000,053,847 | ---- | C] () -- C:\Users\Matze\Direkt_Depot_8951303030_Wertpapier_Terminsache_DE0005140008_201.2010_09_28_20_28_44.0.svg
[2010/08/22 12:18:18 | 000,146,625 | ---- | C] () -- C:\Users\Matze\Zwischenbericht_I_LLUR_EndNote_Ver3_pd'.2010_08_22_12_18_18.0.svg
[2010/08/22 12:17:12 | 000,146,625 | ---- | C] () -- C:\Users\Matze\Zwischenbericht_I_LLUR_EndNote_Ver3_pd'.2010_08_22_12_17_12.0.svg
[2010/08/18 14:18:58 | 000,000,016 | ---- | C] () -- C:\Users\Matze\.gtk-bookmarks
[2010/08/04 13:09:55 | 000,047,843 | ---- | C] () -- C:\Users\Matze\Neues Dokument 1.2010_08_04_13_09_55.0.svg
[2010/06/07 21:21:09 | 000,032,811 | ---- | C] () -- C:\Users\Matze\antrag.bst
[2010/06/07 21:05:44 | 000,018,067 | ---- | C] () -- C:\Users\Matze\antrag.dbj
[2009/11/09 14:19:46 | 000,031,497 | ---- | C] () -- C:\Users\Matze\versuch_test.bst
[2009/11/09 14:12:52 | 000,018,872 | ---- | C] () -- C:\Users\Matze\antrag_test.dbj
[2009/11/09 14:09:30 | 000,030,744 | ---- | C] () -- C:\Users\Matze\neuest.bst
[2009/11/09 14:01:17 | 000,018,869 | ---- | C] () -- C:\Users\Matze\neuest.dbj
[2009/11/09 13:56:49 | 000,001,495 | ---- | C] () -- C:\Users\Matze\neu.bst
[2009/11/09 13:55:49 | 000,001,076 | ---- | C] () -- C:\Users\Matze\neu.dbj
[2009/11/06 09:15:50 | 000,035,099 | ---- | C] () -- C:\Users\Matze\pathdef.m
[2009/10/20 11:05:28 | 000,001,517 | ---- | C] () -- C:\Users\Matze\germanstyle.bst
[2009/10/20 11:04:14 | 000,001,091 | ---- | C] () -- C:\Users\Matze\germanstyle.dbj
[2009/10/20 08:00:58 | 000,030,191 | ---- | C] () -- C:\Users\Matze\test2.bst
[2009/10/20 07:51:11 | 000,018,104 | ---- | C] () -- C:\Users\Matze\test2.dbj
[2009/10/17 12:27:47 | 000,031,222 | ---- | C] () -- C:\Users\Matze\test.bst
[2009/10/17 12:08:34 | 000,027,394 | ---- | C] () -- C:\Users\Matze\test.dbj
[2009/10/06 10:51:12 | 000,000,014 | ---- | C] () -- C:\Users\Matze\geonext.ini
[2009/10/05 10:01:09 | 000,032,116 | ---- | C] () -- C:\Users\Matze\ownstyle.bst
[2009/10/05 09:42:28 | 000,027,492 | ---- | C] () -- C:\Users\Matze\ownstyle.dbj
[2009/05/23 13:58:45 | 000,000,186 | ---- | C] () -- C:\Users\Matze\AppData\Local\RAExpertHistory.xml
[2009/04/16 19:47:08 | 000,000,680 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
[2009/03/23 10:54:50 | 000,002,806 | ---- | C] () -- C:\Users\Matze\.jmf-resource
[2009/03/11 20:47:32 | 000,117,760 | ---- | C] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 10:36:03 | 000,178,149 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/11 10:27:09 | 000,178,149 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-221889202-2462721696-489215793-1000\$6e2d6f99c183032ac3dd1b6968c33d41\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-221889202-2462721696-489215793-1000\$6e2d6f99c183032ac3dd1b6968c33d41\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$6e2d6f99c183032ac3dd1b6968c33d41\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/15 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\AAV
[2009/06/03 15:46:28 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Acronis
[2012/08/06 21:57:31 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Audacity
[2010/10/19 21:13:42 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\BirdieSync
[2013/04/19 08:19:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\calibre
[2009/04/19 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Canneverbe_Limited
[2010/04/28 13:27:26 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CasinoOnNet
[2013/03/08 17:54:26 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\cef-cache
[2012/05/19 16:09:47 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CheckPoint
[2011/11/24 09:31:36 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ChemBuddy
[2009/11/22 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Cisco
[2009/03/10 21:10:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DassaultSystemes
[2013/07/25 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Dropbox
[2010/08/13 13:06:17 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\EndNote
[2011/01/18 10:47:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Epsitec Cache
[2012/08/13 21:32:14 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ESRI
[2009/03/18 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\FileZilla
[2011/05/04 14:01:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\GHISLER
[2012/02/17 09:39:29 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Grisbi
[2012/08/13 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\gtk-2.0
[2012/01/07 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Gutscheinmieze
[2013/07/04 17:13:29 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Ilkid
[2010/08/03 16:15:55 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\inkscape
[2012/11/14 16:11:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\IrfanView
[2009/03/17 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\J River
[2010/05/23 12:04:20 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\JabRef 2.5
[2010/10/14 15:54:12 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Miranda
[2011/06/25 20:46:22 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\MyPhoneExplorer
[2010/03/14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Nokia
[2010/03/14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Nokia Ovi Suite
[2013/04/30 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Notepad++
[2012/05/19 16:48:59 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\OnlineArmor
[2011/01/18 10:47:17 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\OPaC bright ideas
[2011/12/30 11:32:17 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PacificPoker
[2012/10/06 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Party
[2010/03/14 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PC Suite
[2010/05/17 14:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PixelPlanet
[2012/06/25 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\RStudio
[2010/07/29 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Safe Software
[2010/05/02 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\SmartDraw
[2013/07/24 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Spyware Terminator
[2012/02/01 18:28:12 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TaxNMore
[2011/01/11 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TerraTec
[2010/08/17 13:24:07 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Thunderbird
[2010/05/03 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\USEPA_WASP
[2013/07/08 08:12:56 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Ylpayp
[2013/07/08 08:24:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Ythu

========== Purity Check ==========



< End of report >

Extra-Log:

Zitat:

OTL Extras logfile created on: 7/25/2013 11:03:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matze\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 62.93% Memory free
8.17 Gb Paging File | 6.09 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.47 Gb Total Space | 35.48 Gb Free Space | 12.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.51 Gb Free Space | 25.14% Space Free | Partition Type: NTFS

Computer Name: MATZEBOOK | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 71 FA 5D 46 88 01 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{151CB4B7-FC63-4C72-8A21-5E87EB419DBB}" = Protector Suite QL 5.6
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{240FCE0B-F553-4ab3-9C7B-3CD082FCA117}" = NetDeviceManager64
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FC945A7-D54E-4F00-BE32-90553F80FCE8}" = ActivePerl 5.14.2 Build 1402 (64-bit)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5563A0F6-CF81-451E-87AD-A50075BCA9B7}" = QuickSet
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{967B4C7D-3914-41C3-803E-28C414B74A10}" = Debugging Tools for Windows 64-bit
"{97407E09-4EA8-49F0-A513-2C1776A6DEC0}" = Sentinel System Driver(64-bit) 7.2.2
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Kyocera Product Library" = Kyocera Product Library
"Lexmark_HostCD" = Lexmark Software deinstallieren
"MatlabR2008b" = MATLAB R2008b
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"R for Windows 3.0.0_is1" = R for Windows 3.0.0
"Shop for HP Supplies" = Shop for HP Supplies
"SmartDraw PDF Export_is1" = SmartDraw PDF Export (novaPDF 6.4 printer)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS License Manager 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E95014-3038-4909-8708-48AE7FEFBF05}" = DSL Connection Manager
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45E46848-AD24-4E6C-9751-F5B5FD2C15FF}_is1" = DIVA-GIS 7.3
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{843C64D7-117C-4A97-8E21-FD393A427249}" = ArcGIS Desktop 10 German Supplement
"{846D9AAD-EA7D-4126-9177-F874FD389BE4}" = Microsoft FxCop 1.35
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A6B642C7-5E7A-41DE-9792-342C2D7AC848}" = ArcSWAT
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C70C90D2-D197-40E9-B712-6828BDA5F74A}" = PdfMerge
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA5DEB6B-E108-4652-BFEC-C9B95446F244}" = Advanced IP Scanner
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E55E016B-8254-4A3F-ACEB-FE9988CD880F}" = Origin8
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"888Casino" = 888Casino
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"ArcGIS Desktop 10 German Supplement" = ArcGIS Desktop 10 German Supplement
"ArcGIS Desktop 10 German Supplement SP4" = ArcGIS Desktop 10 German Supplement Service Pack 4
"ArcGIS Desktop 10 German Supplement SP5" = ArcGIS Desktop 10 German Supplement Service Pack 5
"ArcGIS Desktop 10 SP4" = ArcGIS Desktop 10 Service Pack 4
"ArcGIS Desktop 10 SP5" = ArcGIS Desktop 10 Service Pack 5
"ArcGIS License Manager 10" = ArcGIS License Manager 10
"ArcGIS License Manager 10 SP3" = ArcGIS License Manager 10 Service Pack 3
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"BirdieSync" = BirdieSync 2.1.0.1
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29
"Cinergy T-Stick" = Cinergy T-Stick V8.08.18.01
"COMSOL35a" = COMSOL 3.5a
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.0
"FileZilla Server" = FileZilla Server (remove only)
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Inkscape" = Inkscape 0.47
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"JabRef 2.9.2" = JabRef 2.9.2
"LAME_is1" = LAME v3.99.3 (for Windows)
"Media Jukebox 12" = Media Jukebox 12
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Miranda IM" = Miranda IM 0.9.10
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"OnlineArmor_is1" = Online Armor 5.5
"OpenVPN" = OpenVPN 2.1.4
"PartyPoker" = PartyPoker
"Prism" = Prism Video Converter
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"RStudio" = RStudio
"SopCast" = SopCast 3.2.4
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ToolBox" = NCH Toolbox
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.9
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Poker 770" = Poker 770

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2013 3:58:56 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/25/2013 3:58:56 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/25/2013 3:59:00 AM | Computer Name = MatzeBook | Source = EventSystem | ID = 4609
Description =

Error - 7/25/2013 3:59:49 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/25/2013 3:59:49 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/25/2013 3:59:49 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/25/2013 3:59:54 AM | Computer Name = MatzeBook | Source = EventSystem | ID = 4609
Description =

Error - 7/25/2013 4:11:47 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/25/2013 4:11:49 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/25/2013 4:13:32 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 7/25/2013 4:16:46 AM | Computer Name = MatzeBook | Source = WinMgmt | ID = 10
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 8/6/2010 6:00:26 PM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 8/6/2010 6:00:26 PM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
974 Description: fatal error, stopping service

Error - 8/7/2010 10:06:50 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 8/7/2010 10:06:50 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 8/7/2010 5:42:53 PM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 8/7/2010 5:42:53 PM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
974 Description: fatal error, stopping service

Error - 8/8/2010 3:54:32 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 8/8/2010 3:54:32 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-

Error - 8/8/2010 4:00:01 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.

Error - 8/8/2010 4:00:01 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
974 Description: fatal error, stopping service

[ OSession Events ]
Error - 10/5/2010 11:47:25 AM | Computer Name = MatzeBook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2139 seconds with 780 seconds of active time. This session ended with a
crash.

Error - 11/16/2012 10:38:06 AM | Computer Name = MatzeBook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 73914
seconds with 600 seconds of active time. This session ended with a crash.

Error - 12/10/2012 10:07:18 AM | Computer Name = MatzeBook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 161674
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/25/2013 4:16:48 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7000
Description =

Error - 7/25/2013 4:16:48 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7003
Description =

Error - 7/25/2013 4:16:48 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7003
Description =

Error - 7/25/2013 4:16:48 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7000
Description =

Error - 7/25/2013 4:16:58 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7022
Description =

Error - 7/25/2013 4:18:04 AM | Computer Name = MatzeBook | Source = DCOM | ID = 10005
Description =

Error - 7/25/2013 4:18:07 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7009
Description =

Error - 7/25/2013 4:18:07 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7000
Description =

Error - 7/25/2013 4:20:12 AM | Computer Name = MatzeBook | Source = DCOM | ID = 10016
Description =

Error - 7/25/2013 4:23:12 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7022
Description =


< End of report >
GMER-Log:

Zitat:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-25 19:38:08
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FC4O 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Matze\AppData\Local\Temp\uwtdypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\WLANExt.exe [1928:1040] 00000001800c7f30
Thread C:\Windows\system32\WLANExt.exe [1928:1136] 0000000180070150
Thread C:\Windows\system32\WLANExt.exe [1928:1192] 00000001800c7f30
Thread C:\Windows\system32\WLANExt.exe [1928:1496] 000007fefb1d6124
Thread C:\Windows\system32\WLANExt.exe [1928:1528] 0000000001417d2c
Thread C:\Windows\system32\WLANExt.exe [1928:1708] 0000000001417d48
Thread C:\Windows\system32\WLANExt.exe [1928:1712] 0000000001417d10
Thread C:\Windows\system32\WLANExt.exe [1928:1716] 000007fefb1d6124
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2820] 00000000002c9524
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2892] 00000000510711f0
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2928] 0000000065095800
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2644] 00000000001538c4
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:3628] 000007fef46c13dc
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2520] 000007fef46c12ac
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4184] 000007fef42e1c00
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4324] 000007fef40038a0
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4120] 000007fefa29bd78
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4344] 000007fefa29c4f8
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4348] 000007fefa2a6844
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4592] 000007fefa29c4f8
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4596] 000007fefa2a6844
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:5004] 000007fef9cfa704
Thread [2040:1132] 00000000751bf36f
Thread [2040:1264] 000000007421c59c
Thread [2040:1448] 000000007421c59c
Thread [2040:1456] 000000007421c59c
Thread C:\Windows\system32\Dwm.exe [2844:2476] 000007fef95beba4
Thread C:\Windows\system32\Dwm.exe [2844:2424] 000007fefc07c2ac
Thread C:\Windows\system32\Dwm.exe [2844:2208] 000007fef946268c
Thread C:\Windows\system32\svchost.exe [3600:3512] 000007fefa29bd78
Thread C:\Windows\system32\svchost.exe [3600:3876] 000007fefa29c4f8
Thread C:\Windows\system32\svchost.exe [3600:3880] 000007fefa2a6844

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234efd7ddc
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234efd7ddc@000eed4cd3e5 0xD3 0x68 0x07 0xCA ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00234efd7ddc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00234efd7ddc@000eed4cd3e5 0xD3 0x68 0x07 0xCA ...

---- EOF - GMER 2.1 ----
Ich wäre euch dankbar, wenn ihr vielleicht drüber schauen könnte. Vielen Dank!

cosinus 25.07.2013 19:09

Hallo und :hallo:

Zitat:

O1 - Hosts: 127.0.0.1 activate.adobe.com
Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

matzepatze 25.07.2013 20:50

Ok, ich hab nochmal neu gestartet und gescannt:

OTL Logfile:
Code:

OTL logfile created on: 7/25/2013 9:22:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Matze\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.63% Memory free
8.17 Gb Paging File | 6.37 Gb Available in Paging File | 78.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.47 Gb Total Space | 37.64 Gb Free Space | 13.18% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.51 Gb Free Space | 25.14% Space Free | Partition Type: NTFS
 
Computer Name: MATZEBOOK | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/25 11:01:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
PRC - [2013/06/27 10:39:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/06/27 10:39:10 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/06/27 10:39:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/03 03:06:06 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2013/04/03 03:05:58 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/20 15:20:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/06/04 20:15:53 | 000,210,920 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2011/02/28 10:44:18 | 001,579,520 | ---- | M] (ESRI) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
PRC - [2010/11/09 10:25:38 | 001,386,320 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008/10/13 15:57:54 | 000,962,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/10/13 15:53:48 | 004,378,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/10/13 12:16:50 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/06 14:40:26 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/01/16 21:06:32 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Spyware Terminator\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/06/20 15:20:52 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/25 21:42:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2008/10/16 19:05:00 | 001,449,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 18:27:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/17 14:23:00 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/07/17 14:22:52 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV - [2013/07/21 09:35:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/27 10:39:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/27 10:39:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/26 16:17:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/03 03:06:12 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/20 15:20:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/04 20:17:41 | 004,382,968 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/06/04 20:15:53 | 000,210,920 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2010/11/09 10:25:38 | 001,386,320 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
SRV - [2010/11/08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 21:42:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lmabcoms.exe -- (lmab_device)
SRV - [2009/03/30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 12:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/13 12:18:16 | 000,743,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/24 15:09:10 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013/04/30 11:11:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/04/30 11:11:00 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/04/30 11:10:59 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/02/12 04:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/07 19:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/06/04 20:19:18 | 000,035,368 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\oanet.sys -- (OAnet)
DRV:64bit: - [2012/02/29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/26 21:49:10 | 000,016,760 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\sepdal.sys -- (sepdal)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2010/11/08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/11/05 13:58:12 | 000,273,088 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AF9035BDA.sys -- (AF9035BDA)
DRV:64bit: - [2009/11/02 15:38:02 | 000,865,344 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\dvb7700all.sys -- (mod7700)
DRV:64bit: - [2009/10/01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 15:05:45 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm147.sys -- (tdrpman147)
DRV:64bit: - [2009/06/03 15:05:33 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/06/03 15:05:33 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/06/03 15:05:24 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snman380.sys -- (snapman380)
DRV:64bit: - [2009/04/11 07:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/11/17 08:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/10/23 07:45:58 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/10/23 07:45:56 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/10/23 07:45:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/09/22 13:44:28 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/28 07:09:32 | 003,154,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2008/08/06 14:40:30 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/07/23 11:51:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/07/17 14:23:14 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/06/19 14:22:46 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/21 04:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/12/06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/10/10 17:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2006/11/07 03:52:50 | 000,086,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/07 01:13:44 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/11/07 01:13:42 | 000,094,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/02 09:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/04/20 08:22:00 | 000,141,888 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\SENTINEL64.SYS -- (Sentinel)
DRV - [2012/06/04 20:19:18 | 000,040,512 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/06/04 20:19:17 | 000,061,624 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2012/06/04 20:16:11 | 000,061,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2004/04/05 08:57:46 | 000,966,352 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Capi20.sys -- (CAPI20)
DRV - [2003/03/19 14:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DETEWECP.SYS -- (DETEWECP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8CC1B7C0-3FDB-4368-82C6-F39F339FB180}
IE:64bit: - HKLM\..\SearchScopes\{8CC1B7C0-3FDB-4368-82C6-F39F339FB180}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\XChangePDFViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 09:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 09:50:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/25 21:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox351\components [2010/02/20 10:50:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox351\plugins [2013/07/25 21:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/26 16:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/26 16:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files (x86)\BirdieSync\Sunbird Service [2010/09/23 17:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files (x86)\BirdieSync\Thunderbird Service [2010/09/23 17:19:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 09:26:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 09:50:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/25 21:09:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/26 16:17:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/26 16:17:40 | 000,000,000 | ---D | M]
 
[2010/01/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2010/01/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/25 17:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions
[2010/04/29 08:43:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/29 19:37:30 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions\firefox@tvunetworks.com
[2011/12/19 14:17:47 | 000,000,933 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\11-suche.xml
[2011/12/19 14:17:47 | 000,002,419 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 14:17:47 | 000,010,525 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\gmx-suche.xml
[2011/12/19 14:17:47 | 000,002,457 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\lastminute.xml
[2011/12/19 14:17:47 | 000,005,508 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\webde-suche.xml
[2013/06/25 09:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/20 09:50:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012/06/18 10:30:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/18 10:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 10:30:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/02/15 22:04:06 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012/06/18 10:30:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/18 10:30:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/18 10:30:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox351\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2009/05/25 14:27:19 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1                                activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\Win32\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: NameServer = 134.245.10.7,134.245.1.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F424424-480A-472D-AC66-23A440330559}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_NewBlue.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_NewBlue.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{135e0603-773c-11e2-bd6a-0023ae11b0be}\Shell - "" = AutoRun
O33 - MountPoints2\{135e0603-773c-11e2-bd6a-0023ae11b0be}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8b2a9945-e0d2-11de-b77b-0023ae11b0be}\Shell - "" = AutoRun
O33 - MountPoints2\{8b2a9945-e0d2-11de-b77b-0023ae11b0be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{b0707254-bcd2-11e0-8c2a-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{b0707254-bcd2-11e0-8c2a-00215ca0d0f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{de74f350-79f9-11df-a286-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{de74f350-79f9-11df-a286-00215ca0d0f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{fab8016b-075b-11e0-84c3-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{fab8016b-075b-11e0-84c3-00215ca0d0f1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/25 21:06:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/25 11:01:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
[2013/07/24 15:09:10 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013/07/24 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Spyware Terminator
[2013/07/24 15:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013/07/24 15:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013/07/24 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013/07/22 03:01:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/10 15:44:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/10 15:44:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/10 15:44:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/10 15:44:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/10 15:44:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/10 15:44:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/10 15:44:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/10 15:44:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/10 15:44:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/10 15:44:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/10 15:44:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/10 15:44:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/10 15:44:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/10 15:44:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/10 15:44:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/10 15:34:16 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/10 15:34:15 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/10 15:33:47 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 15:33:46 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/07/10 15:33:46 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/07/10 15:33:45 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/07/10 15:33:45 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/07/10 15:33:45 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/07/10 15:33:45 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/07/10 15:33:44 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/07/10 15:33:42 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/10 15:33:41 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ythu
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ylpayp
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ilkid
[2013/06/26 16:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Users\Matze\AppData\Local\*.tmp files -> C:\Users\Matze\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/25 21:18:53 | 003,172,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/25 21:16:12 | 000,178,149 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/07/25 21:16:12 | 000,178,149 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/07/25 21:15:03 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 21:15:03 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 21:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 21:13:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/25 11:02:54 | 000,377,856 | ---- | M] () -- C:\Users\Matze\Desktop\gmer_2.1.19163.exe
[2013/07/25 11:01:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
[2013/07/25 10:46:56 | 000,000,000 | ---- | M] () -- C:\Users\Matze\defogger_reenable
[2013/07/25 10:45:50 | 000,050,477 | ---- | M] () -- C:\Users\Matze\Desktop\Defogger.exe
[2013/07/24 15:09:10 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013/07/24 15:08:36 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013/07/24 08:06:37 | 000,001,782 | -H-- | M] () -- C:\Users\Matze\Documents\Default.rdp
[2013/07/21 09:35:40 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/21 09:35:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/21 09:35:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/21 09:05:19 | 000,000,600 | ---- | M] () -- C:\Users\Matze\AppData\Local\PUTTY.RND
[2013/07/21 05:32:47 | 000,000,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
[2013/07/18 19:10:47 | 001,776,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 19:10:47 | 000,753,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/07/18 19:10:47 | 000,703,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 19:10:47 | 000,174,794 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/07/18 19:10:47 | 000,148,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/16 12:57:52 | 000,011,544 | ---- | M] () -- C:\Users\Matze\Desktop\fert_var.R
[2013/07/15 15:34:32 | 000,000,508 | ---- | M] () -- C:\Users\Matze\Desktop\_1_lhs_nitrate004.R
[2013/07/13 08:31:02 | 000,002,044 | ---- | M] () -- C:\Users\Matze\Desktop\Google Chrome.lnk
[2013/07/13 08:25:41 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
[2013/07/12 20:00:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
[2013/07/08 13:01:58 | 000,767,723 | ---- | M] () -- C:\Users\Matze\Desktop\Svoboda 2013 Nitrogen leaching losses after biogas residue application to maize.pdf
[2013/07/08 13:01:15 | 001,161,686 | ---- | M] () -- C:\Users\Matze\Desktop\Svoboda 2013 Crop production for biogas and water protection—A trade-off.pdf
[2013/07/08 08:16:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job
[2013/07/08 08:00:49 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/07 11:13:36 | 000,041,158 | ---- | M] () -- C:\Users\Matze\Desktop\Filipinski 2009 - Nährstoffausträge bei ökologisch und konventioneller beritschafteten Boden-Dauerbeobachtungsflächen in SH.pdf
[2013/07/07 11:02:56 | 002,921,444 | ---- | M] () -- C:\Users\Matze\Desktop\Kunkel 2012 Modellierung der Denitrifikation im Boden und.pdf
[2013/07/07 10:57:08 | 001,375,797 | ---- | M] () -- C:\Users\Matze\Desktop\Nmin Bauernblatt_Artikelserie_Artikel_7.pdf
[2013/07/05 16:36:46 | 001,842,004 | ---- | M] () -- C:\Users\Matze\Desktop\Munz 2011 Reducing monitoring gaps at the aquifer-river interface by modelling groundwater-surface water exchange flow patterns.pdf
[2013/07/05 16:35:14 | 001,251,889 | ---- | M] () -- C:\Users\Matze\Desktop\Saenger 2005 A numerical study of surface-subsurface exchange processes at a riffle-pool pair in the Lahn River, Germany.pdf
[2013/07/05 16:33:55 | 000,705,320 | ---- | M] () -- C:\Users\Matze\Desktop\Krause 2007 The impact of groundwater–surface water interactions on the water balance of a mesoscale lowland river catchment in norteastern Germany.pdf
[2013/07/05 16:31:53 | 000,671,065 | ---- | M] () -- C:\Users\Matze\Desktop\Harbaugh - Modflow.pdf
[2013/07/05 15:22:39 | 000,005,142 | ---- | M] () -- C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R
[2013/07/05 14:32:35 | 014,343,128 | ---- | M] () -- C:\Users\Matze\Desktop\DIPCON 2010 Diffuse Pollution and Eutrophication.pdf
[2013/07/05 10:21:54 | 000,003,448 | ---- | M] () -- C:\Users\Matze\Documents\no3leachsub.pdf
[2013/07/02 09:15:44 | 000,002,255 | ---- | M] () -- C:\Users\Matze\Desktop\nitrate_shape.R
[1 C:\Users\Matze\AppData\Local\*.tmp files -> C:\Users\Matze\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/25 11:02:59 | 000,377,856 | ---- | C] () -- C:\Users\Matze\Desktop\gmer_2.1.19163.exe
[2013/07/25 10:46:56 | 000,000,000 | ---- | C] () -- C:\Users\Matze\defogger_reenable
[2013/07/25 10:46:08 | 000,050,477 | ---- | C] () -- C:\Users\Matze\Desktop\Defogger.exe
[2013/07/24 15:08:36 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013/07/16 08:20:10 | 000,000,508 | ---- | C] () -- C:\Users\Matze\Desktop\_1_lhs_nitrate004.R
[2013/07/15 22:46:15 | 000,011,544 | ---- | C] () -- C:\Users\Matze\Desktop\fert_var.R
[2013/07/13 08:25:41 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
[2013/07/12 20:00:42 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
[2013/07/08 13:01:57 | 000,767,723 | ---- | C] () -- C:\Users\Matze\Desktop\Svoboda 2013 Nitrogen leaching losses after biogas residue application to maize.pdf
[2013/07/08 13:00:38 | 001,161,686 | ---- | C] () -- C:\Users\Matze\Desktop\Svoboda 2013 Crop production for biogas and water protection—A trade-off.pdf
[2013/07/07 11:13:36 | 000,041,158 | ---- | C] () -- C:\Users\Matze\Desktop\Filipinski 2009 - Nährstoffausträge bei ökologisch und konventioneller beritschafteten Boden-Dauerbeobachtungsflächen in SH.pdf
[2013/07/07 11:02:56 | 002,921,444 | ---- | C] () -- C:\Users\Matze\Desktop\Kunkel 2012 Modellierung der Denitrifikation im Boden und.pdf
[2013/07/07 10:57:07 | 001,375,797 | ---- | C] () -- C:\Users\Matze\Desktop\Nmin Bauernblatt_Artikelserie_Artikel_7.pdf
[2013/07/05 16:36:46 | 001,842,004 | ---- | C] () -- C:\Users\Matze\Desktop\Munz 2011 Reducing monitoring gaps at the aquifer-river interface by modelling groundwater-surface water exchange flow patterns.pdf
[2013/07/05 16:35:13 | 001,251,889 | ---- | C] () -- C:\Users\Matze\Desktop\Saenger 2005 A numerical study of surface-subsurface exchange processes at a riffle-pool pair in the Lahn River, Germany.pdf
[2013/07/05 16:33:55 | 000,705,320 | ---- | C] () -- C:\Users\Matze\Desktop\Krause 2007 The impact of groundwater–surface water interactions on the water balance of a mesoscale lowland river catchment in norteastern Germany.pdf
[2013/07/05 16:31:52 | 000,671,065 | ---- | C] () -- C:\Users\Matze\Desktop\Harbaugh - Modflow.pdf
[2013/07/05 14:31:59 | 014,343,128 | ---- | C] () -- C:\Users\Matze\Desktop\DIPCON 2010 Diffuse Pollution and Eutrophication.pdf
[2013/07/05 12:59:06 | 000,005,142 | ---- | C] () -- C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R
[2013/07/05 10:21:54 | 000,003,448 | ---- | C] () -- C:\Users\Matze\Documents\no3leachsub.pdf
[2013/07/02 09:15:36 | 000,002,255 | ---- | C] () -- C:\Users\Matze\Desktop\nitrate_shape.R
[2013/05/31 15:26:39 | 000,000,268 | ---- | C] () -- C:\Users\Matze\advanced_ip_scanner_MAC.bin
[2013/03/08 13:13:35 | 000,002,276 | ---- | C] () -- C:\Users\Matze\.recently-used.xbel
[2013/02/18 22:37:16 | 021,748,128 | ---- | C] () -- C:\Users\Matze\AppData\Local\TempFullTiltPokerEuSetup.exe
[2013/02/13 11:00:47 | 000,131,504 | ---- | C] () -- C:\Users\Matze\testjabref.xml
[2013/01/28 16:42:58 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/17 18:19:04 | 000,313,014 | ---- | C] () -- C:\Users\Matze\Gewässer.rar
[2012/06/18 11:31:34 | 001,756,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/19 16:46:27 | 000,061,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/05/19 16:46:27 | 000,061,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2012/02/17 09:39:29 | 000,047,832 | ---- | C] () -- C:\Users\Matze\Meine Konten_20120217T083929.gsb
[2012/02/16 21:59:15 | 000,019,036 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216205915.gnucash
[2012/02/16 21:53:57 | 000,018,792 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216205357.gnucash
[2012/02/16 19:15:17 | 000,016,473 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216181517.gnucash
[2012/02/16 18:39:13 | 000,016,348 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173913.gnucash
[2012/02/16 18:37:51 | 000,005,608 | ---- | C] () -- C:\Users\Matze\AppData\Local\recently-used.xbel
[2012/02/16 18:37:39 | 000,016,182 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173739.gnucash
[2012/02/16 18:30:25 | 000,016,019 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173025.gnucash
[2012/02/16 18:14:28 | 000,004,097 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216171428.gnucash
[2012/02/16 18:07:11 | 000,000,610 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170711.gnucash
[2012/02/16 18:06:24 | 000,016,013 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170624.gnucash
[2012/02/16 18:00:11 | 000,004,228 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170011.gnucash
[2012/02/16 17:51:43 | 000,004,470 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216165143.gnucash
[2012/02/16 17:24:17 | 000,004,075 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216162417.gnucash
[2012/02/16 17:22:15 | 000,019,032 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash
[2012/02/07 15:07:42 | 000,000,600 | ---- | C] () -- C:\Users\Matze\AppData\Local\PUTTY.RND
[2012/02/01 18:27:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2011/09/27 13:52:04 | 000,026,162 | ---- | C] () -- C:\Users\Matze\holzrahmen_drahtgflech+.2011_09_27_13_52_04.0.svg
[2011/09/27 13:19:24 | 000,022,771 | ---- | C] () -- C:\Users\Matze\Neues Dokument 13.2011_09_27_13_19_24.0.svg
[2010/11/25 20:16:25 | 000,004,096 | -H-- | C] () -- C:\Users\Matze\AppData\Local\keyfile3.drm
[2010/09/28 20:28:44 | 000,053,847 | ---- | C] () -- C:\Users\Matze\Direkt_Depot_8951303030_Wertpapier_Terminsache_DE0005140008_201.2010_09_28_20_28_44.0.svg
[2010/08/22 12:18:18 | 000,146,625 | ---- | C] () -- C:\Users\Matze\Zwischenbericht_I_LLUR_EndNote_Ver3_pd'.2010_08_22_12_18_18.0.svg
[2010/08/22 12:17:12 | 000,146,625 | ---- | C] () -- C:\Users\Matze\Zwischenbericht_I_LLUR_EndNote_Ver3_pd'.2010_08_22_12_17_12.0.svg
[2010/08/18 14:18:58 | 000,000,016 | ---- | C] () -- C:\Users\Matze\.gtk-bookmarks
[2010/08/04 13:09:55 | 000,047,843 | ---- | C] () -- C:\Users\Matze\Neues Dokument 1.2010_08_04_13_09_55.0.svg
[2010/06/07 21:21:09 | 000,032,811 | ---- | C] () -- C:\Users\Matze\antrag.bst
[2010/06/07 21:05:44 | 000,018,067 | ---- | C] () -- C:\Users\Matze\antrag.dbj
[2009/11/09 14:19:46 | 000,031,497 | ---- | C] () -- C:\Users\Matze\versuch_test.bst
[2009/11/09 14:12:52 | 000,018,872 | ---- | C] () -- C:\Users\Matze\antrag_test.dbj
[2009/11/09 14:09:30 | 000,030,744 | ---- | C] () -- C:\Users\Matze\neuest.bst
[2009/11/09 14:01:17 | 000,018,869 | ---- | C] () -- C:\Users\Matze\neuest.dbj
[2009/11/09 13:56:49 | 000,001,495 | ---- | C] () -- C:\Users\Matze\neu.bst
[2009/11/09 13:55:49 | 000,001,076 | ---- | C] () -- C:\Users\Matze\neu.dbj
[2009/11/06 09:15:50 | 000,035,099 | ---- | C] () -- C:\Users\Matze\pathdef.m
[2009/10/20 11:05:28 | 000,001,517 | ---- | C] () -- C:\Users\Matze\germanstyle.bst
[2009/10/20 11:04:14 | 000,001,091 | ---- | C] () -- C:\Users\Matze\germanstyle.dbj
[2009/10/20 08:00:58 | 000,030,191 | ---- | C] () -- C:\Users\Matze\test2.bst
[2009/10/20 07:51:11 | 000,018,104 | ---- | C] () -- C:\Users\Matze\test2.dbj
[2009/10/17 12:27:47 | 000,031,222 | ---- | C] () -- C:\Users\Matze\test.bst
[2009/10/17 12:08:34 | 000,027,394 | ---- | C] () -- C:\Users\Matze\test.dbj
[2009/10/06 10:51:12 | 000,000,014 | ---- | C] () -- C:\Users\Matze\geonext.ini
[2009/10/05 10:01:09 | 000,032,116 | ---- | C] () -- C:\Users\Matze\ownstyle.bst
[2009/10/05 09:42:28 | 000,027,492 | ---- | C] () -- C:\Users\Matze\ownstyle.dbj
[2009/05/23 13:58:45 | 000,000,186 | ---- | C] () -- C:\Users\Matze\AppData\Local\RAExpertHistory.xml
[2009/04/16 19:47:08 | 000,000,680 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
[2009/03/23 10:54:50 | 000,002,806 | ---- | C] () -- C:\Users\Matze\.jmf-resource
[2009/03/11 20:47:32 | 000,117,760 | ---- | C] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 10:36:03 | 000,178,149 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/11 10:27:09 | 000,178,149 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-221889202-2462721696-489215793-1000\$6e2d6f99c183032ac3dd1b6968c33d41\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-221889202-2462721696-489215793-1000\$6e2d6f99c183032ac3dd1b6968c33d41\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$6e2d6f99c183032ac3dd1b6968c33d41\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

cosinus 25.07.2013 21:04

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


matzepatze 25.07.2013 22:01

So, combofix ist durchgelaufen. Wie ich zuvor schon erwähnt hatte, kann ich AntiVir nicht deaktivieren. Folglich hat comboFix dies auch angemerkt.

Hier der log:

Combofix Logfile:
Code:

ComboFix 13-07-25.02 - Matze 07/25/2013  22:13:25.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4093.2461 [GMT 2:00]
ausgeführt von:: c:\users\Matze\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Matze\AppData\Local\assembly\tmp
c:\users\Matze\AppData\Local\TempDIR
c:\users\Matze\AppData\Local\TempDIR\WindowsXP-KB893357-v2-x86-DEU.exe
c:\users\Matze\AppData\Local\TempDIR\WindowsXP-KB917021-v3-x86-DEU.exe
c:\users\Matze\AppData\Local\TempFullTiltPokerEuSetup.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
c:\windows\SysWow64\userinit.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-25 bis 2013-07-25  ))))))))))))))))))))))))))))))
.
.
2013-07-25 20:37 . 2013-07-25 20:46        --------        d-----w-        c:\users\Matze\AppData\Local\temp
2013-07-25 20:37 . 2013-07-25 20:37        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-25 07:58 . 2013-07-25 07:58        --------        d-----w-        c:\users\Matthias
2013-07-24 13:09 . 2013-07-24 13:09        51496        ----a-w-        c:\windows\system32\drivers\stflt.sys
2013-07-24 13:09 . 2013-07-24 15:15        --------        d-----w-        c:\programdata\Spyware Terminator
2013-07-24 13:09 . 2013-07-24 13:09        --------        d-----w-        c:\users\Matze\AppData\Roaming\Spyware Terminator
2013-07-24 13:08 . 2013-07-24 13:09        --------        d-----w-        c:\program files (x86)\Spyware Terminator
2013-07-22 01:01 . 2013-07-22 01:09        --------        d-----w-        c:\windows\system32\MRT
2013-07-10 13:34 . 2013-06-01 04:19        619008        ----a-w-        c:\windows\system32\qedit.dll
2013-07-10 13:34 . 2013-06-01 04:06        505344        ----a-w-        c:\windows\SysWow64\qedit.dll
2013-07-10 13:34 . 2013-04-09 04:08        1815552        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 13:34 . 2013-04-09 04:07        1500672        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 13:34 . 2013-04-09 04:07        1447936        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:34 . 2013-04-09 04:07        1476608        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 13:34 . 2013-04-09 03:51        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-04 15:13 . 2013-07-08 06:24        --------        d-----w-        c:\users\Matze\AppData\Roaming\Ythu
2013-07-04 15:13 . 2013-07-08 06:12        --------        d-----w-        c:\users\Matze\AppData\Roaming\Ylpayp
2013-07-04 15:13 . 2013-07-04 15:13        --------        d-----w-        c:\users\Matze\AppData\Roaming\Ilkid
2013-06-26 14:17 . 2013-07-02 12:27        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 07:35 . 2012-03-30 16:56        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-21 07:35 . 2011-12-07 19:58        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-25 07:07 . 2013-06-25 07:08        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 07:07 . 2012-06-23 06:12        867240        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-06-25 07:07 . 2010-05-19 17:47        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2006-11-02 12:35        78277128        ----a-w-        c:\windows\system32\mrt.exe
2013-05-31 13:26 . 2013-05-31 13:26        268        ----a-w-        c:\users\Matze\advanced_ip_scanner_MAC.bin
2013-05-08 04:14 . 2013-06-13 07:52        1417576        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-05-08 02:27 . 2013-06-13 07:52        40448        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 04:16 . 2013-06-13 07:51        686080        ----a-w-        c:\windows\system32\win32spl.dll
2013-05-02 04:04 . 2013-06-13 07:51        443904        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-05-02 04:03 . 2013-06-13 07:51        37376        ----a-w-        c:\windows\SysWow64\printcom.dll
2013-04-30 09:11 . 2013-04-30 10:17        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-04-30 09:11 . 2013-04-30 10:17        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-04-30 09:10 . 2013-04-30 10:17        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-08-06 36864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4378000]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 962480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF9035BDA.sys;c:\windows\SYSNATIVE\DRIVERS\AF9035BDA.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:35]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-19 10:32]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-19 10:32]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
- c:\users\Matze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 06:47]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job
- c:\users\Matze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 06:47]
.
2009-06-01 c:\windows\Tasks\sicherung.job
- c:\program files (x86)\DeltaCopy\sicherung.dcp [2009-06-01 15:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 12:00        3380736        ----a-w-        c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 12:00        3380736        ----a-w-        c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-23 271872]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-06-19 66824]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
TCP: Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: NameServer = 134.245.10.7,134.245.1.36
FF - ProfilePath - c:\users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: !HIDDEN! 2009-07-10 17:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-05-06 09:26; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\SysWOW64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SigmatelSysTrayApp - c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
AddRemove-888poker - c:\progra~2\PACIFI~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Online Armor\OAcat.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
c:\program files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-25  22:56:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-25 20:56
.
Vor Suchlauf: 25 Verzeichnis(se), 41,966,907,392 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 45,455,781,888 Bytes frei
.
- - End Of File - - B2544C26EC0B798679A54FA4186B84D1

--- --- ---
5C616939100B85E558DA92B899A0FC36
[/QUOTE]

Ein Problem, kann ich als Laie schonmal rauslesen. Die user-init scheint ein Problem zu haben?

cosinus 25.07.2013 22:14

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:

    Folder::
    c:\users\Matze\AppData\Roaming\Ythu
    c:\users\Matze\AppData\Roaming\Ylpayp

    Filelook::
    c:\windows\SysWow64\userinit.exe

    Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!


matzepatze 25.07.2013 23:03

Ist durchgelaufen. Ich hatte erneut das Problem, dass AntiVir nicht deaktiviert werden kann. Folglich lief der Virenscanner im Hintergrund und hat auch mehrere Warnungen ausgegeben bzw. hat Aktionen blockiert.

Combofix Logfile:
Code:

ComboFix 13-07-25.02 - Matze 07/25/2013  23:26:07.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4093.2578 [GMT 2:00]
ausgeführt von:: c:\users\Matze\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Matze\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matze\AppData\Roaming\Ylpayp
c:\users\Matze\AppData\Roaming\Ythu
c:\users\Matze\AppData\Roaming\Ythu\weet.ovi
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-25 bis 2013-07-25  ))))))))))))))))))))))))))))))
.
.
2013-07-25 21:43 . 2013-07-25 21:50        --------        d-----w-        c:\users\Matze\AppData\Local\temp
2013-07-25 21:43 . 2013-07-25 21:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-25 07:58 . 2013-07-25 07:58        --------        d-----w-        c:\users\Matthias
2013-07-24 13:09 . 2013-07-24 13:09        51496        ----a-w-        c:\windows\system32\drivers\stflt.sys
2013-07-24 13:09 . 2013-07-24 15:15        --------        d-----w-        c:\programdata\Spyware Terminator
2013-07-24 13:09 . 2013-07-24 13:09        --------        d-----w-        c:\users\Matze\AppData\Roaming\Spyware Terminator
2013-07-24 13:08 . 2013-07-24 13:09        --------        d-----w-        c:\program files (x86)\Spyware Terminator
2013-07-22 01:01 . 2013-07-22 01:09        --------        d-----w-        c:\windows\system32\MRT
2013-07-10 13:34 . 2013-06-01 04:19        619008        ----a-w-        c:\windows\system32\qedit.dll
2013-07-10 13:34 . 2013-06-01 04:06        505344        ----a-w-        c:\windows\SysWow64\qedit.dll
2013-07-10 13:34 . 2013-04-09 04:08        1815552        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 13:34 . 2013-04-09 04:07        1500672        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 13:34 . 2013-04-09 04:07        1447936        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:34 . 2013-04-09 04:07        1476608        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 13:34 . 2013-04-09 03:51        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-04 15:13 . 2013-07-04 15:13        --------        d-----w-        c:\users\Matze\AppData\Roaming\Ilkid
2013-06-26 14:17 . 2013-07-02 12:27        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 07:35 . 2012-03-30 16:56        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-21 07:35 . 2011-12-07 19:58        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-25 07:07 . 2013-06-25 07:08        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 07:07 . 2012-06-23 06:12        867240        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-06-25 07:07 . 2010-05-19 17:47        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2006-11-02 12:35        78277128        ----a-w-        c:\windows\system32\mrt.exe
2013-05-31 13:26 . 2013-05-31 13:26        268        ----a-w-        c:\users\Matze\advanced_ip_scanner_MAC.bin
2013-05-08 04:14 . 2013-06-13 07:52        1417576        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-05-08 02:27 . 2013-06-13 07:52        40448        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 04:16 . 2013-06-13 07:51        686080        ----a-w-        c:\windows\system32\win32spl.dll
2013-05-02 04:04 . 2013-06-13 07:51        443904        ----a-w-        c:\windows\SysWow64\win32spl.dll
2013-05-02 04:03 . 2013-06-13 07:51        37376        ----a-w-        c:\windows\SysWow64\printcom.dll
2013-04-30 09:11 . 2013-04-30 10:17        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-04-30 09:11 . 2013-04-30 10:17        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-04-30 09:10 . 2013-04-30 10:17        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWow64\userinit.exe ---
Company: Microsoft Corporation
File Description: Userinit-Anmeldeanwendung
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: USERINIT.EXE.MUI
File size: 25088
Created time: 2008-01-21 02:50
Modified time: 2008-01-21 02:50
MD5: 0E135526E9785D085BCD9AEDE6FBCBF9
SHA1: D15244D41EFDDBAB08D53FE032AEDFF39091D3AF
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-08-06 36864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4378000]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 962480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF9035BDA.sys;c:\windows\SYSNATIVE\DRIVERS\AF9035BDA.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:35]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-19 10:32]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-19 10:32]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
- c:\users\Matze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 06:47]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job
- c:\users\Matze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 06:47]
.
2009-06-01 c:\windows\Tasks\sicherung.job
- c:\program files (x86)\DeltaCopy\sicherung.dcp [2009-06-01 15:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 12:00        3380736        ----a-w-        c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 12:00        3380736        ----a-w-        c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-23 271872]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-06-19 66824]
"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [BU]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
TCP: Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: NameServer = 134.245.10.7,134.245.1.36
FF - ProfilePath - c:\users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: !HIDDEN! 2009-07-10 17:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-05-06 09:26; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-888poker - c:\progra~2\PACIFI~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Online Armor\OAcat.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
c:\program files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-26  00:00:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-25 22:00
ComboFix2.txt  2013-07-25 20:56
.
Vor Suchlauf: 29 Verzeichnis(se), 45,067,526,144 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 44,707,893,248 Bytes frei
.
- - End Of File - - 1216B0784C5CB294769CE6359C030E63

--- --- ---
5C616939100B85E558DA92B899A0FC36
[/QUOTE]

cosinus 25.07.2013 23:09

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

matzepatze 26.07.2013 06:57

Hallo!
Leider habe ich Probleme das Programm auszuführen. Beim ersten Mal wurde ein Fehler gemeldet und ich sollte das System neu starten. Ich habe danach erneut ausgeführt und es endete in einem BlueScreen. Ich habe es dann nochmal wiederholt und erneut einen BlueScreen bekommen.

Falls es hilft, hier der system-log von malwarebytes:

Zitat:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.493000 GHz
Memory total: 4291973120, free: 712404992

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.493000 GHz
Memory total: 4291973120, free: 657215488

Downloaded database version: v2013.07.26.01
Downloaded database version: v2013.07.15.01
Initializing...
DDA Driver installation error.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.493000 GHz
Memory total: 4291973120, free: 2622119936

Initializing...
------------ Kernel report ------------
07/26/2013 06:51:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm147.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snman380.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk60x64.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\oanet.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\OEM02Dev.sys
\SystemRoot\system32\DRIVERS\OEM02Vfx.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\tcusb.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\??\C:\Windows\SysWOW64\Drivers\OAmon.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\System32\Drivers\sepdal.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Windows\syswow64\drivers\oahlp64.sys
\??\C:\Windows\SysWow64\Drivers\OADriver.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\stflt.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80065a4060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa80045c5050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80065a4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80065a6d30, DeviceName: Unknown, DriverName: \Driver\snapman380\
DevicePointer: 0xfffffa80065a3660, DeviceName: Unknown, DriverName: \Driver\tdrpman147\
DevicePointer: 0xfffffa80065a4a70, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80065a4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80045c5050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman147\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\Windows\system32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 98000000

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 256977

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 258048 Numsec = 20971520

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 21229568 Numsec = 598667256
Partition file system is NTFS
Partition is bootable

Partition 3 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 619896832 Numsec = 5242880

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.493000 GHz
Memory total: 4291973120, free: 2550296576

Initializing...
------------ Kernel report ------------
07/26/2013 07:32:02
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tdrpm147.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snman380.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk60x64.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmpx64.sys
\SystemRoot\system32\DRIVERS\rimspx64.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\oanet.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\OEM02Dev.sys
\SystemRoot\system32\DRIVERS\OEM02Vfx.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\tcusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\SysWOW64\Drivers\OAmon.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\System32\Drivers\sepdal.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Windows\syswow64\drivers\oahlp64.sys
\??\C:\Windows\SysWow64\Drivers\OADriver.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\stflt.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80065e9060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa80045c6050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80065e9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80065ebe30, DeviceName: Unknown, DriverName: \Driver\snapman380\
DevicePointer: 0xfffffa80065ea040, DeviceName: Unknown, DriverName: \Driver\tdrpman147\
DevicePointer: 0xfffffa80065e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80065e9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80045c6050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman147\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\Windows\system32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 98000000

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 256977

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 258048 Numsec = 20971520

Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 21229568 Numsec = 598667256
Partition file system is NTFS
Partition is bootable

Partition 3 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 619896832 Numsec = 5242880

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!

cosinus 26.07.2013 15:51

Du hast das falsche Log gepostet

matzepatze 26.07.2013 16:42

Sorry, aber das benötigte log wird nicht erstellt, weil der Computer mit BlueScreen reagiert. Deshalb hatte ich das syslog gepostet.

cosinus 26.07.2013 17:16

Dann mach einen neuen Scan ;)

matzepatze 26.07.2013 17:32

Habe ich schon zweimal versucht. Leider ist das Ergebnis immer gleich.

Soll ich nochmal versuchen??

cosinus 26.07.2013 17:42

Was heißt das Ergebnis ist gleich? Gab es wieder einen Bluescreen?

matzepatze 26.07.2013 18:23

Genau, hab es nochmal probiert. Diesmal habe ich mir die Datei notiert: spsys.sys

Nach dem erneuten Hochfahren meldet Windows folgenden Fehler:

Zitat:

Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1033

Zusatzinformationen zum Problem:
BCCode: 1000007e
BCP1: FFFFFFFFC0000005
BCP2: FFFFFA6009AD109C
BCP3: FFFFFA600BFA42D8
BCP4: FFFFFA600BFA3CB0
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini072613-02.dmp
C:\Users\Matze\AppData\Local\temp\WER-385400-0.sysdata.xml
C:\Users\Matze\AppData\Local\temp\WER4327.tmp.version.txt

Lesen Sie unsere Datenschutzrichtlinie:
hxxp://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0407
Hilft das weiter?

cosinus 26.07.2013 18:33

Bitte die Logs on CODE-Tags posten!

Hat MBAT etwas gefunden, konntest du das sehen?

matzepatze 26.07.2013 18:36

Leider konnte ich nicht sehen, ob MBAT etwas gefunden hat. Bis zum Disk-Check scheint alles ok zu sein. Dann kommt irgendwann der BlueScreen.

Hier nochmal die Microsoft-Log in Code-Tag:

Code:

Problemsignatur:
Problemereignisname:        BlueScreen
Betriebsystemversion:        6.0.6002.2.2.0.768.3
Gebietsschema-ID:        1033

Zusatzinformationen zum Problem:
BCCode:        1000007e
BCP1:        FFFFFFFFC0000005
BCP2:        FFFFFA6009AD109C
BCP3:        FFFFFA600BFA42D8
BCP4:        FFFFFA600BFA3CB0
OS Version:        6_0_6002
Service Pack:        2_0
Product:        768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini072613-02.dmp
C:\Users\Matze\AppData\Local\temp\WER-385400-0.sysdata.xml
C:\Users\Matze\AppData\Local\temp\WER4327.tmp.version.txt

Lesen Sie unsere Datenschutzrichtlinie:
hxxp://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0407


cosinus 26.07.2013 18:41

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

matzepatze 26.07.2013 18:52

Ok, werde ich ausführen. Noch eine Frage: Ich kann AntiVir nicht deaktivieren. Ist das schlimm? Eigentlich soll der ja deaktiviert werden. Soll beim aswMBR QuickScan aktiviert sein?

Übrigens: Wenn ich AntiVir deaktivieren möchte, wird gemeldet, dass ich nicht die Rechte habe, cuuac.exe zu beenden. Diese liegt angeblich auf dem Dektop!

cosinus 26.07.2013 19:09

Wie versuchst du es zu deaktivieren? Es reicht, den Schirm zu schließen....

matzepatze 26.07.2013 19:13

Den Haken vom Echtzeit-Scanner wegnehmen, klappt nicht.

Es kommt die Meldung:

Auf das angegebene Gerät bzw. den Pfad oder die Datei kann nicht zugegriffen werden...

C:\Program Files (x86)\Avira\AntiVir Desktop\cccuac.exe

cosinus 26.07.2013 19:25

Dann deinstalliere AntiVir erstmal. Sonst kommen wir nicht weiter.
Wenn wir durch sind kann ein Virenscanner wieder rauf.

matzepatze 28.07.2013 12:21

Ich werde verrückt. aswMBR lief als Full San über Nacht und nun ist er abgestürzt. Ich habe danach nochmal den TDDS-Killer laufen. Es wurde nichts gefunden:

Code:

15:56:31.0749 6264  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:56:32.0060 6264  ============================================================
15:56:32.0060 6264  Current date / time: 2013/07/27 15:56:32.0060
15:56:32.0060 6264  SystemInfo:
15:56:32.0060 6264 
15:56:32.0060 6264  OS Version: 6.0.6002 ServicePack: 2.0
15:56:32.0060 6264  Product type: Workstation
15:56:32.0060 6264  ComputerName: MATZEBOOK
15:56:32.0061 6264  UserName: Matze
15:56:32.0061 6264  Windows directory: C:\Windows
15:56:32.0061 6264  System windows directory: C:\Windows
15:56:32.0061 6264  Running under WOW64
15:56:32.0061 6264  Processor architecture: Intel x64
15:56:32.0061 6264  Number of processors: 2
15:56:32.0061 6264  Page size: 0x1000
15:56:32.0061 6264  Boot type: Normal boot
15:56:32.0061 6264  ============================================================
15:56:33.0876 6264  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:56:33.0885 6264  ============================================================
15:56:33.0885 6264  \Device\Harddisk0\DR0:
15:56:33.0908 6264  MBR partitions:
15:56:33.0908 6264  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F000, BlocksNum 0x1400000
15:56:33.0908 6264  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x143F000, BlocksNum 0x23AEEFF8
15:56:33.0913 6264  ============================================================
15:56:34.0019 6264  C: <-> \Device\Harddisk0\DR0\Partition2
15:56:34.0063 6264  D: <-> \Device\Harddisk0\DR0\Partition1
15:56:34.0063 6264  ============================================================
15:56:34.0063 6264  Initialize success
15:56:34.0063 6264  ============================================================
15:56:45.0449 5352  ============================================================
15:56:45.0449 5352  Scan started
15:56:45.0449 5352  Mode: Manual; TDLFS;
15:56:45.0449 5352  ============================================================
15:56:52.0056 5352  ================ Scan system memory ========================
15:56:52.0056 5352  System memory - ok
15:56:52.0056 5352  ================ Scan services =============================
15:56:52.0749 5352  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
15:56:52.0906 5352  AAV UpdateService - ok
15:56:54.0840 5352  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:56:54.0872 5352  ACPI - ok
15:56:55.0208 5352  [ 9A80B4B07F89BDBF0D0037453C155402 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
15:56:55.0305 5352  AcrSch2Svc - ok
15:56:55.0602 5352  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:55.0634 5352  AdobeARMservice - ok
15:56:57.0360 5352  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:56:57.0420 5352  AdobeFlashPlayerUpdateSvc - ok
15:56:57.0853 5352  [ F14215E37CF124104575073F782111D2 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
15:56:57.0922 5352  adp94xx - ok
15:56:58.0047 5352  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci        C:\Windows\system32\drivers\adpahci.sys
15:56:58.0111 5352  adpahci - ok
15:56:58.0176 5352  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:56:58.0215 5352  adpu160m - ok
15:56:58.0267 5352  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
15:56:58.0300 5352  adpu320 - ok
15:56:58.0404 5352  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:56:58.0405 5352  AeLookupSvc - ok
15:56:59.0571 5352  [ 05F4262FDBDFAECA7EF9B3F0807508FC ] AESTFilters    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe
15:56:59.0604 5352  AESTFilters - ok
15:56:59.0884 5352  [ ADDBF461DFDBE079D11E94EC61FC2503 ] AF9035BDA      C:\Windows\system32\DRIVERS\AF9035BDA.sys
15:56:59.0903 5352  AF9035BDA - ok
15:57:00.0149 5352  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD            C:\Windows\system32\drivers\afd.sys
15:57:00.0200 5352  AFD - ok
15:57:00.0355 5352  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:57:00.0391 5352  agp440 - ok
15:57:00.0535 5352  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
15:57:00.0555 5352  aic78xx - ok
15:57:00.0637 5352  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
15:57:00.0671 5352  ALG - ok
15:57:00.0702 5352  [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:57:00.0780 5352  aliide - ok
15:57:00.0813 5352  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
15:57:00.0854 5352  amdide - ok
15:57:00.0953 5352  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
15:57:00.0981 5352  AmdK8 - ok
15:57:01.0084 5352  [ 48F957A11AF8B8278C4A38EEEDDD49B9 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
15:57:01.0115 5352  ApfiltrService - ok
15:57:01.0309 5352  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
15:57:01.0311 5352  Appinfo - ok
15:57:01.0674 5352  [ BA8417D4765F3988FF921F30F630E303 ] arc            C:\Windows\system32\drivers\arc.sys
15:57:01.0796 5352  arc - ok
15:57:02.0467 5352  [ 7D90F9568102AA6C163ECD2E97A45F77 ] ArcGIS License Manager C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
15:57:03.0888 5352  ArcGIS License Manager - ok
15:57:04.0073 5352  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:57:04.0117 5352  arcsas - ok
15:57:04.0942 5352  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:57:05.0381 5352  aspnet_state - ok
15:57:05.0690 5352  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:05.0731 5352  AsyncMac - ok
15:57:05.0792 5352  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
15:57:05.0811 5352  atapi - ok
15:57:06.0116 5352  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:57:06.0146 5352  AudioEndpointBuilder - ok
15:57:06.0319 5352  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:57:06.0321 5352  AudioSrv - ok
15:57:06.0358 5352  Beep - ok
15:57:06.0819 5352  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
15:57:06.0905 5352  BITS - ok
15:57:06.0956 5352  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:57:06.0991 5352  blbdrive - ok
15:57:07.0094 5352  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:57:07.0154 5352  bowser - ok
15:57:07.0226 5352  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:57:07.0255 5352  BrFiltLo - ok
15:57:07.0303 5352  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:57:07.0338 5352  BrFiltUp - ok
15:57:07.0509 5352  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
15:57:07.0545 5352  Browser - ok
15:57:07.0630 5352  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
15:57:07.0657 5352  Brserid - ok
15:57:07.0721 5352  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:57:07.0734 5352  BrSerWdm - ok
15:57:07.0792 5352  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:57:07.0833 5352  BrUsbMdm - ok
15:57:07.0881 5352  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:57:07.0919 5352  BrUsbSer - ok
15:57:08.0052 5352  [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
15:57:08.0077 5352  BthEnum - ok
15:57:08.0204 5352  [ 72F70A38BB15252EB7C4DA7BA3BD4ED1 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:57:08.0234 5352  BTHMODEM - ok
15:57:08.0391 5352  [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:57:08.0486 5352  BthPan - ok
15:57:08.0662 5352  [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
15:57:08.0696 5352  BTHPORT - ok
15:57:08.0762 5352  [ 22E65FFD640F16968F855F5B3528D366 ] BthServ        C:\Windows\System32\bthserv.dll
15:57:08.0791 5352  BthServ - ok
15:57:08.0867 5352  [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:57:08.0894 5352  BTHUSB - ok
15:57:09.0085 5352  [ 3F9E2FA99C1604BA4D099116C49D2BE9 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:57:09.0114 5352  btwaudio - ok
15:57:09.0158 5352  [ 5CFF0F47E1372445F7D6CDA161CA8269 ] btwavdt        C:\Windows\system32\drivers\btwavdt.sys
15:57:09.0191 5352  btwavdt - ok
15:57:09.0347 5352  [ 65864E5020E608BFBA6729C11E4EE9E9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:57:09.0363 5352  btwrchid - ok
15:57:09.0689 5352  CAPI20 - ok
15:57:09.0836 5352  catchme - ok
15:57:09.0936 5352  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:57:09.0958 5352  cdfs - ok
15:57:10.0100 5352  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:57:10.0139 5352  cdrom - ok
15:57:10.0185 5352  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
15:57:10.0212 5352  CertPropSvc - ok
15:57:10.0299 5352  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:57:10.0332 5352  circlass - ok
15:57:10.0445 5352  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
15:57:10.0682 5352  CLFS - ok
15:57:10.0985 5352  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:57:11.0027 5352  clr_optimization_v2.0.50727_32 - ok
15:57:11.0203 5352  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:57:11.0253 5352  clr_optimization_v2.0.50727_64 - ok
15:57:11.0889 5352  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:57:12.0315 5352  clr_optimization_v4.0.30319_32 - ok
15:57:12.0475 5352  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:57:12.0972 5352  clr_optimization_v4.0.30319_64 - ok
15:57:13.0200 5352  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:57:13.0249 5352  CmBatt - ok
15:57:13.0296 5352  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:57:13.0348 5352  cmdide - ok
15:57:13.0405 5352  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:57:13.0437 5352  Compbatt - ok
15:57:13.0441 5352  COMSysApp - ok
15:57:13.0516 5352  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
15:57:13.0544 5352  crcdisk - ok
15:57:13.0743 5352  [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:57:13.0770 5352  CryptSvc - ok
15:57:14.0026 5352  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:57:14.0116 5352  DcomLaunch - ok
15:57:14.0314 5352  DeltaCopyService - ok
15:57:14.0318 5352  DETEWECP - ok
15:57:14.0436 5352  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:57:14.0472 5352  DfsC - ok
15:57:15.0471 5352  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
15:57:17.0228 5352  DFSR - ok
15:57:17.0506 5352  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:57:17.0547 5352  Dhcp - ok
15:57:17.0586 5352  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
15:57:17.0588 5352  disk - ok
15:57:17.0664 5352  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:57:17.0667 5352  Dnscache - ok
15:57:17.0788 5352  [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
15:57:17.0798 5352  DockLoginService - ok
15:57:17.0866 5352  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:57:17.0903 5352  dot3svc - ok
15:57:18.0003 5352  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
15:57:18.0034 5352  DPS - ok
15:57:18.0084 5352  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:57:18.0085 5352  drmkaud - ok
15:57:18.0229 5352  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:57:18.0286 5352  DXGKrnl - ok
15:57:18.0890 5352  [ 17D40652EF3E55EEAE187A89DF40965A ] e1express      C:\Windows\system32\DRIVERS\e1e6032e.sys
15:57:18.0941 5352  e1express - ok
15:57:19.0003 5352  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
15:57:19.0013 5352  E1G60 - ok
15:57:19.0197 5352  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
15:57:19.0255 5352  EapHost - ok
15:57:19.0445 5352  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:57:19.0462 5352  Ecache - ok
15:57:19.0802 5352  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
15:57:19.0845 5352  ehRecvr - ok
15:57:19.0895 5352  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
15:57:19.0942 5352  ehSched - ok
15:57:19.0953 5352  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
15:57:19.0962 5352  ehstart - ok
15:57:20.0107 5352  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
15:57:20.0159 5352  elxstor - ok
15:57:20.0263 5352  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
15:57:20.0294 5352  EMDMgmt - ok
15:57:20.0337 5352  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:57:20.0338 5352  ErrDev - ok
15:57:20.0568 5352  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
15:57:20.0602 5352  EventSystem - ok
15:57:21.0152 5352  [ 7E763F8F300346A8F1DA8BB1DFA9CA97 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:57:21.0530 5352  EvtEng - ok
15:57:21.0680 5352  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
15:57:21.0684 5352  exfat - ok
15:57:21.0763 5352  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:57:21.0792 5352  fastfat - ok
15:57:21.0838 5352  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
15:57:21.0840 5352  fdc - ok
15:57:21.0945 5352  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
15:57:21.0969 5352  fdPHost - ok
15:57:22.0008 5352  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
15:57:22.0010 5352  FDResPub - ok
15:57:22.0062 5352  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:57:22.0088 5352  FileInfo - ok
15:57:22.0121 5352  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:57:22.0165 5352  Filetrace - ok
15:57:22.0464 5352  [ CFC890FF6797C6C4E4C4B9AD2258AF73 ] FileZilla Server C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
15:57:22.0550 5352  FileZilla Server - ok
15:57:23.0044 5352  [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:57:23.0176 5352  FLEXnet Licensing Service - ok
15:57:23.0843 5352  [ F1A9C61436E12A637A647870DD6D9EEF ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:57:24.0047 5352  FLEXnet Licensing Service 64 - ok
15:57:24.0089 5352  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:57:24.0090 5352  flpydisk - ok
15:57:24.0279 5352  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:57:24.0337 5352  FltMgr - ok
15:57:25.0273 5352  [ F20A97F51C104DD0A163251325460747 ] FontCache      C:\Windows\system32\FntCache.dll
15:57:25.0492 5352  FontCache - ok
15:57:25.0645 5352  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:57:25.0691 5352  FontCache3.0.0.0 - ok
15:57:25.0752 5352  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:57:25.0779 5352  Fs_Rec - ok
15:57:25.0838 5352  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:57:25.0867 5352  gagp30kx - ok
15:57:26.0083 5352  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
15:57:26.0140 5352  gpsvc - ok
15:57:26.0438 5352  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9a87df6fc8890 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:57:26.0475 5352  gupdate1c9a87df6fc8890 - ok
15:57:26.0672 5352  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:57:26.0672 5352  gupdatem - ok
15:57:27.0023 5352  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:57:27.0114 5352  HDAudBus - ok
15:57:27.0175 5352  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:57:27.0198 5352  HidBth - ok
15:57:27.0256 5352  [ 5F47839455D01FF6403B008D481A6F5B ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
15:57:27.0288 5352  HidIr - ok
15:57:27.0335 5352  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\System32\hidserv.dll
15:57:27.0360 5352  hidserv - ok
15:57:27.0422 5352  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:57:27.0423 5352  HidUsb - ok
15:57:27.0491 5352  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:57:27.0524 5352  hkmsvc - ok
15:57:27.0617 5352  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
15:57:27.0645 5352  HpCISSs - ok
15:57:28.0068 5352  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:57:28.0183 5352  hpqcxs08 - ok
15:57:28.0280 5352  [ DF446BA625CC441617843E87798CE048 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:57:28.0305 5352  hpqddsvc - ok
15:57:28.0710 5352  [ 969F2F6571B915BADA4FA68228C2CBBC ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:57:28.0842 5352  HPSLPSVC - ok
15:57:29.0016 5352  HTCAND64 - ok
15:57:29.0159 5352  [ 4F6C3122817049997CD696D4A38BFACB ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
15:57:29.0185 5352  htcnprot - ok
15:57:29.0671 5352  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:57:29.0770 5352  HTTP - ok
15:57:29.0874 5352  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
15:57:29.0905 5352  i2omp - ok
15:57:30.0002 5352  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:57:30.0027 5352  i8042prt - ok
15:57:30.0170 5352  [ 16A4671255CFB842225F0FDB6DBDB414 ] iaStor          C:\Windows\system32\drivers\iastor.sys
15:57:30.0172 5352  iaStor - ok
15:57:30.0288 5352  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
15:57:30.0346 5352  iaStorV - ok
15:57:30.0752 5352  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:57:30.0865 5352  idsvc - ok
15:57:30.0960 5352  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
15:57:31.0018 5352  iirsp - ok
15:57:31.0402 5352  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
15:57:31.0586 5352  IKEEXT - ok
15:57:31.0671 5352  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:57:31.0702 5352  intelide - ok
15:57:31.0735 5352  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:57:31.0736 5352  intelppm - ok
15:57:31.0924 5352  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:57:31.0959 5352  IPBusEnum - ok
15:57:32.0023 5352  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:32.0085 5352  IpFilterDriver - ok
15:57:32.0213 5352  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:57:32.0253 5352  iphlpsvc - ok
15:57:32.0256 5352  IpInIp - ok
15:57:32.0317 5352  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
15:57:32.0350 5352  IPMIDRV - ok
15:57:32.0381 5352  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
15:57:32.0385 5352  IPNAT - ok
15:57:32.0448 5352  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:57:32.0519 5352  IRENUM - ok
15:57:32.0620 5352  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:57:32.0654 5352  isapnp - ok
15:57:32.0782 5352  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:57:32.0811 5352  iScsiPrt - ok
15:57:32.0835 5352  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:57:32.0862 5352  iteatapi - ok
15:57:32.0895 5352  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
15:57:32.0950 5352  iteraid - ok
15:57:33.0013 5352  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:57:33.0045 5352  kbdclass - ok
15:57:33.0139 5352  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:57:33.0200 5352  kbdhid - ok
15:57:33.0285 5352  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
15:57:33.0334 5352  KeyIso - ok
15:57:33.0379 5352  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:57:33.0431 5352  KSecDD - ok
15:57:33.0529 5352  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
15:57:33.0559 5352  ksthunk - ok
15:57:33.0805 5352  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:57:33.0902 5352  KtmRm - ok
15:57:34.0010 5352  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:57:34.0029 5352  LanmanServer - ok
15:57:34.0230 5352  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:57:34.0288 5352  LanmanWorkstation - ok
15:57:34.0323 5352  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:57:34.0351 5352  lltdio - ok
15:57:34.0399 5352  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:57:34.0483 5352  lltdsvc - ok
15:57:34.0524 5352  lmab_device - ok
15:57:34.0591 5352  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:57:34.0646 5352  lmhosts - ok
15:57:34.0767 5352  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:57:34.0828 5352  LSI_FC - ok
15:57:34.0860 5352  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
15:57:34.0887 5352  LSI_SAS - ok
15:57:34.0933 5352  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:57:34.0961 5352  LSI_SCSI - ok
15:57:34.0996 5352  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
15:57:34.0999 5352  luafv - ok
15:57:35.0408 5352  [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon  C:\Windows\system32\drivers\mbamchameleon.sys
15:57:35.0461 5352  mbamchameleon - ok
15:57:35.0509 5352  [ DD8BCFCA0A082670116E17F875306FCB ] mbamswissarmy  C:\Windows\system32\drivers\mbamswissarmy.sys
15:57:35.0536 5352  mbamswissarmy - ok
15:57:35.0588 5352  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
15:57:35.0629 5352  Mcx2Svc - ok
15:57:35.0785 5352  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas        C:\Windows\system32\drivers\megasas.sys
15:57:35.0808 5352  megasas - ok
15:57:35.0986 5352  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:57:36.0011 5352  MegaSR - ok
15:57:36.0379 5352  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:57:36.0511 5352  Microsoft Office Groove Audit Service - ok
15:57:36.0617 5352  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
15:57:36.0647 5352  MMCSS - ok
15:57:36.0934 5352  [ 6D4236D8B7BD6557B77FBF2AB001CAD4 ] mod7700        C:\Windows\system32\DRIVERS\dvb7700all.sys
15:57:37.0062 5352  mod7700 - ok
15:57:37.0154 5352  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
15:57:37.0186 5352  Modem - ok
15:57:37.0221 5352  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:57:37.0222 5352  monitor - ok
15:57:37.0276 5352  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:57:37.0306 5352  mouclass - ok
15:57:37.0403 5352  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:57:37.0432 5352  mouhid - ok
15:57:37.0473 5352  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:57:37.0516 5352  MountMgr - ok
15:57:37.0983 5352  [ E3252991298FB01B3D3B6433A5FBF8EE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:57:38.0003 5352  MozillaMaintenance - ok
15:57:38.0093 5352  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:57:38.0127 5352  mpio - ok
15:57:38.0212 5352  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:57:38.0295 5352  mpsdrv - ok
15:57:38.0383 5352  MpsSvc - ok
15:57:38.0469 5352  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:57:38.0471 5352  Mraid35x - ok
15:57:38.0613 5352  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:57:38.0645 5352  MRxDAV - ok
15:57:38.0694 5352  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:38.0779 5352  mrxsmb - ok
15:57:38.0906 5352  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:38.0973 5352  mrxsmb10 - ok
15:57:39.0017 5352  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:39.0056 5352  mrxsmb20 - ok
15:57:39.0156 5352  [ 730B784962D22D2C6481EAE2370E7C8C ] msahci          C:\Windows\system32\drivers\msahci.sys
15:57:39.0192 5352  msahci - ok
15:57:39.0231 5352  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
15:57:39.0280 5352  msdsm - ok
15:57:39.0311 5352  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
15:57:39.0340 5352  MSDTC - ok
15:57:39.0379 5352  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:57:39.0388 5352  Msfs - ok
15:57:39.0492 5352  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:57:39.0507 5352  msisadrv - ok
15:57:39.0676 5352  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:57:39.0716 5352  MSiSCSI - ok
15:57:39.0719 5352  msiserver - ok
15:57:39.0808 5352  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:57:39.0857 5352  MSKSSRV - ok
15:57:39.0964 5352  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:39.0988 5352  MSPCLOCK - ok
15:57:40.0077 5352  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:57:40.0107 5352  MSPQM - ok
15:57:40.0293 5352  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:57:40.0354 5352  MsRPC - ok
15:57:40.0396 5352  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:57:40.0427 5352  mssmbios - ok
15:57:40.0792 5352  MSSQL$SQLEXPRESS - ok
15:57:41.0006 5352  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
15:57:41.0027 5352  MSSQLServerADHelper100 - ok
15:57:41.0068 5352  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:57:41.0145 5352  MSTEE - ok
15:57:41.0177 5352  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
15:57:41.0186 5352  Mup - ok
15:57:41.0410 5352  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
15:57:41.0454 5352  napagent - ok
15:57:41.0631 5352  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:57:41.0674 5352  NativeWifiP - ok
15:57:41.0869 5352  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:57:42.0005 5352  NDIS - ok
15:57:42.0099 5352  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:42.0100 5352  NdisTapi - ok
15:57:42.0150 5352  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:42.0182 5352  Ndisuio - ok
15:57:42.0337 5352  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:42.0615 5352  NdisWan - ok
15:57:42.0658 5352  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:57:42.0685 5352  NDProxy - ok
15:57:42.0747 5352  [ 59267D2F0328599AA3B5408C2E06126F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:57:42.0800 5352  Net Driver HPZ12 - ok
15:57:42.0834 5352  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:57:42.0864 5352  NetBIOS - ok
15:57:42.0939 5352  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
15:57:42.0970 5352  netbt - ok
15:57:43.0000 5352  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
15:57:43.0000 5352  Netlogon - ok
15:57:43.0225 5352  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
15:57:43.0284 5352  Netman - ok
15:57:43.0333 5352  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:43.0706 5352  NetMsmqActivator - ok
15:57:43.0711 5352  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:43.0712 5352  NetPipeActivator - ok
15:57:43.0948 5352  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
15:57:44.0056 5352  netprofm - ok
15:57:44.0064 5352  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:44.0065 5352  NetTcpActivator - ok
15:57:44.0069 5352  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:44.0071 5352  NetTcpPortSharing - ok
15:57:44.0857 5352  [ C75C966DEAD7A84E112A1F30C4781951 ] NETw4v64        C:\Windows\system32\DRIVERS\NETw4v64.sys
15:57:45.0915 5352  NETw4v64 - ok
15:57:47.0316 5352  [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64        C:\Windows\system32\DRIVERS\NETw5v64.sys
15:57:49.0574 5352  NETw5v64 - ok
15:57:49.0671 5352  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
15:57:49.0701 5352  nfrd960 - ok
15:57:49.0798 5352  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:57:49.0832 5352  NlaSvc - ok
15:57:50.0052 5352  [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU      C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
15:57:50.0080 5352  NMSAccessU - ok
15:57:50.0120 5352  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:57:50.0166 5352  Npfs - ok
15:57:50.0196 5352  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
15:57:50.0220 5352  nsi - ok
15:57:50.0297 5352  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:57:50.0337 5352  nsiproxy - ok
15:57:51.0083 5352  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:57:51.0965 5352  Ntfs - ok
15:57:52.0052 5352  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
15:57:52.0079 5352  Null - ok
15:57:56.0036 5352  [ BBE872A814B00798C2D568D46C42A71B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:58:01.0704 5352  nvlddmkm - ok
15:58:01.0737 5352  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:58:01.0815 5352  nvraid - ok
15:58:01.0902 5352  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:58:01.0940 5352  nvstor - ok
15:58:02.0097 5352  [ C924F5B0C0F423103234CABB8DC68C15 ] nvsvc          C:\Windows\system32\nvvsvc.exe
15:58:02.0139 5352  nvsvc - ok
15:58:02.0172 5352  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:58:02.0221 5352  nv_agp - ok
15:58:02.0223 5352  NwlnkFlt - ok
15:58:02.0227 5352  NwlnkFwd - ok
15:58:02.0473 5352  [ FAEF7B156E073F0450C5087F57696F0B ] OAcat          C:\Program Files (x86)\Online Armor\OAcat.exe
15:58:02.0515 5352  OAcat - ok
15:58:03.0737 5352  [ 9C78F13766AB2629E11FB0DFB162EE33 ] OADevice        C:\Windows\SysWow64\Drivers\OADriver.sys
15:58:03.0778 5352  OADevice - ok
15:58:03.0869 5352  [ 6CDB036083EF969210D2F747C8AB5771 ] oahlpXX        C:\Windows\syswow64\drivers\oahlp64.sys
15:58:03.0894 5352  oahlpXX - ok
15:58:03.0992 5352  [ C2B6A1CCEE9669119A7FC9DAB2008B68 ] OAmon          C:\Windows\SysWOW64\Drivers\OAmon.sys
15:58:04.0019 5352  OAmon - ok
15:58:04.0055 5352  [ F99C170CF63DE515C51BB11E76EA23EC ] OAnet          C:\Windows\system32\DRIVERS\oanet.sys
15:58:04.0080 5352  OAnet - ok
15:58:04.0516 5352  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:58:04.0917 5352  odserv - ok
15:58:05.0067 5352  [ 44A9473D72983DD484B4F1BF0D946571 ] OEM02Dev        C:\Windows\system32\DRIVERS\OEM02Dev.sys
15:58:05.0102 5352  OEM02Dev - ok
15:58:05.0140 5352  [ 766F689564BC30E5A91F8621CE65AD68 ] OEM02Vfx        C:\Windows\system32\DRIVERS\OEM02Vfx.sys
15:58:05.0169 5352  OEM02Vfx - ok
15:58:05.0339 5352  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:58:05.0384 5352  ohci1394 - ok
15:58:05.0594 5352  [ 447D71FFCEFAD01D6787422A6286A182 ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
15:58:05.0635 5352  OpenVPNService - ok
15:58:05.0712 5352  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:58:05.0733 5352  ose - ok
15:58:05.0872 5352  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:58:05.0920 5352  p2pimsvc - ok
15:58:05.0968 5352  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
15:58:05.0972 5352  p2psvc - ok
15:58:06.0082 5352  [ AECD57F94C887F58919F307C35498EA0 ] Parport        C:\Windows\system32\drivers\parport.sys
15:58:06.0123 5352  Parport - ok
15:58:06.0183 5352  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:58:06.0225 5352  partmgr - ok
15:58:06.0504 5352  [ 3CAE2BBC86FCF7F94C9696994AF30386 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
15:58:06.0526 5352  PassThru Service - ok
15:58:06.0612 5352  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:58:06.0650 5352  PcaSvc - ok
15:58:06.0820 5352  pccsmcfd - ok
15:58:06.0911 5352  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
15:58:06.0944 5352  pci - ok
15:58:07.0028 5352  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:58:07.0052 5352  pciide - ok
15:58:07.0197 5352  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:58:07.0282 5352  pcmcia - ok
15:58:07.0443 5352  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:58:07.0544 5352  PEAUTH - ok
15:58:07.0585 5352  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:58:07.0612 5352  PerfHost - ok
15:58:08.0007 5352  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
15:58:08.0026 5352  pla - ok
15:58:08.0153 5352  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:58:08.0188 5352  PlugPlay - ok
15:58:08.0258 5352  [ 5261A2FD55183AC6993145AB6662CDDF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:58:08.0304 5352  Pml Driver HPZ12 - ok
15:58:08.0355 5352  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
15:58:08.0360 5352  PNRPAutoReg - ok
15:58:08.0389 5352  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
15:58:08.0394 5352  PNRPsvc - ok
15:58:08.0519 5352  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:58:08.0529 5352  PolicyAgent - ok
15:58:08.0583 5352  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:58:08.0600 5352  PptpMiniport - ok
15:58:08.0644 5352  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\drivers\processr.sys
15:58:08.0655 5352  Processor - ok
15:58:08.0709 5352  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
15:58:08.0735 5352  ProfSvc - ok
15:58:08.0762 5352  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
15:58:08.0762 5352  ProtectedStorage - ok
15:58:08.0839 5352  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:58:08.0867 5352  PSched - ok
15:58:08.0914 5352  [ 901DBA98359966A62A6548596988E931 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:58:08.0916 5352  PxHlpa64 - ok
15:58:08.0956 5352  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:58:08.0991 5352  ql2300 - ok
15:58:09.0015 5352  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:58:09.0017 5352  ql40xx - ok
15:58:09.0048 5352  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
15:58:09.0054 5352  QWAVE - ok
15:58:09.0066 5352  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:58:09.0067 5352  QWAVEdrv - ok
15:58:09.0526 5352  [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
15:58:09.0625 5352  R300 - ok
15:58:09.0719 5352  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr        C:\Windows\WindowsMobile\rapimgr.dll
15:58:09.0740 5352  RapiMgr - ok
15:58:09.0764 5352  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:58:09.0765 5352  RasAcd - ok
15:58:09.0792 5352  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
15:58:09.0794 5352  RasAuto - ok
15:58:09.0855 5352  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:09.0875 5352  Rasl2tp - ok
15:58:09.0905 5352  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
15:58:09.0911 5352  RasMan - ok
15:58:09.0993 5352  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:09.0995 5352  RasPppoe - ok
15:58:10.0057 5352  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:58:10.0059 5352  RasSstp - ok
15:58:10.0125 5352  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:58:10.0131 5352  rdbss - ok
15:58:10.0172 5352  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:10.0172 5352  RDPCDD - ok
15:58:10.0244 5352  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
15:58:10.0272 5352  rdpdr - ok
15:58:10.0309 5352  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:58:10.0310 5352  RDPENCDD - ok
15:58:10.0352 5352  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:58:10.0450 5352  RDPWD - ok
15:58:10.0700 5352  [ 0BF9E30D4F981CAFEDE7DE13604A45F5 ] RegSrvc        C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:58:10.0714 5352  RegSrvc - ok
15:58:10.0735 5352  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:58:10.0738 5352  RemoteAccess - ok
15:58:10.0837 5352  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:58:10.0923 5352  RemoteRegistry - ok
15:58:10.0994 5352  [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:58:10.0997 5352  RFCOMM - ok
15:58:11.0031 5352  [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
15:58:11.0033 5352  rimmptsk - ok
15:58:11.0048 5352  [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
15:58:11.0049 5352  rimsptsk - ok
15:58:11.0053 5352  [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp        C:\Windows\system32\DRIVERS\rixdpx64.sys
15:58:11.0055 5352  rismxdp - ok
15:58:11.0101 5352  [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM      C:\Windows\system32\Drivers\RootMdm.sys
15:58:11.0102 5352  ROOTMODEM - ok
15:58:11.0148 5352  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
15:58:11.0172 5352  RpcLocator - ok
15:58:11.0242 5352  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
15:58:11.0246 5352  RpcSs - ok
15:58:11.0308 5352  [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
15:58:11.0337 5352  RsFx0105 - ok
15:58:11.0367 5352  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:58:11.0369 5352  rspndr - ok
15:58:11.0378 5352  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs          C:\Windows\system32\lsass.exe
15:58:11.0379 5352  SamSs - ok
15:58:11.0412 5352  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:58:11.0450 5352  sbp2port - ok
15:58:11.0540 5352  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:58:11.0575 5352  SCardSvr - ok
15:58:11.0705 5352  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
15:58:11.0752 5352  Schedule - ok
15:58:11.0824 5352  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:58:11.0825 5352  SCPolicySvc - ok
15:58:11.0910 5352  [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
15:58:11.0912 5352  sdbus - ok
15:58:11.0941 5352  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:58:11.0963 5352  SDRSVC - ok
15:58:12.0013 5352  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:58:12.0043 5352  secdrv - ok
15:58:12.0073 5352  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
15:58:12.0075 5352  seclogon - ok
15:58:12.0089 5352  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
15:58:12.0090 5352  SENS - ok
15:58:12.0145 5352  [ 82215BBED5D37B0C354F0E83FD0C8423 ] Sentinel        C:\Windows\System32\Drivers\SENTINEL64.SYS
15:58:12.0168 5352  Sentinel - ok
15:58:12.0227 5352  [ 708DFADE0905B24375D696F0DB244993 ] sepdal          C:\Windows\System32\Drivers\sepdal.sys
15:58:12.0228 5352  sepdal - ok
15:58:12.0242 5352  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum        C:\Windows\system32\drivers\serenum.sys
15:58:12.0244 5352  Serenum - ok
15:58:12.0261 5352  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
15:58:12.0264 5352  Serial - ok
15:58:12.0285 5352  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:58:12.0286 5352  sermouse - ok
15:58:12.0316 5352  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:58:12.0319 5352  SessionEnv - ok
15:58:12.0375 5352  [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
15:58:12.0376 5352  sffdisk - ok
15:58:12.0389 5352  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:58:12.0391 5352  sffp_mmc - ok
15:58:12.0410 5352  [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
15:58:12.0411 5352  sffp_sd - ok
15:58:12.0463 5352  [ 40567781F0785C4A69411D1B40DA8987 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
15:58:12.0481 5352  sfloppy - ok
15:58:12.0577 5352  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:58:12.0597 5352  SharedAccess - ok
15:58:12.0726 5352  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:58:12.0859 5352  ShellHWDetection - ok
15:58:12.0923 5352  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:58:12.0946 5352  SiSRaid2 - ok
15:58:12.0985 5352  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:58:13.0033 5352  SiSRaid4 - ok
15:58:13.0250 5352  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
15:58:13.0310 5352  slsvc - ok
15:58:13.0370 5352  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:58:13.0373 5352  SLUINotify - ok
15:58:13.0432 5352  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:58:13.0434 5352  Smb - ok
15:58:13.0507 5352  [ 001901F10423616CA0D4AECDCCE8B855 ] snapman380      C:\Windows\system32\DRIVERS\snman380.sys
15:58:13.0511 5352  snapman380 - ok
15:58:13.0534 5352  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:58:13.0535 5352  SNMPTRAP - ok
15:58:13.0590 5352  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
15:58:13.0591 5352  spldr - ok
15:58:13.0698 5352  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
15:58:13.0756 5352  Spooler - ok
15:58:13.0834 5352  [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2      C:\Windows\system32\DRIVERS\stflt.sys
15:58:13.0845 5352  sp_rsdrv2 - ok
15:58:14.0182 5352  [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
15:58:14.0211 5352  SQLAgent$SQLEXPRESS - ok
15:58:14.0383 5352  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:58:14.0389 5352  SQLBrowser - ok
15:58:14.0468 5352  [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter      c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:58:14.0487 5352  SQLWriter - ok
15:58:14.0639 5352  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:58:14.0695 5352  srv - ok
15:58:14.0831 5352  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:58:14.0876 5352  srv2 - ok
15:58:14.0962 5352  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:58:14.0977 5352  srvnet - ok
15:58:15.0012 5352  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:58:15.0017 5352  SSDPSRV - ok
15:58:15.0049 5352  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:58:15.0052 5352  SstpSvc - ok
15:58:15.0698 5352  [ 24543AAF056D3AFCED3F4FF487F53C90 ] ST2012_Svc      C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
15:58:15.0714 5352  ST2012_Svc - ok
15:58:16.0484 5352  [ F883003AC6715537950D0B3E4C609C42 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe
15:58:16.0528 5352  STacSV - ok
15:58:16.0566 5352  [ E964DB5400CFD56FC99CD2AB1B21213F ] STHDA          C:\Windows\system32\drivers\stwrt64.sys
15:58:16.0573 5352  STHDA - ok
15:58:16.0673 5352  [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
15:58:16.0714 5352  StillCam - ok
15:58:16.0876 5352  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
15:58:16.0908 5352  stisvc - ok
15:58:18.0625 5352  [ 578A7D52C4F7CA65E109B4E7C7AC5CB3 ] SvcOnlineArmor  C:\Program Files (x86)\Online Armor\oasrv.exe
15:58:18.0757 5352  SvcOnlineArmor - ok
15:58:18.0793 5352  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:58:18.0803 5352  swenum - ok
15:58:18.0934 5352  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
15:58:18.0956 5352  swprv - ok
15:58:18.0983 5352  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
15:58:18.0984 5352  Symc8xx - ok
15:58:19.0003 5352  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:58:19.0005 5352  Sym_hi - ok
15:58:19.0019 5352  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:58:19.0021 5352  Sym_u3 - ok
15:58:19.0471 5352  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
15:58:19.0543 5352  SysMain - ok
15:58:19.0581 5352  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:58:19.0584 5352  TabletInputService - ok
15:58:19.0649 5352  [ 3B73C849B41FB20D77B0E553214061A5 ] tap0901        C:\Windows\system32\DRIVERS\tap0901.sys
15:58:19.0659 5352  tap0901 - ok
15:58:19.0745 5352  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:58:19.0779 5352  TapiSrv - ok
15:58:19.0808 5352  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
15:58:19.0810 5352  TBS - ok
15:58:20.0100 5352  [ 19A5E570048788BE9343FA96C15CEF6F ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:58:20.0248 5352  Tcpip - ok
15:58:20.0524 5352  [ 19A5E570048788BE9343FA96C15CEF6F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:58:20.0534 5352  Tcpip6 - ok
15:58:20.0579 5352  [ F6F46226D0104D997AF8B2ADFABE4B24 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:58:20.0598 5352  tcpipreg - ok
15:58:20.0657 5352  [ CBD13E809E81B07116C8D51AA199F69B ] TcUsb          C:\Windows\system32\Drivers\tcusb.sys
15:58:20.0678 5352  TcUsb - ok
15:58:20.0712 5352  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:58:20.0714 5352  TDPIPE - ok
15:58:20.0960 5352  [ FE37527578EFEAF87C7C6040BF4F8226 ] tdrpman147      C:\Windows\system32\DRIVERS\tdrpm147.sys
15:58:21.0000 5352  tdrpman147 - ok
15:58:21.0039 5352  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:58:21.0058 5352  TDTCP - ok
15:58:21.0115 5352  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:58:21.0132 5352  tdx - ok
15:58:21.0193 5352  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:58:21.0211 5352  TermDD - ok
15:58:21.0437 5352  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
15:58:21.0544 5352  TermService - ok
15:58:21.0600 5352  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
15:58:21.0602 5352  Themes - ok
15:58:21.0701 5352  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
15:58:21.0702 5352  THREADORDER - ok
15:58:21.0771 5352  [ 156EF5E1164BBA862EEE84400C7BA034 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
15:58:21.0792 5352  tifsfilter - ok
15:58:21.0864 5352  [ 8A474022C0465797B13A4EA7535D4C5B ] timounter      C:\Windows\system32\DRIVERS\timntr.sys
15:58:21.0880 5352  timounter - ok
15:58:21.0911 5352  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
15:58:21.0921 5352  TrkWks - ok
15:58:22.0016 5352  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:58:22.0034 5352  TrustedInstaller - ok
15:58:22.0064 5352  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:22.0066 5352  tssecsrv - ok
15:58:22.0082 5352  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
15:58:22.0083 5352  tunmp - ok
15:58:22.0136 5352  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:58:22.0142 5352  tunnel - ok
15:58:22.0161 5352  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:58:22.0164 5352  uagp35 - ok
15:58:22.0273 5352  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:58:22.0316 5352  udfs - ok
15:58:22.0384 5352  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:58:22.0406 5352  UI0Detect - ok
15:58:22.0447 5352  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:58:22.0486 5352  uliagpkx - ok
15:58:22.0609 5352  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
15:58:22.0698 5352  uliahci - ok
15:58:22.0772 5352  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:58:22.0815 5352  UlSata - ok
15:58:22.0833 5352  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
15:58:22.0836 5352  ulsata2 - ok
15:58:22.0866 5352  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
15:58:22.0868 5352  umbus - ok
15:58:22.0895 5352  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
15:58:22.0901 5352  upnphost - ok
15:58:22.0965 5352  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:58:22.0981 5352  usbaudio - ok
15:58:23.0009 5352  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:23.0011 5352  usbccgp - ok
15:58:23.0072 5352  [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:58:23.0080 5352  usbcir - ok
15:58:23.0137 5352  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
15:58:23.0149 5352  usbehci - ok
15:58:23.0168 5352  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:58:23.0174 5352  usbhub - ok
15:58:23.0206 5352  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
15:58:23.0221 5352  usbohci - ok
15:58:23.0279 5352  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:58:23.0316 5352  usbprint - ok
15:58:23.0380 5352  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:23.0400 5352  USBSTOR - ok
15:58:23.0465 5352  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
15:58:23.0482 5352  usbuhci - ok
15:58:23.0541 5352  [ C690C8B45DB67DBA284B72D1FD649D2C ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
15:58:23.0556 5352  usb_rndisx - ok
15:58:23.0626 5352  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
15:58:23.0641 5352  UxSms - ok
15:58:23.0812 5352  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
15:58:23.0844 5352  vds - ok
15:58:23.0892 5352  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:23.0899 5352  vga - ok
15:58:23.0934 5352  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:58:23.0946 5352  VgaSave - ok
15:58:23.0957 5352  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
15:58:23.0958 5352  viaide - ok
15:58:24.0013 5352  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:58:24.0019 5352  volmgr - ok
15:58:24.0134 5352  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:58:24.0177 5352  volmgrx - ok
15:58:24.0273 5352  [ 582F710097B46140F5A89A19A6573D4B ] volsnap        C:\Windows\system32\drivers\volsnap.sys
15:58:24.0319 5352  volsnap - ok
15:58:24.0363 5352  vpnva - ok
15:58:24.0419 5352  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
15:58:24.0438 5352  vsmraid - ok
15:58:24.0735 5352  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
15:58:24.0815 5352  VSS - ok
15:58:24.0929 5352  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
15:58:24.0965 5352  W32Time - ok
15:58:25.0021 5352  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:58:25.0031 5352  WacomPen - ok
15:58:25.0089 5352  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:58:25.0096 5352  Wanarp - ok
15:58:25.0100 5352  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:58:25.0100 5352  Wanarpv6 - ok
15:58:25.0213 5352  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
15:58:25.0228 5352  WcesComm - ok
15:58:25.0322 5352  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:58:25.0332 5352  wcncsvc - ok
15:58:25.0355 5352  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:58:25.0357 5352  WcsPlugInService - ok
15:58:25.0369 5352  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
15:58:25.0391 5352  Wd - ok
15:58:25.0609 5352  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:58:25.0695 5352  Wdf01000 - ok
15:58:25.0723 5352  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:58:25.0748 5352  WdiServiceHost - ok
15:58:25.0752 5352  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:58:25.0753 5352  WdiSystemHost - ok
15:58:25.0850 5352  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
15:58:25.0856 5352  WebClient - ok
15:58:25.0937 5352  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:58:25.0998 5352  Wecsvc - ok
15:58:26.0037 5352  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:58:26.0040 5352  wercplsupport - ok
15:58:26.0053 5352  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
15:58:26.0057 5352  WerSvc - ok
15:58:26.0066 5352  WinDefend - ok
15:58:26.0073 5352  WinHttpAutoProxySvc - ok
15:58:26.0295 5352  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:58:26.0322 5352  Winmgmt - ok
15:58:26.0732 5352  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM          C:\Windows\system32\WsmSvc.dll
15:58:26.0785 5352  WinRM - ok
15:58:26.0843 5352  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
15:58:26.0844 5352  WinUSB - ok
15:58:26.0912 5352  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:58:26.0925 5352  Wlansvc - ok
15:58:26.0948 5352  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:58:26.0948 5352  WmiAcpi - ok
15:58:27.0004 5352  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:58:27.0008 5352  wmiApSrv - ok
15:58:27.0038 5352  WMPNetworkSvc - ok
15:58:27.0061 5352  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:58:27.0066 5352  WPCSvc - ok
15:58:27.0115 5352  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:58:27.0154 5352  WPDBusEnum - ok
15:58:27.0239 5352  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:58:27.0240 5352  WpdUsb - ok
15:58:27.0842 5352  [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:58:28.0279 5352  WPFFontCache_v0400 - ok
15:58:28.0340 5352  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:58:28.0366 5352  ws2ifsl - ok
15:58:28.0395 5352  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\system32\wscsvc.dll
15:58:28.0397 5352  wscsvc - ok
15:58:28.0446 5352  [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:58:28.0448 5352  WSDPrintDevice - ok
15:58:28.0452 5352  WSearch - ok
15:58:29.0300 5352  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:58:29.0557 5352  wuauserv - ok
15:58:29.0808 5352  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:58:29.0831 5352  WudfPf - ok
15:58:29.0957 5352  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:30.0176 5352  WUDFRd - ok
15:58:30.0306 5352  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:58:30.0402 5352  wudfsvc - ok
15:58:30.0666 5352  [ 2AE06B41B36549FABF0886B2AF89A599 ] yukonx64        C:\Windows\system32\DRIVERS\yk60x64.sys
15:58:30.0821 5352  yukonx64 - ok
15:58:30.0942 5352  ================ Scan global ===============================
15:58:31.0084 5352  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
15:58:31.0480 5352  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
15:58:32.0228 5352  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
15:58:32.0410 5352  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
15:58:32.0637 5352  [Global] - ok
15:58:32.0638 5352  ================ Scan MBR ==================================
15:58:32.0704 5352  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:58:39.0255 5352  \Device\Harddisk0\DR0 - ok
15:58:39.0255 5352  ================ Scan VBR ==================================
15:58:39.0534 5352  [ 8B033D701C25D85CA13DE9B4EFD898BD ] \Device\Harddisk0\DR0\Partition1
15:58:39.0661 5352  \Device\Harddisk0\DR0\Partition1 - ok
15:58:39.0739 5352  [ 1FEB59700548E2463CC7B693833E0320 ] \Device\Harddisk0\DR0\Partition2
15:58:39.0824 5352  \Device\Harddisk0\DR0\Partition2 - ok
15:58:39.0824 5352  ============================================================
15:58:39.0824 5352  Scan finished
15:58:39.0824 5352  ============================================================
15:58:39.0831 4484  Detected object count: 0
15:58:39.0831 4484  Actual detected object count: 0
15:59:19.0784 6880  Deinitialize success

Wieso laufen die Scanner nicht bei mir? Malwarebytes hat ja auch nicht funktioniert :confused:

Kaum zu glauben, MalwareBytes ist nun durchgelaufen. Es wurde nichts gefunden!

Code:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.27.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Matze :: MATZEBOOK [administrator]

7/27/2013 9:18:41 PM
mbar-log-2013-07-27 (21-18-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 304398
Time elapsed: 17 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Ich habe mein Microsoft Visual Basic deinstalliert und nun konnte ich auch einen Quick-Scan mit aswMBR durchführen. Scheinbar keine Funde:

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-28 08:56:05
-----------------------------
08:56:05.863    OS Version: Windows x64 6.0.6002 Service Pack 2
08:56:05.863    Number of processors: 2 586 0x1706
08:56:05.864    ComputerName: MATZEBOOK  UserName: Matze
08:56:40.325    Initialize success
08:57:14.821    AVAST engine defs: 13072700
08:57:22.127    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:57:22.129    Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3
08:57:22.629    Disk 0 MBR read successfully
08:57:22.631    Disk 0 MBR scan
08:57:22.658    Disk 0 Windows VISTA default MBR code
08:57:22.661    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      125 MB offset 63
08:57:22.675    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        10240 MB offset 258048
08:57:22.688    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS      292317 MB offset 21229568
08:57:22.693    Disk 0 Partition - 00    0F Extended LBA              2560 MB offset 619896832
08:57:22.775    Disk 0 Partition 4 00    DD              MSDOS5.0    2559 MB offset 619898880
08:57:22.969    Disk 0 scanning C:\Windows\system32\drivers
08:57:47.151    Service scanning
08:59:26.548    Modules scanning
08:59:26.554    Disk 0 trace - called modules:
08:59:26.602    ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
08:59:26.606    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006622640]
08:59:26.610    3 CLASSPNP.SYS[fffffa60012e3c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80045ac050]
08:59:38.217    AVAST engine scan C:\Windows
08:59:57.722    AVAST engine scan C:\Windows\system32
09:11:35.822    AVAST engine scan C:\Windows\system32\drivers
09:12:38.894    AVAST engine scan C:\Users\Matze
13:02:25.705    AVAST engine scan C:\ProgramData
13:15:23.576    Scan finished successfully
13:17:02.014    Disk 0 MBR has been saved successfully to "C:\Users\Matze\Desktop\MBR.dat"
13:17:02.019    The log file has been saved successfully to "C:\Users\Matze\Desktop\aswMBR.txt"


cosinus 28.07.2013 22:29

Mal als Zwischenstand, was genau ist jetzt an Problemen noch offen?

matzepatze 29.07.2013 07:32

Ok! Also:

Die Kommandozeile funktioniert wieder reibungslos. AntiVir habe ich vorsichtshalber wieder installiert und dies funktioniert auch wieder tadellos.

Avast hat mit einem QuickScan nichts gefunden, bietet jedoch den FixMBR an. Ebenso hat TDsskiller und MalwareBytes nichts gefunden. Ich lasse gerade AntiVir nochmal über das gesamte Laufwerk suchen.

Was sollte noch gemacht werden?

cosinus 29.07.2013 11:30

Mit aswMBR bitte NICHTS machen!

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Danach eine Kontrolle mit Farbars Tool bitte:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


matzepatze 29.07.2013 17:25

So, hier die logs. Zuerst JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.7 (07.29.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Matze on Mon 07/29/2013 at 17:28:43.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Successfully deleted: [File] C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\user.js
Emptied folder: C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/29/2013 at 17:37:06.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

dann adwcleaner:

Code:

# AdwCleaner v2.306 - Datei am 29/07/2013 um 17:45:49 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Matze - MATZEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Matze\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : APNMCP

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
Datei Gelöscht : C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\searchplugins\11-suche.xml
Gelöscht mit Neustart : C:\Program Files (x86)\AskPartnerNetwork
Gelöscht mit Neustart : C:\ProgramData\AskPartnerNetwork
Gelöscht mit Neustart : C:\Users\Matthias\AppData\Local\Temp\APN
Gelöscht mit Neustart : C:\Users\Matze\AppData\Local\PackageAware
Gelöscht mit Neustart : C:\Users\Matze\AppData\Local\Temp\APN

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Datei : C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\a1923cqi.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1927 octets] - [29/07/2013 17:44:37]
AdwCleaner[S1].txt - [1901 octets] - [29/07/2013 17:45:49]

########## EOF - C:\AdwCleaner[S1].txt - [1961 octets] ##########

und zum Schluss noch FRST:


FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by Matze (administrator) on 29-07-2013 18:18:27
Running from C:\Users\Matze\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\upeksvr.exe
(Emsi Software GmbH) C:\Program Files (x86)\Online Armor\OAcat.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Flexera Software, Inc.) C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
(Flexera Software, Inc.) C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ESRI) C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
( ) C:\Windows\system32\LMabcoms.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Dropbox, Inc.) C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Users\Matze\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matze\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matze\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Matze\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Matze\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [271872 2008-07-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\Protector Suite QL\launcher.exe [66824 2008-06-19] (UPEK Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2008-07-17] (IDT, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [165144 2008-10-13] (Acronis)
HKLM\...\Run: [SpywareTerminatorShield] - "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [x]
HKLM\...\Run: [SpywareTerminatorUpdater] - "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [x]
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2008-08-06] (Creative Technology Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4378000 2008-10-13] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962480 2008-10-13] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] -  [x]
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {8CC1B7C0-3FDB-4368-82C6-F39F339FB180} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\Win32\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194
Tcpip\..\Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: [NameServer]134.245.10.7,134.245.1.36

FireFox:
========
FF ProfilePath: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default
FF SelectedSearchEngine: foxsearch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\XChangePDFViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=0.9.9 - C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Matze\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Matze\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: TVU Web Player - C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\Extensions\firefox@tvunetworks.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: toolbar_AVIRA-V7 - C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Matze\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox351\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (Gutscheinmieze-Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [86016 2008-07-17] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-28] (Avira Operations GmbH & Co. KG)
R2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [1386320 2010-11-09] (Flexera Software, Inc.)
S3 BFE; C:\Windows\SysWow64\. [0 2013-07-29] ()
S4 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [691200 2009-03-03] (FileZilla Project)
S2 gupdate1c9a87df6fc8890; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-03-19] (Google Inc.)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1044992 2009-09-25] ( )
S3 MpsSvc; C:\Windows\SysWow64\. [0 2013-07-29] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2008-10-20] ()
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [210920 2012-06-04] (Emsi Software GmbH)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe [122880 2008-07-17] (IDT, Inc.)
S3 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4382968 2012-06-04] (Emsi Software GmbH)
S3 DeltaCopyService; "C:\Program Files (x86)\DeltaCopy\DCServce.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF9035BDA.sys [273088 2009-11-05] (AfaTech                  )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-07-28] (Avira Operations GmbH & Co. KG)
S3 mod7700; C:\Windows\System32\DRIVERS\dvb7700all.sys [865344 2009-11-02] (DiBcom)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [61624 2012-06-04] ()
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [61624 2012-06-04] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [61624 2012-06-04] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [61624 2012-06-04] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [40512 2012-06-04] (Emsisoft)
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [40512 2012-06-04] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2012-06-04] (Emsisoft)
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2008-08-06] (EyePower Games Pte. Ltd.)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
R1 sepdal; C:\Windows\System32\Drivers\sepdal.sys [16760 2011-12-26] (Intel Corporation)
R1 sepdal; C:\Windows\System32\Drivers\sepdal.sys [16760 2011-12-26] (Intel Corporation)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2009-06-03] (Acronis)
R0 tdrpman147; C:\Windows\System32\DRIVERS\tdrpm147.sys [1580576 2009-06-03] (Acronis)
S2 CAPI20; System32\Drivers\CAPI20.SYS [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DETEWECP; \SystemRoot\System32\drivers\detewecp.sys [x]
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 18:04 - 2013-07-29 18:12 - 00055162 _____ C:\Users\Matze\Downloads\FRST.txt
2013-07-29 17:59 - 2013-07-29 17:59 - 01780547 _____ (Farbar) C:\Users\Matze\Downloads\FRST64.exe
2013-07-29 17:46 - 2013-07-29 17:46 - 00000322 _____ C:\Windows\DeleteOnReboot.bat
2013-07-29 17:45 - 2013-07-29 17:46 - 00002030 _____ C:\AdwCleaner[S1].txt
2013-07-29 17:44 - 2013-07-29 17:45 - 00001927 _____ C:\AdwCleaner[R1].txt
2013-07-29 17:37 - 2013-07-29 17:37 - 00001412 _____ C:\Users\Matze\Desktop\JRT.txt
2013-07-29 17:25 - 2013-07-29 17:25 - 00000000 ____D C:\Windows\ERUNT
2013-07-29 17:21 - 2013-07-29 17:21 - 01780547 _____ (Farbar) C:\Users\Matze\Desktop\FRST64 (1).exe
2013-07-29 17:20 - 2013-07-29 17:20 - 00666633 _____ C:\Users\Matze\Desktop\adwcleaner.exe
2013-07-29 17:17 - 2013-07-29 17:19 - 00562353 _____ (Oleg N. Scherbakov) C:\Users\Matze\Desktop\JRT (1).exe
2013-07-29 10:26 - 2013-07-29 10:26 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-07-28 13:17 - 2013-07-28 13:17 - 00002099 _____ C:\Users\Matze\Desktop\aswMBR.txt
2013-07-28 13:17 - 2013-07-28 13:17 - 00000512 _____ C:\Users\Matze\Desktop\MBR.dat
2013-07-28 08:47 - 2013-07-28 08:47 - 00015488 _____ C:\Users\Matze\AppData\Local\dd_vstor40_x64UI4858.txt
2013-07-28 08:46 - 2013-07-28 08:47 - 00502248 _____ C:\Users\Matze\AppData\Local\dd_vstor40_lp_x64_deuMSI47C2.txt
2013-07-28 08:46 - 2013-07-28 08:47 - 00014206 _____ C:\Users\Matze\AppData\Local\dd_vstor40_lp_x64_deuUI47C2.txt
2013-07-28 08:41 - 2013-07-28 08:41 - 00000000 ____D C:\Users\Matze\AppData\Roaming\Avira
2013-07-28 07:57 - 2013-07-28 07:57 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Avira
2013-07-28 07:56 - 2013-07-28 08:23 - 04745728 _____ (AVAST Software) C:\Users\Matthias\Desktop\aswMBR.exe
2013-07-28 07:55 - 2013-07-28 07:55 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Dell
2013-07-28 07:54 - 2013-07-28 07:54 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Adobe
2013-07-28 07:54 - 2013-07-28 07:54 - 00000000 ____D C:\Users\Matthias\AppData\Local\Macromedia
2013-07-28 07:53 - 2013-07-28 07:53 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Mozilla
2013-07-28 07:53 - 2013-07-28 07:53 - 00000000 ____D C:\Users\Matthias\AppData\Local\Mozilla
2013-07-28 07:52 - 2013-07-28 07:52 - 00166576 _____ C:\Users\Matthias\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-28 07:51 - 2013-07-28 07:51 - 00000000 ____D C:\Users\Matthias\AppData\Local\VirtualStore
2013-07-28 07:44 - 2013-07-28 07:44 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-28 07:44 - 2013-07-28 07:44 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-28 07:42 - 2013-07-28 07:42 - 00001863 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-28 07:42 - 2013-07-28 07:40 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-28 07:42 - 2013-07-28 07:40 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-28 07:42 - 2013-07-28 07:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-28 07:41 - 2013-07-28 07:42 - 00000000 ____D C:\ProgramData\Avira
2013-07-28 07:41 - 2013-07-28 07:41 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-28 07:31 - 2013-07-28 07:31 - 02092792 _____ C:\Users\Matze\Downloads\avira_free_antivirus (1).exe
2013-07-27 21:47 - 2013-07-27 21:49 - 04745728 _____ (AVAST Software) C:\Users\Matze\Desktop\aswMBR (1).exe
2013-07-27 21:16 - 2013-07-27 21:44 - 00000000 ____D C:\Users\Matze\Desktop\mbar
2013-07-27 21:14 - 2013-07-27 21:15 - 13399154 _____ C:\Users\Matze\Desktop\mbar-1.06.0.1004 (1).zip
2013-07-27 20:44 - 2013-07-27 20:44 - 00021004 _____ C:\ComboFix.txt
2013-07-27 19:39 - 2013-07-27 19:52 - 00040794 _____ C:\Users\Matze\Desktop\Addition.txt
2013-07-27 19:36 - 2013-07-27 19:36 - 00000000 ____D C:\FRST
2013-07-27 19:34 - 2013-07-27 19:35 - 01780815 _____ (Farbar) C:\Users\Matze\Desktop\FRST64.exe
2013-07-26 19:44 - 2013-07-26 19:45 - 04745728 _____ (AVAST Software) C:\Users\Matze\Downloads\aswMBR.exe
2013-07-26 19:44 - 2013-07-26 19:45 - 04745728 _____ (AVAST Software) C:\Users\Matze\Desktop\aswMBR.exe
2013-07-26 19:44 - 2013-07-26 19:45 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Matze\Desktop\tdsskiller.exe
2013-07-26 19:13 - 2013-07-26 19:13 - 00291360 _____ C:\Windows\Minidump\Mini072613-02.dmp
2013-07-26 19:08 - 2013-07-26 19:08 - 00000000 ____D C:\found.000
2013-07-26 07:45 - 2013-07-26 07:45 - 00284480 _____ C:\Windows\Minidump\Mini072613-01.dmp
2013-07-26 06:51 - 2013-07-27 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-26 06:35 - 2013-07-26 06:35 - 13399154 _____ C:\Users\Matze\Desktop\mbar-1.06.0.1004.zip
2013-07-25 23:18 - 2013-07-25 23:19 - 05093969 ____R (Swearware) C:\Users\Matze\Desktop\ComboFix.exe
2013-07-25 22:10 - 2013-07-27 20:45 - 00000000 ____D C:\Qoobox
2013-07-25 22:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-25 22:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-25 22:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-25 22:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-25 22:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-25 22:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-25 22:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-25 22:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-25 22:08 - 2013-07-27 20:17 - 00000000 ____D C:\Windows\erdnt
2013-07-25 19:39 - 2013-07-25 19:39 - 00005169 _____ C:\Users\Matze\Desktop\gmer.txt
2013-07-25 11:26 - 2013-07-25 11:27 - 00082956 _____ C:\Users\Matze\Desktop\Extras.Txt
2013-07-25 11:24 - 2013-07-25 21:47 - 00123888 _____ C:\Users\Matze\Desktop\OTL.Txt
2013-07-25 11:02 - 2013-07-25 11:02 - 00377856 _____ C:\Users\Matze\Downloads\gmer_2.1.19163.exe
2013-07-25 11:02 - 2013-07-25 11:02 - 00377856 _____ C:\Users\Matze\Desktop\gmer_2.1.19163.exe
2013-07-25 11:01 - 2013-07-25 11:01 - 00793536 _____ C:\Users\Matze\Downloads\ZipOpenerSetup.exe
2013-07-25 11:01 - 2013-07-25 11:01 - 00602112 _____ (OldTimer Tools) C:\Users\Matze\Downloads\OTL.exe
2013-07-25 11:01 - 2013-07-25 11:01 - 00602112 _____ (OldTimer Tools) C:\Users\Matze\Desktop\OTL.exe
2013-07-25 10:46 - 2013-07-25 10:46 - 00000472 _____ C:\Users\Matze\Desktop\defogger_disable.log
2013-07-25 10:46 - 2013-07-25 10:46 - 00000000 _____ C:\Users\Matze\defogger_reenable
2013-07-25 10:46 - 2013-07-25 10:45 - 00050477 _____ C:\Users\Matze\Desktop\Defogger.exe
2013-07-25 10:45 - 2013-07-25 10:45 - 00050477 _____ C:\Users\Matze\Downloads\Defogger.exe
2013-07-25 10:37 - 2013-07-25 10:37 - 00018532 _____ C:\Users\Matze\Desktop\hijackthis.log
2013-07-25 10:28 - 2013-07-25 10:28 - 00018028 _____ C:\Users\Matze\Downloads\hijackthis.log
2013-07-25 10:26 - 2013-07-25 10:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Matze\Downloads\HiJackThis204.exe
2013-07-25 09:58 - 2013-07-28 07:51 - 00000000 ____D C:\Users\Matthias
2013-07-25 09:58 - 2013-07-25 09:58 - 00000020 ___SH C:\Users\Matthias\ntuser.ini
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Vorlagen
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Startmenü
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Netzwerkumgebung
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Lokale Einstellungen
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Eigene Dateien
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Druckumgebung
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Documents\Eigene Musik
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Documents\Eigene Bilder
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\AppData\Local\Verlauf
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\AppData\Local\Anwendungsdaten
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Anwendungsdaten
2013-07-25 09:58 - 2012-06-25 03:09 - 00000000 ____D C:\Users\Matthias\Documents\Visual Studio 2010
2013-07-25 09:58 - 2009-05-17 10:29 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Macromedia
2013-07-25 09:58 - 2009-03-13 10:07 - 00000000 ____D C:\Users\Matthias\AppData\Local\Microsoft Help
2013-07-24 15:19 - 2013-07-24 15:19 - 00002347 _____ C:\Users\Matze\Downloads\Gmer.txt
2013-07-24 15:12 - 2013-07-24 15:12 - 00377856 _____ C:\Users\Matze\Downloads\itlggpf8.exe
2013-07-24 15:09 - 2013-07-24 15:09 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-24 15:07 - 2013-07-24 15:07 - 05049344 _____ (Crawler.com                                                ) C:\Users\Matze\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-07-22 03:01 - 2013-07-22 03:09 - 00000000 ____D C:\Windows\system32\MRT
2013-07-16 08:20 - 2013-07-15 15:34 - 00000508 _____ C:\Users\Matze\Desktop\_1_lhs_nitrate004.R
2013-07-15 22:46 - 2013-07-16 12:57 - 00011544 _____ C:\Users\Matze\Desktop\fert_var.R
2013-07-13 08:25 - 2013-07-13 08:25 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
2013-07-12 20:00 - 2013-07-12 20:00 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
2013-07-10 15:44 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 15:44 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 15:44 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 15:44 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 15:44 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 15:44 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 15:44 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 15:44 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 15:44 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 15:44 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 15:44 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 15:44 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 15:44 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 15:44 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 15:44 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 15:44 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 15:44 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 15:44 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 15:44 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 15:44 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 15:44 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 15:44 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 15:44 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 15:44 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 15:44 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 15:44 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 15:44 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 15:44 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 15:44 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 15:44 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 15:44 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 15:44 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 15:34 - 2013-06-01 06:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 15:34 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 15:33 - 2013-06-04 04:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 15:33 - 2013-05-08 06:18 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 15:33 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 15:33 - 2013-04-17 14:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-10 15:33 - 2013-04-17 14:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-10 15:33 - 2013-04-17 14:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-10 15:33 - 2013-04-17 14:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-10 15:33 - 2013-04-17 13:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-10 15:33 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-10 15:33 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-10 15:33 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-10 15:33 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-10 15:33 - 2013-04-17 13:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-10 15:33 - 2013-04-17 13:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-10 15:33 - 2013-04-17 12:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 15:33 - 2013-04-17 12:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-10 15:33 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-10 15:33 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-10 15:33 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-10 15:33 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-05 12:59 - 2013-07-05 15:22 - 00005142 _____ C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R
2013-07-04 17:13 - 2013-07-04 17:13 - 00000000 ____D C:\Users\Matze\AppData\Roaming\Ilkid
2013-07-02 09:15 - 2013-07-02 09:15 - 00002255 _____ C:\Users\Matze\Desktop\nitrate_shape.R

==================== One Month Modified Files and Folders =======

2013-07-29 18:12 - 2013-07-29 18:04 - 00055162 _____ C:\Users\Matze\Downloads\FRST.txt
2013-07-29 18:03 - 2009-03-06 12:24 - 01116626 _____ C:\Windows\WindowsUpdate.log
2013-07-29 17:59 - 2013-07-29 17:59 - 01780547 _____ (Farbar) C:\Users\Matze\Downloads\FRST64.exe
2013-07-29 17:59 - 2011-10-10 11:04 - 00000000 ____D C:\Users\Matze\AppData\Roaming\Dropbox
2013-07-29 17:54 - 2011-10-10 11:08 - 00000000 ___RD C:\Users\Matze\Dropbox
2013-07-29 17:53 - 2009-03-10 17:48 - 00166968 _____ C:\Users\Matze\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-29 17:51 - 2009-03-11 10:36 - 00194597 _____ C:\ProgramData\nvModes.001
2013-07-29 17:51 - 2009-03-11 10:27 - 00194597 _____ C:\ProgramData\nvModes.dat
2013-07-29 17:50 - 2006-11-02 17:21 - 03172976 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 17:49 - 2008-01-21 05:26 - 00156772 _____ C:\Windows\PFRO.log
2013-07-29 17:49 - 2006-11-02 17:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 17:49 - 2006-11-02 17:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 17:47 - 2009-03-06 12:25 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-07-29 17:46 - 2013-07-29 17:46 - 00000322 _____ C:\Windows\DeleteOnReboot.bat
2013-07-29 17:46 - 2013-07-29 17:45 - 00002030 _____ C:\AdwCleaner[S1].txt
2013-07-29 17:45 - 2013-07-29 17:44 - 00001927 _____ C:\AdwCleaner[R1].txt
2013-07-29 17:37 - 2013-07-29 17:37 - 00001412 _____ C:\Users\Matze\Desktop\JRT.txt
2013-07-29 17:25 - 2013-07-29 17:25 - 00000000 ____D C:\Windows\ERUNT
2013-07-29 17:21 - 2013-07-29 17:21 - 01780547 _____ (Farbar) C:\Users\Matze\Desktop\FRST64 (1).exe
2013-07-29 17:20 - 2013-07-29 17:20 - 00666633 _____ C:\Users\Matze\Desktop\adwcleaner.exe
2013-07-29 17:19 - 2013-07-29 17:17 - 00562353 _____ (Oleg N. Scherbakov) C:\Users\Matze\Desktop\JRT (1).exe
2013-07-29 10:26 - 2013-07-29 10:26 - 00000000 ____D C:\Windows\LastGood.Tmp
2013-07-29 10:26 - 2009-03-10 17:46 - 00000000 ____D C:\Users\Matze
2013-07-29 09:22 - 2009-03-11 20:47 - 00123904 _____ C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-28 16:58 - 2009-03-23 20:07 - 00000000 ____D C:\Program Files\Jdownloader
2013-07-28 15:56 - 2010-05-03 08:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-28 15:56 - 2010-05-03 08:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-07-28 15:53 - 2011-01-11 21:29 - 00000000 ____D C:\Users\Matze\AppData\Roaming\TerraTec
2013-07-28 15:19 - 2010-03-08 12:23 - 00000000 ____D C:\Program Files (x86)\Akademische Arbeitsgemeinschaft
2013-07-28 14:29 - 2010-09-14 11:21 - 00000000 ____D C:\Users\Matze\AppData\Roaming\BirdieSync
2013-07-28 13:17 - 2013-07-28 13:17 - 00002099 _____ C:\Users\Matze\Desktop\aswMBR.txt
2013-07-28 13:17 - 2013-07-28 13:17 - 00000512 _____ C:\Users\Matze\Desktop\MBR.dat
2013-07-28 13:13 - 2006-11-02 15:34 - 00000000 ____D C:\Windows\tracing
2013-07-28 08:49 - 2006-11-02 15:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-28 08:48 - 2012-06-21 12:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-07-28 08:47 - 2013-07-28 08:47 - 00015488 _____ C:\Users\Matze\AppData\Local\dd_vstor40_x64UI4858.txt
2013-07-28 08:47 - 2013-07-28 08:46 - 00502248 _____ C:\Users\Matze\AppData\Local\dd_vstor40_lp_x64_deuMSI47C2.txt
2013-07-28 08:47 - 2013-07-28 08:46 - 00014206 _____ C:\Users\Matze\AppData\Local\dd_vstor40_lp_x64_deuUI47C2.txt
2013-07-28 08:45 - 2012-06-21 12:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-07-28 08:41 - 2013-07-28 08:41 - 00000000 ____D C:\Users\Matze\AppData\Roaming\Avira
2013-07-28 08:23 - 2013-07-28 07:56 - 04745728 _____ (AVAST Software) C:\Users\Matthias\Desktop\aswMBR.exe
2013-07-28 07:57 - 2013-07-28 07:57 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Avira
2013-07-28 07:55 - 2013-07-28 07:55 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Dell
2013-07-28 07:54 - 2013-07-28 07:54 - 00000000 ____D C:\Users\Matthias\AppData\Local\Macromedia
2013-07-28 07:53 - 2013-07-28 07:53 - 00000000 ____D C:\Users\Matthias\AppData\Roaming\Mozilla
2013-07-28 07:53 - 2013-07-28 07:53 - 00000000 ____D C:\Users\Matthias\AppData\Local\Mozilla
2013-07-28 07:52 - 2013-07-28 07:52 - 00166576 _____ C:\Users\Matthias\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-28 07:51 - 2013-07-28 07:51 - 00000000 ____D C:\Users\Matthias\AppData\Local\VirtualStore
2013-07-28 07:51 - 2013-07-25 09:58 - 00000000 ____D C:\Users\Matthias
2013-07-28 07:44 - 2013-07-28 07:44 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-07-28 07:44 - 2013-07-28 07:44 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-07-28 07:42 - 2013-07-28 07:42 - 00001863 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-07-28 07:42 - 2013-07-28 07:41 - 00000000 ____D C:\ProgramData\Avira
2013-07-28 07:41 - 2013-07-28 07:41 - 00000000 ____D C:\Program Files (x86)\Avira
2013-07-28 07:40 - 2013-07-28 07:42 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-07-28 07:40 - 2013-07-28 07:42 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-07-28 07:40 - 2013-07-28 07:42 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-28 07:31 - 2013-07-28 07:31 - 02092792 _____ C:\Users\Matze\Downloads\avira_free_antivirus (1).exe
2013-07-27 21:49 - 2013-07-27 21:47 - 04745728 _____ (AVAST Software) C:\Users\Matze\Desktop\aswMBR (1).exe
2013-07-27 21:44 - 2013-07-27 21:16 - 00000000 ____D C:\Users\Matze\Desktop\mbar
2013-07-27 21:44 - 2013-07-26 06:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-27 21:15 - 2013-07-27 21:14 - 13399154 _____ C:\Users\Matze\Desktop\mbar-1.06.0.1004 (1).zip
2013-07-27 20:45 - 2013-07-25 22:10 - 00000000 ____D C:\Qoobox
2013-07-27 20:44 - 2013-07-27 20:44 - 00021004 _____ C:\ComboFix.txt
2013-07-27 20:21 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-07-27 20:17 - 2013-07-25 22:08 - 00000000 ____D C:\Windows\erdnt
2013-07-27 19:52 - 2013-07-27 19:39 - 00040794 _____ C:\Users\Matze\Desktop\Addition.txt
2013-07-27 19:36 - 2013-07-27 19:36 - 00000000 ____D C:\FRST
2013-07-27 19:35 - 2013-07-27 19:34 - 01780815 _____ (Farbar) C:\Users\Matze\Desktop\FRST64.exe
2013-07-27 18:35 - 2008-01-21 13:10 - 01776322 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-27 18:35 - 2008-01-21 13:09 - 00753028 _____ C:\Windows\system32\perfh007.dat
2013-07-27 18:35 - 2008-01-21 13:09 - 00174794 _____ C:\Windows\system32\perfc007.dat
2013-07-26 19:45 - 2013-07-26 19:44 - 04745728 _____ (AVAST Software) C:\Users\Matze\Downloads\aswMBR.exe
2013-07-26 19:45 - 2013-07-26 19:44 - 04745728 _____ (AVAST Software) C:\Users\Matze\Desktop\aswMBR.exe
2013-07-26 19:45 - 2013-07-26 19:44 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Matze\Desktop\tdsskiller.exe
2013-07-26 19:13 - 2013-07-26 19:13 - 00291360 _____ C:\Windows\Minidump\Mini072613-02.dmp
2013-07-26 19:13 - 2012-02-10 17:33 - 573082519 _____ C:\Windows\MEMORY.DMP
2013-07-26 19:13 - 2009-04-27 08:14 - 00000000 ____D C:\Windows\Minidump
2013-07-26 19:08 - 2013-07-26 19:08 - 00000000 ____D C:\found.000
2013-07-26 07:45 - 2013-07-26 07:45 - 00284480 _____ C:\Windows\Minidump\Mini072613-01.dmp
2013-07-26 06:35 - 2013-07-26 06:35 - 13399154 _____ C:\Users\Matze\Desktop\mbar-1.06.0.1004.zip
2013-07-25 23:19 - 2013-07-25 23:18 - 05093969 ____R (Swearware) C:\Users\Matze\Desktop\ComboFix.exe
2013-07-25 22:56 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-07-25 21:47 - 2013-07-25 11:24 - 00123888 _____ C:\Users\Matze\Desktop\OTL.Txt
2013-07-25 19:39 - 2013-07-25 19:39 - 00005169 _____ C:\Users\Matze\Desktop\gmer.txt
2013-07-25 11:27 - 2013-07-25 11:26 - 00082956 _____ C:\Users\Matze\Desktop\Extras.Txt
2013-07-25 11:02 - 2013-07-25 11:02 - 00377856 _____ C:\Users\Matze\Downloads\gmer_2.1.19163.exe
2013-07-25 11:02 - 2013-07-25 11:02 - 00377856 _____ C:\Users\Matze\Desktop\gmer_2.1.19163.exe
2013-07-25 11:01 - 2013-07-25 11:01 - 00793536 _____ C:\Users\Matze\Downloads\ZipOpenerSetup.exe
2013-07-25 11:01 - 2013-07-25 11:01 - 00602112 _____ (OldTimer Tools) C:\Users\Matze\Downloads\OTL.exe
2013-07-25 11:01 - 2013-07-25 11:01 - 00602112 _____ (OldTimer Tools) C:\Users\Matze\Desktop\OTL.exe
2013-07-25 10:46 - 2013-07-25 10:46 - 00000472 _____ C:\Users\Matze\Desktop\defogger_disable.log
2013-07-25 10:46 - 2013-07-25 10:46 - 00000000 _____ C:\Users\Matze\defogger_reenable
2013-07-25 10:45 - 2013-07-25 10:46 - 00050477 _____ C:\Users\Matze\Desktop\Defogger.exe
2013-07-25 10:45 - 2013-07-25 10:45 - 00050477 _____ C:\Users\Matze\Downloads\Defogger.exe
2013-07-25 10:37 - 2013-07-25 10:37 - 00018532 _____ C:\Users\Matze\Desktop\hijackthis.log
2013-07-25 10:28 - 2013-07-25 10:28 - 00018028 _____ C:\Users\Matze\Downloads\hijackthis.log
2013-07-25 10:27 - 2013-07-25 10:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\Matze\Downloads\HiJackThis204.exe
2013-07-25 09:58 - 2013-07-25 09:58 - 00000020 ___SH C:\Users\Matthias\ntuser.ini
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Vorlagen
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Startmenü
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Netzwerkumgebung
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Lokale Einstellungen
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Eigene Dateien
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Druckumgebung
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Documents\Eigene Musik
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Documents\Eigene Bilder
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\AppData\Local\Verlauf
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\AppData\Local\Anwendungsdaten
2013-07-25 09:58 - 2013-07-25 09:58 - 00000000 _SHDL C:\Users\Matthias\Anwendungsdaten
2013-07-24 15:19 - 2013-07-24 15:19 - 00002347 _____ C:\Users\Matze\Downloads\Gmer.txt
2013-07-24 15:12 - 2013-07-24 15:12 - 00377856 _____ C:\Users\Matze\Downloads\itlggpf8.exe
2013-07-24 15:09 - 2013-07-24 15:09 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-07-24 15:07 - 2013-07-24 15:07 - 05049344 _____ (Crawler.com                                                ) C:\Users\Matze\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-07-24 08:06 - 2009-05-23 13:17 - 00001782 ____H C:\Users\Matze\Documents\Default.rdp
2013-07-22 03:09 - 2013-07-22 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-07-21 09:35 - 2012-11-19 20:35 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-21 09:35 - 2012-03-30 18:56 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-21 09:35 - 2011-12-07 21:58 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-21 09:05 - 2012-02-07 15:07 - 00000600 _____ C:\Users\Matze\AppData\Local\PUTTY.RND
2013-07-21 05:32 - 2009-04-16 19:47 - 00000680 _____ C:\Users\Matze\AppData\Local\d3d9caps.dat
2013-07-16 12:57 - 2013-07-15 22:46 - 00011544 _____ C:\Users\Matze\Desktop\fert_var.R
2013-07-15 15:34 - 2013-07-16 08:20 - 00000508 _____ C:\Users\Matze\Desktop\_1_lhs_nitrate004.R
2013-07-14 20:05 - 2013-04-25 12:45 - 00000000 ____D C:\Users\Matze\Desktop\indices_paper
2013-07-13 08:31 - 2013-05-16 09:01 - 00002044 _____ C:\Users\Matze\Desktop\Google Chrome.lnk
2013-07-13 08:25 - 2013-07-13 08:25 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
2013-07-12 20:00 - 2013-07-12 20:00 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
2013-07-12 09:31 - 2009-03-06 12:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 22:15 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-11 22:15 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 16:01 - 2009-03-11 09:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-08 08:45 - 2006-11-02 17:42 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-08 08:45 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-08 08:16 - 2012-09-04 12:42 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job
2013-07-08 08:00 - 2009-06-27 20:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-05 15:22 - 2013-07-05 12:59 - 00005142 _____ C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R
2013-07-05 08:39 - 2012-04-27 09:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-04 18:11 - 2012-09-04 12:42 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA
2013-07-04 18:11 - 2012-09-04 12:42 - 00003396 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core
2013-07-04 17:13 - 2013-07-04 17:13 - 00000000 ____D C:\Users\Matze\AppData\Roaming\Ilkid
2013-07-04 12:46 - 2009-06-27 20:45 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-04 12:46 - 2009-06-27 20:45 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-02 16:29 - 2013-02-01 21:19 - 00000000 ____D C:\Users\Matze\Desktop\lowflow_paper
2013-07-02 14:27 - 2013-06-26 16:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-02 09:15 - 2013-07-02 09:15 - 00002255 _____ C:\Users\Matze\Desktop\nitrate_shape.R

Files to move or delete:
====================
C:\ProgramData\nvModes.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-29 18:07

==================== End Of Log ============================

--- --- ---


Sieht es schon besser aus?

cosinus 29.07.2013 22:52

Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


matzepatze 31.07.2013 20:03

So, hier nun endlich die finalen logs.

Zuerst Malwarebytes:

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.30.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Matze :: MATZEBOOK [Administrator]

Schutz: Aktiviert

7/30/2013 7:18:34 AM
MBAM-log-2013-07-30 (16-12-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1578129
Laufzeit: 8 Stunde(n), 15 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\$RECYCLE.BIN\S-1-5-21-221889202-2462721696-489215793-1000\$RKLURQJ.zip (Trojan.Agent.CK) -> Keine Aktion durchgeführt.
C:\Users\Matze\Downloads\SoftonicDownloader_fuer_calibre.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.

(Ende)

Und dann noch Eset:

Code:

C:\Users\Matze\Downloads\3b37ed.pdf        JS/Agent.NHZ trojan

cosinus 31.07.2013 23:36

Bitte den Müll in "Downloads" löschen und lass bitte in Zukunft die Finger von Softonic!

Außerdem bitte TFC ausführen:

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

matzepatze 01.08.2013 19:09

Gute, habe ich durchlaufen lassen. Kann ich nun mit dem Aufräumen beginnen? :dankeschoen:

cosinus 02.08.2013 11:40

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

matzepatze 02.08.2013 17:37

Es läuft wieder alles ohne Probleme. Vielen vielen Dank!

cosinus 03.08.2013 01:33

Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board



Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131