Trojaner-Board - Lufthansamail

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Lufthansamail (https://www.trojaner-board.de/128291-lufthansamail.html)

Hallo,
ich habe gestern auch die Lufthansamail bekommen. Ich habe auf den Anhang geklickt und wurde gefragt, ob ich die Datei ausführen möchte. Ich habe dann den Vorgang abgebrochen und die mail gelöscht.
Betriebssytem Windows 7 64bit mit 2 usern
Betriebssytem Windows 8 mit Bootmanager auf derselben HD
Virenschutz: Bitdefender (kein Befund gemeldet)
Ich habe heute das System neu gebootet und festgestellt, dass der Taskmanager sich nicht mehr richtig starten läßt. Er startet und verabschiedet sich sofort wieder. Eine Systemwiederherstellung mit dem Datum 12.12. konnte nicht durchgeführt werden. Windows meldet, dass eine Datei dies verhindert. Ich habe gerade Windows 8 gestartet und überprüfe die Windows 7 Partition mit avast free. Bisher keine Meldung.

Frage: habe ich mir doch was gefangen und wie kann ich das kontrollieren?
Wie heisst dieses Verzeichnis ausgeschrieben:C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msisoyifx.exe ?

z.B. C:\users\name\appdata\local\Temp ?

Gruß
Werner

Hallo,
Malwarebytes hat folgendes gefunden und gelöscht (bzw. in quarantäne gestellt):
-wgsdgsdgdsgsd.exe (Trojan.FakeMS)
- ...startup\runctf.lnk (Trojan.Ransom.SUGen)
Der PC läuft wieder normal, d.h. der Taskmanager ist wieder da und der Internetexplorer lässt sich wieder normal starten.

Gruß
Werner

Hallo,
Malwarebytes hat 2 Trojaner gefunden und gelöscht bzw. in Quarantäne gestellt:
Trojan.FakeMS
Trojan.Ransom.SUGen
Der Taskmanager lässt sich wieder starten und der Internetexplorer auch wieder.
Gruss
Werner

Hallo und :hallo:

Zitat:

Malwarebytes hat folgendes gefunden und gelöscht (bzw. in quarantäne gestellt):
-wgsdgsdgdsgsd.exe (Trojan.FakeMS)

Warum postest du nicht einfach die Logs anstatt einer eigenen unvollständigen Beschreibung, die uns nicht weiterhilft? :dummguck:

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Cosinus,
bitte entschuldige den "Panikeintrag". Ich bin hier neu und habe zu sehr auf den Bitdefender vertraut, der nichts gemeldet hatte. Hier nun die Logs:
1) von Malwarebytes gestern abend (Quickscan) - der PC hat sich nach dem kompletten Scan aufgehängt ohne log. Ich wiederhole das gerade und ergänze in 2 Stunden.

Code:

Malwarebytes Anti-Malware (Test) 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.12.18.07
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.10.9200.16438

Schüle :: I7 [Administrator]
 

Schutz: Aktiviert
 

18.12.2012 22:55:00

mbam-log-2012-12-18 (22-55-00).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 240382

Laufzeit: 5 Minute(n), 19 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Schüle\Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Keine Aktion durchgeführt.

C:\Users\Schüle\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Löschen bei Neustart.

C:\Users\Schüle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

ADWCleaner R1

Code:

# AdwCleaner v2.101 - Datei am 19/12/2012 um 08:41:49 erstellt

# Aktualisiert am 16/12/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Schüle - I7

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Schüle\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gefunden : C:\ProgramData\Babylon

Ordner Gefunden : C:\ProgramData\Tarma Installer

Ordner Gefunden : C:\Users\Internet\AppData\Local\AskToolbar

Ordner Gefunden : C:\Users\SCHLE~1\AppData\Local\Temp\AskSearch

Ordner Gefunden : C:\Users\Schüle\AppData\LocalLow\BabylonToolbar

Ordner Gefunden : C:\Users\Schüle\AppData\Roaming\Babylon
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gefunden : HKCU\Software\DataMngr

Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gefunden : HKLM\Software\Babylon

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gefunden : HKLM\Software\DataMngr

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer

Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16438
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v23.0.1271.97
 

Datei : C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Gefunden [l.8] : homepage = "hxxp://search.babylon.com/?affID=116295&tt=091212_9101_5012_3&babsrc=HP_ss&mntrId=00e106b8000000000000060fb5237758",

Gefunden [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",

Gefunden [l.47] : keyword = "babylon.com",

Gefunden [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&babsrc=SP_ss&mntrId=00e106b8000000000000060fb5237758",

Gefunden [l.1403] : homepage = "hxxp://search.babylon.com/?affID=116295&tt=091212_9101_5012_3&babsrc=HP_ss&mntrId=00e106b8000000000000060fb5237758",
 

*************************
 

AdwCleaner[R1].txt - [2534 octets] - [19/12/2012 08:41:49]
 

########## EOF - C:\AdwCleaner[R1].txt - [2594 octets] ##########

ADWCleaner S1

Code:

# AdwCleaner v2.101 - Datei am 19/12/2012 um 08:44:20 erstellt

# Aktualisiert am 16/12/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Schüle - I7

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Schüle\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Ordner Gelöscht : C:\Users\Internet\AppData\Local\AskToolbar

Ordner Gelöscht : C:\Users\SCHLE~1\AppData\Local\Temp\AskSearch

Ordner Gelöscht : C:\Users\Schüle\AppData\LocalLow\BabylonToolbar

Ordner Gelöscht : C:\Users\Schüle\AppData\Roaming\Babylon
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\DataMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16438
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v23.0.1271.97
 

Datei : C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Gelöscht [l.8] : homepage = "hxxp://search.babylon.com/?affID=116295&tt=091212_9101_5012_3&babsrc=HP_ss&mntrId[...]

Gelöscht [l.44] : icon_url = "hxxp://www.babylon.com/favicon.ico",

Gelöscht [l.47] : keyword = "babylon.com",

Gelöscht [l.50] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&b[...]

Gelöscht [l.1403] : homepage = "hxxp://search.babylon.com/?affID=116295&tt=091212_9101_5012_3&babsrc=HP_ss&mntrId=00[...]
 

*************************
 

AdwCleaner[R1].txt - [2661 octets] - [19/12/2012 08:41:49]

AdwCleaner[S1].txt - [2491 octets] - [19/12/2012 08:44:20]
 

########## EOF - C:\AdwCleaner[S1].txt - [2551 octets] ##########

Und beim Neustart heute früh hat sich Bitdefender gemeldet:

Code:

Bitdefender hat ein infiziertes Element erkannt in c:\users\name\appdata\locallow\sun\java\deployment\cache\6.0\30\1ede2ede-72ac81fe. Virus name:Gen:Variant.Kazy.128936. Dieses Element wurde zu Ihrem Schutz desinfiziert

Der vollständige scan wird nachher ergänzt.
Gruß
Werner

Hier das Ergebnis des vollständigen Scans. Bei den Funden tippe ich auf einen Fehlalarm. Das ist eine Schachengine, die ich und etliche andere gekauft haben. Bei Jotti gescannt war alles grün.
Gruß
Wermer

Code:

Malwarebytes Anti-Malware (Test) 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.12.19.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.10.9200.16438

***** :: I7 [Administrator]
 

Schutz: Aktiviert
 

19.12.2012 09:02:30

mbam-log-2012-12-19 (11-27-14).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 731996

Laufzeit: 2 Stunde(n), 18 Minute(n), 29 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 8

C:\System Volume Information\SystemRestore\FRStaging\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.

C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.0-32bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.

C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.0-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.

C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.1-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.

C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.1a-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.

C:\Users\*****\Arena\Engines\Chiron\1.0\Chiron-1.1beta2-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.

C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-32bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.

C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe (Malware.Packer.T) -> Keine Aktion durchgeführt.
 

(Ende)

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

msconfig

netsvcs

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles

%SYSTEMROOT%\System32\config\*.sav

%SYSTEMROOT%\*. /mp /s

%SYSTEMROOT%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Cosinus,
hier der Scan,
viele Grüße
Werner

Code:

OTL logfile created on: 20.12.2012 09:08:56 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16438)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,99 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,35% Memory free

11,98 Gb Paging File | 10,02 Gb Available in Paging File | 83,67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 362,29 Gb Total Space | 260,00 Gb Free Space | 71,77% Space Free | Partition Type: NTFS

Drive D: | 449,12 Gb Total Space | 422,41 Gb Free Space | 94,05% Space Free | Partition Type: NTFS

Drive F: | 15,01 Gb Total Space | 1,27 Gb Free Space | 8,45% Space Free | Partition Type: FAT32

Drive G: | 120,00 Gb Total Space | 99,23 Gb Free Space | 82,69% Space Free | Partition Type: NTFS

 

Computer Name: I7 | User Name: ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe

PRC - [2012.11.01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012.11.01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012.11.01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Users\*****\Programme\vmware-authd.exe

PRC - [2012.10.25 23:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Users\*****\Programme\PDF24\pdf24.exe

PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2008.09.19 09:22:02 | 000,241,152 | ---- | M] (Aqua Computer) -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2012.12.19 12:31:48 | 001,644,816 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)

SRV:64bit: - [2012.12.19 12:31:44 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)

SRV:64bit: - [2009.11.25 04:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012.12.19 12:31:54 | 000,068,440 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)

SRV - [2012.12.11 21:08:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.11.01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012.11.01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012.11.01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Users\*****\Programme\vmware-authd.exe -- (VMAuthdService)

SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.09.19 09:22:02 | 000,241,152 | ---- | M] (Aqua Computer) [Auto | Running] -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe -- (SetClockService)

SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)

DRV:64bit: - [2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)

DRV:64bit: - [2012.11.01 02:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012.11.01 02:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012.11.01 02:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012.11.01 02:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012.11.01 02:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2012.10.31 20:58:08 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)

DRV:64bit: - [2012.10.31 20:58:01 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)

DRV:64bit: - [2012.10.31 20:57:27 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)

DRV:64bit: - [2012.10.24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2012.10.24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2012.10.11 17:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.08.29 17:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)

DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.09.21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.03.12 17:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)

DRV:64bit: - [2009.11.25 04:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2012.07.06 14:21:55 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)

DRV - [2011.11.14 19:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 EA 53 30 4B 7F CA 01  [binary data]

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes,DefaultScope = {CB235525-13FB-4E1D-9B76-D2C5072DED04}

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{CB235525-13FB-4E1D-9B76-D2C5072DED04}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012.10.23 18:31:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012.10.23 18:31:15 | 000,000,000 | ---D | M]

 

[2012.12.10 23:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com/

CHR - default_search_provider: Search the web (Babylon) (Enabled)

CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&babsrc=SP_ss&mntrId=00e106b8000000000000060fb5237758

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Users\*****\Programme\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562912A8-2BCE-4110-9163-09C0D5DD71F9}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1739EC1-A2A2-4BDB-9B03-8C4A792A4B85}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.20 09:02:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe

[2012.12.18 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes

[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.18 22:53:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.12.18 22:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012.12.10 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\VisualBeeExe

[2012.12.10 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.12.10 23:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee

[2012.12.07 20:49:11 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile

[2012.12.06 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications

[2012.12.03 11:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shredder Classic 4 ct 2012

[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics

[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics

[2012.11.29 17:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations

[2012.11.29 17:05:31 | 000,000,000 | ---D | C] -- C:\Users\*****\Hama

[2012.11.28 09:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.11.27 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Virtual Machines

[2012.11.27 14:13:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\VMware

[2012.11.27 14:13:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\VMware

[2012.11.27 14:13:23 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll

[2012.11.27 14:13:23 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll

[2012.11.27 14:13:22 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys

[2012.11.27 14:13:18 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys

[2012.11.27 14:13:18 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys

[2012.11.27 14:12:48 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe

[2012.11.27 14:12:44 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe

[2012.11.27 14:12:43 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys

[2012.11.27 14:12:39 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll

[2012.11.27 14:12:36 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys

[2012.11.27 14:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware

[2012.11.27 14:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware

[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware

[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware

[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited

[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited

[2012.11.26 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP

[2012.11.26 10:54:31 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT

[2012.11.26 08:59:12 | 000,000,000 | RH-D | C] -- C:\ESD

[2012.11.25 17:57:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery

[2012.11.25 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery

[2012.11.21 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Windows 8-Upgrade-Assistent-Dateien

[1 C:\Users\*****\Documents\*.tmp files -> C:\Users\*****\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.20 09:07:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.20 09:07:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe

[2012.12.20 08:58:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.20 08:58:20 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.20 08:51:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.12.20 08:50:56 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655496246-1840986789-653387279-1000UA.job

[2012.12.19 18:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655496246-1840986789-653387279-1000Core.job

[2012.12.19 13:37:00 | 000,010,465 | ---- | M] () -- C:\Users\*****\Documents\1355915070_1_02.xml

[2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys

[2012.12.19 08:41:21 | 000,547,175 | ---- | M] () -- C:\Users\*****\Desktop\adwcleaner.exe

[2012.12.18 22:53:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.18 12:11:31 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2012.12.17 10:58:15 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db

[2012.12.16 10:16:56 | 000,075,057 | ---- | M] () -- C:\Users\Public\Documents\computer.ssp

[2012.12.14 18:16:40 | 001,507,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.14 18:16:40 | 000,656,872 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.14 18:16:40 | 000,618,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.14 18:16:40 | 000,131,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.14 18:16:40 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.13 22:20:06 | 000,000,497 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml

[2012.12.13 17:18:55 | 000,002,482 | ---- | M] () -- C:\Users\*****\Desktop\Google Chrome.lnk

[2012.12.12 12:26:06 | 000,007,607 | ---- | M] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg

[2012.12.12 08:50:28 | 000,313,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.12.10 22:58:14 | 003,121,706 | ---- | M] () -- C:\Users\*****\Documents\0185 - Falco - Rock me Amadeus.mp3

[2012.12.09 10:13:29 | 000,139,149 | ---- | M] () -- C:\Users\*****\Documents\gow.jpg

[2012.12.07 20:51:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf

[2012.12.06 16:52:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.12.06 09:00:17 | 001,185,142 | ---- | M] () -- C:\Users\*****\Documents\Nokia_Lumia_820_UG_de.pdf

[2012.12.05 11:59:27 | 000,773,086 | ---- | M] () -- C:\Users\*****\Documents\Schule03.jpg

[2012.12.03 11:49:37 | 000,001,085 | ---- | M] () -- C:\Users\*****\Desktop\Shredder Classic 4 ct 2012.lnk

[2012.11.30 17:26:14 | 000,367,413 | ---- | M] () -- C:\Users\*****\Documents\Schule02.jpg

[2012.11.30 17:23:17 | 000,393,693 | ---- | M] () -- C:\Users\*****\Documents\Schule01.jpg

[2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys

[2012.11.27 14:12:12 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.27 14:12:12 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk

[2012.11.26 11:22:54 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2012.11.26 10:54:20 | 000,001,393 | ---- | M] () -- C:\Users\*****\Desktop\Windows installieren.lnk

[2012.11.25 17:57:01 | 000,000,178 | ---- | M] () -- C:\Users\*****\Desktop\Buy RAR Password Recovery Now!.url

[2012.11.21 16:38:27 | 000,024,478 | ---- | M] () -- C:\Users\*****\Documents\Windows 8-Upgrade-Assistent.html

[1 C:\Users\*****\Documents\*.tmp files -> C:\Users\*****\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.19 13:37:38 | 000,010,465 | ---- | C] () -- C:\Users\*****\Documents\1355915070_1_02.xml

[2012.12.19 08:41:19 | 000,547,175 | ---- | C] () -- C:\Users\*****\Desktop\adwcleaner.exe

[2012.12.18 22:53:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.18 12:11:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2012.12.10 23:10:52 | 003,121,706 | ---- | C] () -- C:\Users\*****\Documents\0185 - Falco - Rock me Amadeus.mp3

[2012.12.07 20:51:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf

[2012.12.07 20:49:34 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk

[2012.12.06 16:52:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.12.06 09:00:17 | 001,185,142 | ---- | C] () -- C:\Users\*****\Documents\Nokia_Lumia_820_UG_de.pdf

[2012.12.05 11:59:27 | 000,773,086 | ---- | C] () -- C:\Users\*****\Documents\Schule03.jpg

[2012.12.03 11:49:37 | 000,001,085 | ---- | C] () -- C:\Users\*****\Desktop\Shredder Classic 4 ct 2012.lnk

[2012.11.30 17:26:13 | 000,367,413 | ---- | C] () -- C:\Users\*****\Documents\Schule02.jpg

[2012.11.30 17:23:17 | 000,393,693 | ---- | C] () -- C:\Users\*****\Documents\Schule01.jpg

[2012.11.27 14:12:12 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.27 14:12:12 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk

[2012.11.26 11:22:54 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2012.11.26 11:22:54 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

[2012.11.26 10:47:51 | 000,001,393 | ---- | C] () -- C:\Users\*****\Desktop\Windows installieren.lnk

[2012.11.25 17:57:01 | 000,000,178 | ---- | C] () -- C:\Users\*****\Desktop\Buy RAR Password Recovery Now!.url

[2012.11.21 16:38:26 | 000,024,478 | ---- | C] () -- C:\Users\*****\Documents\Windows 8-Upgrade-Assistent.html

[2012.10.23 18:32:34 | 000,372,193 | ---- | C] () -- C:\ProgramData\1351013324.bdinstall.bin

[2012.09.15 09:54:15 | 000,850,964 | ---- | C] () -- C:\ProgramData\1347698460.bdinstall.bin

[2011.12.07 11:49:51 | 000,619,208 | ---- | C] () -- C:\ProgramData\bdinstall.bin

[2011.11.13 11:55:37 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db

[2011.09.08 23:00:41 | 000,000,030 | ---- | C] () -- C:\Windows\CHSSBASE.INI

[2011.09.08 22:53:42 | 000,007,676 | ---- | C] () -- C:\Windows\ENGINEEXT.INI

[2009.12.21 11:45:42 | 000,021,872 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Kommagetrennte Werte (Windows).ADR

[2009.12.21 10:39:44 | 000,002,126 | ---- | C] () -- C:\Users\*****\classic.css

[2009.12.17 21:28:31 | 000,007,607 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.12.18 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Bitdefender

[2011.09.30 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\ChessBase

[2011.10.02 23:03:50 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\GHISLER

[2012.10.04 08:05:34 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\ShredderChess

[2012.10.23 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bitdefender

[2012.11.26 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited

[2012.10.05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CCS64

[2012.10.22 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ChessBase

[2012.09.19 08:41:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Garmin

[2012.12.18 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GHISLER

[2010.12.26 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\HIARCS Chess

[2011.05.09 08:21:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lokasoft

[2011.12.07 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan

[2012.12.03 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ShredderChess

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2010.02.25 23:34:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2012.11.26 10:55:01 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT

[2009.12.17 20:12:21 | 000,000,000 | ---D | M] -- C:\ATI

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.12.17 19:33:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2012.11.26 08:59:12 | 000,000,000 | RH-D | M] -- C:\ESD

[2012.01.22 11:37:13 | 000,000,000 | ---D | M] -- C:\gtb

[2009.12.19 22:17:47 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2012.11.26 22:37:10 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.12.18 22:46:54 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.12.18 22:53:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012.12.19 08:44:20 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.12.17 19:33:38 | 000,000,000 | -HSD | M] -- C:\Programme

[2009.12.17 19:33:39 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012.12.20 09:10:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.03.12 17:09:34 | 000,000,000 | ---D | M] -- C:\Tbs

[2012.11.25 18:36:59 | 000,000,000 | R--D | M] -- C:\Users

[2012.12.18 22:48:46 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.06.09 16:00:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Adobe

[2009.12.17 20:15:04 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ATI

[2012.10.23 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bitdefender

[2012.11.26 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canneverbe Limited

[2012.10.05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CCS64

[2012.10.22 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ChessBase

[2012.09.19 08:41:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Garmin

[2012.12.18 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GHISLER

[2012.10.08 17:45:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Help

[2010.12.26 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\HIARCS Chess

[2009.12.17 19:34:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Identities

[2011.05.09 08:21:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lokasoft

[2009.12.17 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Macromedia

[2012.12.18 22:53:58 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Media Center Programs

[2012.12.07 20:51:07 | 000,000,000 | --SD | M] -- C:\Users\*****\AppData\Roaming\Microsoft

[2011.12.07 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan

[2012.12.03 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ShredderChess

[2012.11.27 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\VMware

 
 < %APPDATA%\*.exe /s >

[2009.12.17 20:13:23 | 000,010,134 | R--- | M] () -- C:\Users\*****\AppData\Roaming\Microsoft\Installer\{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}\ARPPRODUCTICON.exe

 
 < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >

 
 < %SYSTEMROOT%\System32\config\*.sav >

 
 < %SYSTEMROOT%\*. /mp /s >

 
 < %SYSTEMROOT%\system32\*.dll /lockedfiles >

 
 ========== Files - Unicode (All) ==========

[2012.09.15 09:35:02 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

[2012.09.15 09:35:02 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 757 bytes -> C:\Users\*****\Documents\Rechnung Januar.eml:OECustomProperty

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2270C8D2
 

< End of report >

Noch ein Scanergebnis von heute früh:

Code:

Malwarebytes Anti-Malware (Test) 1.65.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.12.20.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.10.9200.16438

Schüle :: I7 [Administrator]
 

Schutz: Aktiviert
 

20.12.2012 09:36:54

mbam-log-2012-12-20 (09-36-54).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 240067

Laufzeit: 6 Minute(n), 3 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Hallo,
ich habe noch ein file extras.txt auf dem Desktop gefunden. Ich poste das mal, falls es wichtig wäre. Kannst du bitte auch erklären, warum gestern die Datei dsg....pad gestern nicht gefunden wurde?
Gruß
Werner

Code:

OTL Extras logfile created on: 20.12.2012 09:08:56 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16438)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,99 Gb Total Physical Memory | 4,27 Gb Available Physical Memory | 71,35% Memory free

11,98 Gb Paging File | 10,02 Gb Available in Paging File | 83,67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 362,29 Gb Total Space | 260,00 Gb Free Space | 71,77% Space Free | Partition Type: NTFS

Drive D: | 449,12 Gb Total Space | 422,41 Gb Free Space | 94,05% Space Free | Partition Type: NTFS

Drive F: | 15,01 Gb Total Space | 1,27 Gb Free Space | 8,45% Space Free | Partition Type: FAT32

Drive G: | 120,00 Gb Total Space | 99,23 Gb Free Space | 82,69% Space Free | Partition Type: NTFS

 

Computer Name: I7 | User Name: ***** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Browse with &IrfanView] -- "C:\Users\*****\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Browse with &IrfanView] -- "C:\Users\*****\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0179F28E-2729-4056-A4BE-CC17CE464DE6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{01F1095D-E969-46C8-8B64-7A6C54BA7332}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{03B2CA9E-1B08-4997-B4E3-025508D8B77E}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{069017E8-07A4-463F-9631-18F78639470E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{116F1CC3-3A1C-4979-B94E-B85A6A509AB2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{161AAD4C-9D8B-4793-B510-0D76A561A6D6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{1D054408-C445-4867-8605-3C6764DBEB3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{1ED130FC-0302-433B-83C8-F9573C7E827D}" = rport=139 | protocol=6 | dir=out | app=system | 

"{34A86B82-6C29-4A01-A9F7-368C736F6F70}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{3DF5EE76-2B1D-4CE4-89CE-3DBBC0BEF4AB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{42159FA7-061A-430F-803C-AE1338962EBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{4AE6877D-9064-40A4-8781-379F17887E15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4AFDCD52-723E-44A4-9D6D-4284ECD1B583}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{535BF0F6-EC59-45D1-811C-726C15262432}" = lport=139 | protocol=6 | dir=in | app=system | 

"{6716FA2C-6D03-446C-893F-94104C93BA04}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{7496FFFD-303A-48FA-BE0C-F30F86F8806F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{74EA1916-89ED-45F5-A0A0-805E41E5C8BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{76449877-2AEB-428D-9808-475B1C49EEC4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{77026035-502C-4D03-9305-88B75EAE377F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{8A1351CB-6251-44BD-952C-F9B6954EAFCE}" = rport=445 | protocol=6 | dir=out | app=system | 

"{8F33392D-959A-43DC-A742-973ABF8CC1FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{924D41E6-5EBC-4975-B5C4-AF4E0D95751F}" = lport=137 | protocol=17 | dir=in | app=system | 

"{9D1858ED-F041-4F5F-A30F-1C89995242B0}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{A6F5A5C2-CAC9-489E-B2CE-EEA06E534FAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A9ABFD90-4600-4B27-83E9-28DC6D49DD59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{AA583E94-FB24-4240-B3EC-C4AE8F8C84C5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{AEA5B71D-1E89-40CA-8AA3-2E0611AFA3FD}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{BAEDE04F-6726-4E68-8CA7-8488CCDF584D}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C3173BD9-A1B9-467E-93C4-6086161EF982}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{CF5A64C9-760E-4210-AC17-E1DDAE4987EC}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D19FF783-BC65-43CF-A265-169285F50A9A}" = lport=138 | protocol=17 | dir=in | app=system | 

"{D418B153-5558-4EE8-8E36-787F6C7257DC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{D7EC82E0-6E16-462C-8BF4-BC7CEDEC4037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{DF05527C-78D6-4198-A22E-4963E5301E08}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E57136FA-504C-44CC-9422-75E09E370C09}" = rport=137 | protocol=17 | dir=out | app=system | 

"{EE83A702-6D2D-4EA4-873E-88C602A52FFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F8308444-BC62-4E42-B241-D1BD07659BE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{FE36AF96-B15C-47F9-A68E-64C3EDB2FB5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BF5093F-172F-4DFE-B330-60F5156DFED0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{10C17015-58F0-4DB2-BAFA-B7B2406C8035}" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 

"{110013D9-E91C-4BD7-9B40-326EAA471B5E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{14ADEBBC-6B71-412F-9E7B-EDE1C87DB672}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{3095AB67-436A-41A6-B036-11214CBB5F35}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{3A6BA35E-4445-4C5C-82A1-419A446B831D}" = dir=in | app=c:\users\*****\programme\vmware-authd.exe | 

"{3C68DD5C-8611-4D74-B2A3-3FAAEDC2A516}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4978FA4C-4C9A-434B-B7EE-D99475EDBC11}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{4CA7B2D4-A422-4E45-89BA-97275005BF62}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{51C6ABC8-AEA7-49F5-BDED-B52809CDA851}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5BEE3067-E315-4970-B797-3006555E174C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{63A3AE9E-2336-484D-B5B1-3C9A78F15A21}" = dir=in | app=c:\users\*****\programme\vmware-authd.exe | 

"{73963FA4-3147-4391-B256-E18845E965DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{74B03633-B88B-4C90-B2DF-E7126DC0AF14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{7511D1F9-31C7-4F33-9D4B-25B92D59EAD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{777981AA-B591-48A3-B3D6-BC921746C759}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{7E2E086C-AF85-4F7A-8B0D-C8EC35ECCB6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7E8051E0-8ED0-40A2-9A8B-E209CF00226A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{80E3149B-316B-4001-AA47-B2FDD49C85F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{843A4568-08A0-4867-AFA0-EE93A3C8F236}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{8E7D93FF-7558-4524-9393-D0B69804097B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{932A0554-B230-4975-8291-06CE4F712B12}" = protocol=6 | dir=out | app=system | 

"{A445137B-7964-4390-AC6B-9F70CDF9C83B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A8E71E65-75AD-4A09-A477-4D1FA66CD5FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{BDC8FD7D-D6E3-4354-915C-9926AA3CE200}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{E0076D6B-FD5A-4C5A-83B4-00547AE18566}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{E3834364-D982-4991-A24F-479C1FF9FC2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{F1BEED96-8016-4621-A535-4317C91D6319}" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 

"{F592D8C5-216A-4CBE-ACDE-E429669D58C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"TCP Query User{25A6184E-AA0E-4E46-9450-9E7F76AB735B}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 

"TCP Query User{91BA1A99-7B40-4D6E-AD40-AC96A773CDDA}D:\users\public\cstal2\chesstal.exe" = protocol=6 | dir=in | app=d:\users\public\cstal2\chesstal.exe | 

"TCP Query User{F2BBDFDE-0FE8-43C9-91CA-D91719F2A1D2}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe | 

"TCP Query User{FD434365-2F68-4DD5-AEF5-71B9E8326A83}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 

"UDP Query User{015F5D7F-9C45-4B90-9FC8-920C1EE53591}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 

"UDP Query User{1E4FDF82-5DA1-40A1-BE06-76C042938479}D:\users\public\cstal2\chesstal.exe" = protocol=17 | dir=in | app=d:\users\public\cstal2\chesstal.exe | 

"UDP Query User{36E55135-D5FD-4EE6-882B-F35F500E2DAD}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 

"UDP Query User{A2D42CA7-0AB7-4711-87F5-F38A49E41751}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{C76E78E4-118F-48B7-815A-7B46B34A2E6A}_is1" = Houdini Version 2.0

"{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager

"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FEBA7043-8935-4646-9EC4-0672C8B134CE}_is1" = Houdini 3 Pro

"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)

"Bitdefender" = Bitdefender Internet Security 2013

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater

"{0322F845-FC35-4735-98FC-A89A39A9A2CD}" = Deep Fritz 11

"{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English

"{0D381F4A-BB1D-4D86-A9CE-E0C61E5C3B0E}" = Deep Fritz 13

"{14B6295D-6D03-4635-A17F-76AB10C74EF0}_is1" = Deep Shredder 12 UCI

"{18E928DE-ABBA-4CEB-A9E4-205769B03FE8}" = Garmin BaseCamp

"{1A637513-CC46-4C3B-8114-1E4F1D71CF42}" = Fritz11

"{1C0A1883-3A46-4416-A225-99BFF203462A}" = Deep Fritz 12

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{2F34E931-7BEA-4BC6-8286-4197EC77EF34}" = Garmin TOPO Deutschland 2012 Pro

"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers

"{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12

"{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B5783F7-199B-4298-AC69-0FF3E4DB06B7}" = Shredder7

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0

"{85EB0F56-3DB3-42CC-9384-A665C5FC5D08}" = Fritz 13

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19

"{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common

"{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full

"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007

"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{93695498-4D9E-4D30-9EC4-8B4A8DEFB4F7}" = ChessBase Light 2007

"{971853BB-F530-442A-B780-F7E3A8EE13AD}" = Deep Fritz 12

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New

"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs

"{AABDD1F7-DA6B-4BA2-8F81-C7175A846E9C}" = ChessBase Light 2007

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9

"{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy

"{BAE05770-60EE-4D5D-B7EF-19143852EF18}" = ChessPartner 6.0.2

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C7DDC5E9-B191-4E1B-B1F1-A05066DEB23A}_is1" = Shredder Classic 4 ct 2011

"{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static

"{D0F246F5-90C7-446E-B8B3-EDF0D844DFB8}" = DeepJunior13.3

"{D4DA2F6E-54FB-487D-9007-4525819AD0B5}" = DeepJunior 11.1 UCI

"{D827E64C-47C5-4660-A41C-55C1306E22DA}_is1" = Shredder Classic 4 ct 2012

"{D872430A-15AF-4B40-A43E-B7D9D71F2380}" = Nimzo8

"{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation

"{E11A7A62-FBD9-4575-B874-B482DF213467}" = Fritz9

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{ED930E19-6843-41D6-90B5-22424F216CCA}" = DeepJunior13

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F694D244-C236-4988-8EAB-C3F9397250B2}" = DeepJunior12UCI

"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F9F63821-64B4-4BA9-A811-970C8F6DF016}" = Deep Fritz 11

"{FEDE4C8E-4C50-4B23-BC30-623D7C188D95}" = F13 EngineCloud Beta

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"aquasuite" = aquasuite

"Chess Tiger 2007" = Chess Tiger 2007

"CPCEMU_is1" = CPCEMU v1.7

"Deep Sjeng" = Deep Sjeng

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"Scid vs PC_is1" = Scid vs PC 4.8

"STANDARDR" = Microsoft Office Standard 2007

"Totalcmd" = Total Commander (Remove or Repair)

"VMware_Player" = VMware Player

"WinLiveSuite_Wave3" = Windows Live Essentials

"YTdetect" = Yahoo! Detect

"Zattoo4" = Zattoo4 4.0.5

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 18.12.2012 17:49:54 | Computer Name = I7 | Source = System Restore | ID = 8210

Description = 

 

Error - 18.12.2012 19:42:28 | Computer Name = I7 | Source = Windows Search Service | ID = 7040

Description = 

 

Error - 18.12.2012 19:42:28 | Computer Name = I7 | Source = Windows Search Service | ID = 7042

Description = 

 

Error - 18.12.2012 21:29:10 | Computer Name = I7 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: mbamservice.exe, Version: 1.65.0.0,

 Zeitstempel: 0x506784f8  Name des fehlerhaften Moduls: mbamservice.exe, Version: 

1.65.0.0, Zeitstempel: 0x506784f8  Ausnahmecode: 0x40000015  Fehleroffset: 0x0005e63e

ID

 des fehlerhaften Prozesses: 0xa4c  Startzeit der fehlerhaften Anwendung: 0x01cddd6b98e4d399

Pfad

 der fehlerhaften Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

Pfad

 des fehlerhaften Moduls: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

Berichtskennung:

 7ce5c89a-497b-11e2-a1b2-005056c00008

 

Error - 19.12.2012 11:25:48 | Computer Name = I7 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,

 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:

 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e

ID

 des fehlerhaften Prozesses: 0x1238  Startzeit der fehlerhaften Anwendung: 0x01cdddfc6e33a840

Pfad

 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Pfad

 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Berichtskennung:

 5cb65b93-49f0-11e2-9869-005056c00008

 

Error - 19.12.2012 11:39:31 | Computer Name = I7 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,

 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:

 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e

ID

 des fehlerhaften Prozesses: 0x14e8  Startzeit der fehlerhaften Anwendung: 0x01cdddfe76c2148b

Pfad

 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Pfad

 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Berichtskennung:

 47aeac10-49f2-11e2-9869-005056c00008

 

Error - 19.12.2012 11:40:35 | Computer Name = I7 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,

 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:

 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e

ID

 des fehlerhaften Prozesses: 0x1370  Startzeit der fehlerhaften Anwendung: 0x01cdddff0e491a2d

Pfad

 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Pfad

 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Berichtskennung:

 6d7c1e28-49f2-11e2-9869-005056c00008

 

Error - 19.12.2012 11:44:37 | Computer Name = I7 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,

 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:

 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e

ID

 des fehlerhaften Prozesses: 0xf70  Startzeit der fehlerhaften Anwendung: 0x01cdddff9f931368

Pfad

 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Pfad

 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Berichtskennung:

 fe20cedb-49f2-11e2-9869-005056c00008

 

Error - 19.12.2012 12:00:50 | Computer Name = I7 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,

 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:

 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e

ID

 des fehlerhaften Prozesses: 0x1144  Startzeit der fehlerhaften Anwendung: 0x01cdde0149499e4b

Pfad

 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Pfad

 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Berichtskennung:

 41b92e56-49f5-11e2-9869-005056c00008

 

Error - 19.12.2012 12:29:35 | Computer Name = I7 | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Chiron-1.5-64bit.exe, Version: 1.5.0.0,

 Zeitstempel: 0x50924d16  Name des fehlerhaften Moduls: Chiron-1.5-64bit.exe, Version:

 1.5.0.0, Zeitstempel: 0x50924d16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000063d8e

ID

 des fehlerhaften Prozesses: 0x113c  Startzeit der fehlerhaften Anwendung: 0x01cdde05e3ac9129

Pfad

 der fehlerhaften Anwendung: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Pfad

 des fehlerhaften Moduls: C:\Users\*****\Arena\Engines\Chiron\1.5\Chiron-1.5-64bit.exe

Berichtskennung:

 4638f1f5-49f9-11e2-9869-005056c00008

 

[ OSession Events ]

Error - 21.12.2009 07:02:09 | Computer Name = I7 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1254

 seconds with 840 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 20.12.2012 03:52:57 | Computer Name = I7 | Source = DCOM | ID = 10010

Description = 

 

Error - 20.12.2012 03:53:00 | Computer Name = I7 | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Schedule erreicht.

 

Error - 20.12.2012 03:53:30 | Computer Name = I7 | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

Error - 20.12.2012 03:54:00 | Computer Name = I7 | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 20.12.2012 03:54:30 | Computer Name = I7 | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst IPBusEnum erreicht.

 

Error - 20.12.2012 03:55:00 | Computer Name = I7 | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst SENS erreicht.

 

Error - 20.12.2012 03:55:30 | Computer Name = I7 | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Wlansvc erreicht.

 

Error - 20.12.2012 03:56:00 | Computer Name = I7 | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst Netman erreicht.

 

Error - 20.12.2012 03:58:50 | Computer Name = I7 | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?20.?12.?2012 um 08:55:30 unerwartet heruntergefahren.

 

Error - 20.12.2012 04:00:18 | Computer Name = I7 | Source = DCOM | ID = 10016

Description = 

 

 

< End of report >

Hallo Cosinus,
nachdem in dem extras.txt was von offenem IE stand habe ich den otl scan wiederholt:

Code:

OTL logfile created on: 20.12.2012 12:16:39 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16438)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,99 Gb Total Physical Memory | 4,42 Gb Available Physical Memory | 73,76% Memory free

11,98 Gb Paging File | 9,98 Gb Available in Paging File | 83,26% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 362,29 Gb Total Space | 259,76 Gb Free Space | 71,70% Space Free | Partition Type: NTFS

Drive D: | 449,12 Gb Total Space | 422,41 Gb Free Space | 94,05% Space Free | Partition Type: NTFS

Drive F: | 15,01 Gb Total Space | 1,27 Gb Free Space | 8,45% Space Free | Partition Type: FAT32

Drive G: | 120,00 Gb Total Space | 99,23 Gb Free Space | 82,69% Space Free | Partition Type: NTFS

 

Computer Name: I7 | User Name: ****** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - File not found -- 

PRC - [2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe

PRC - [2012.11.01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012.11.01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012.11.01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Users\******\Programme\vmware-authd.exe

PRC - [2012.10.25 23:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Users\******\Programme\PDF24\pdf24.exe

PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2008.09.19 09:22:02 | 000,241,152 | ---- | M] (Aqua Computer) -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2012.12.19 12:31:48 | 001,644,816 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)

SRV:64bit: - [2012.12.19 12:31:44 | 000,068,416 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)

SRV:64bit: - [2009.11.25 04:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012.12.19 12:31:54 | 000,068,440 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)

SRV - [2012.12.11 21:08:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.11.01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012.11.01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012.11.01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Users\******\Programme\vmware-authd.exe -- (VMAuthdService)

SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.09.19 09:22:02 | 000,241,152 | ---- | M] (Aqua Computer) [Auto | Running] -- C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe -- (SetClockService)

SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)

DRV:64bit: - [2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)

DRV:64bit: - [2012.11.01 02:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012.11.01 02:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012.11.01 02:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012.11.01 02:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012.11.01 02:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2012.10.31 20:58:08 | 000,587,024 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)

DRV:64bit: - [2012.10.31 20:58:01 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)

DRV:64bit: - [2012.10.31 20:57:27 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)

DRV:64bit: - [2012.10.24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2012.10.24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2012.10.11 17:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.08.29 17:24:10 | 000,145,696 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)

DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.09.21 09:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.03.12 17:21:52 | 000,097,280 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)

DRV:64bit: - [2009.11.25 04:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV - [2012.07.06 14:21:55 | 000,093,160 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)

DRV - [2011.11.14 19:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 EA 53 30 4B 7F CA 01  [binary data]

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes,DefaultScope = {CB235525-13FB-4E1D-9B76-D2C5072DED04}

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\..\SearchScopes\{CB235525-13FB-4E1D-9B76-D2C5072DED04}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-3655496246-1840986789-653387279-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\******\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\******\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2012.10.23 18:31:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012.10.23 18:31:15 | 000,000,000 | ---D | M]

 

[2012.12.10 23:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com/

CHR - default_search_provider: Search the web (Babylon) (Enabled)

CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&babsrc=SP_ss&mntrId=00e106b8000000000000060fb5237758

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll

CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Sch\u00FCle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Users\******\Programme\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562912A8-2BCE-4110-9163-09C0D5DD71F9}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1739EC1-A2A2-4BDB-9B03-8C4A792A4B85}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.20 09:02:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe

[2012.12.18 22:53:58 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes

[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.12.18 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.18 22:53:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.12.18 22:53:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2012.12.10 23:06:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2012.12.10 23:06:32 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\VisualBeeExe

[2012.12.10 23:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.12.10 23:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee

[2012.12.07 20:49:11 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile

[2012.12.06 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications

[2012.12.03 11:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shredder Classic 4 ct 2012

[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics

[2012.11.29 17:07:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics

[2012.11.29 17:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations

[2012.11.29 17:05:31 | 000,000,000 | ---D | C] -- C:\Users\******\Hama

[2012.11.28 09:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.11.28 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.11.27 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Virtual Machines

[2012.11.27 14:13:53 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\VMware

[2012.11.27 14:13:39 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\VMware

[2012.11.27 14:13:23 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll

[2012.11.27 14:13:23 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll

[2012.11.27 14:13:22 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys

[2012.11.27 14:13:18 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys

[2012.11.27 14:13:18 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys

[2012.11.27 14:12:48 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe

[2012.11.27 14:12:44 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe

[2012.11.27 14:12:43 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys

[2012.11.27 14:12:39 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll

[2012.11.27 14:12:36 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys

[2012.11.27 14:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware

[2012.11.27 14:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware

[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware

[2012.11.27 14:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware

[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Canneverbe Limited

[2012.11.26 11:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited

[2012.11.26 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP

[2012.11.26 10:54:31 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT

[2012.11.26 08:59:12 | 000,000,000 | RH-D | C] -- C:\ESD

[2012.11.25 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery

[2012.11.21 16:38:27 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\Windows 8-Upgrade-Assistent-Dateien

[1 C:\Users\******\Documents\*.tmp files -> C:\Users\******\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.20 11:58:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655496246-1840986789-653387279-1000UA.job

[2012.12.20 11:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.12.20 10:42:03 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.20 10:42:03 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.20 10:32:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.20 10:32:51 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.20 09:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe

[2012.12.19 18:58:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655496246-1840986789-653387279-1000Core.job

[2012.12.19 13:37:00 | 000,010,465 | ---- | M] () -- C:\Users\******\Documents\1355915070_1_02.xml

[2012.12.19 12:31:04 | 000,261,056 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys

[2012.12.19 08:41:21 | 000,547,175 | ---- | M] () -- C:\Users\******\Desktop\adwcleaner.exe

[2012.12.18 22:53:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.17 10:58:15 | 000,017,408 | ---- | M] () -- C:\Users\******\AppData\Local\WebpageIcons.db

[2012.12.16 10:16:56 | 000,075,057 | ---- | M] () -- C:\Users\Public\Documents\computer.ssp

[2012.12.14 18:16:40 | 001,507,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.14 18:16:40 | 000,656,872 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.14 18:16:40 | 000,618,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.14 18:16:40 | 000,131,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.14 18:16:40 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.13 22:20:06 | 000,000,497 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml

[2012.12.13 17:18:55 | 000,002,482 | ---- | M] () -- C:\Users\******\Desktop\Google Chrome.lnk

[2012.12.12 12:26:06 | 000,007,607 | ---- | M] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg

[2012.12.12 08:50:28 | 000,313,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.12.10 22:58:14 | 003,121,706 | ---- | M] () -- C:\Users\******\Documents\0185 - Falco - Rock me Amadeus.mp3

[2012.12.09 10:13:29 | 000,139,149 | ---- | M] () -- C:\Users\******\Documents\gow.jpg

[2012.12.07 20:51:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf

[2012.12.06 16:52:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.12.06 09:00:17 | 001,185,142 | ---- | M] () -- C:\Users\******\Documents\Nokia_Lumia_820_UG_de.pdf

[2012.12.05 11:59:27 | 000,773,086 | ---- | M] () -- C:\Users\******\Documents\Schule03.jpg

[2012.12.03 11:49:37 | 000,001,085 | ---- | M] () -- C:\Users\******\Desktop\Shredder Classic 4 ct 2012.lnk

[2012.11.30 17:26:14 | 000,367,413 | ---- | M] () -- C:\Users\******\Documents\Schule02.jpg

[2012.11.30 17:23:17 | 000,393,693 | ---- | M] () -- C:\Users\******\Documents\Schule01.jpg

[2012.11.29 22:55:52 | 000,350,160 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys

[2012.11.27 14:12:12 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.27 14:12:12 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk

[2012.11.26 11:22:54 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2012.11.26 10:54:20 | 000,001,393 | ---- | M] () -- C:\Users\******\Desktop\Windows installieren.lnk

[2012.11.25 17:57:01 | 000,000,178 | ---- | M] () -- C:\Users\******\Desktop\Buy RAR Password Recovery Now!.url

[2012.11.21 16:38:27 | 000,024,478 | ---- | M] () -- C:\Users\******\Documents\Windows 8-Upgrade-Assistent.html

[1 C:\Users\******\Documents\*.tmp files -> C:\Users\******\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.12.19 13:37:38 | 000,010,465 | ---- | C] () -- C:\Users\******\Documents\1355915070_1_02.xml

[2012.12.19 08:41:19 | 000,547,175 | ---- | C] () -- C:\Users\******\Desktop\adwcleaner.exe

[2012.12.18 22:53:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.10 23:10:52 | 003,121,706 | ---- | C] () -- C:\Users\******\Documents\0185 - Falco - Rock me Amadeus.mp3

[2012.12.07 20:51:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf

[2012.12.07 20:49:34 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk

[2012.12.06 16:52:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2012.12.06 09:00:17 | 001,185,142 | ---- | C] () -- C:\Users\******\Documents\Nokia_Lumia_820_UG_de.pdf

[2012.12.05 11:59:27 | 000,773,086 | ---- | C] () -- C:\Users\******\Documents\Schule03.jpg

[2012.12.03 11:49:37 | 000,001,085 | ---- | C] () -- C:\Users\******\Desktop\Shredder Classic 4 ct 2012.lnk

[2012.11.30 17:26:13 | 000,367,413 | ---- | C] () -- C:\Users\******\Documents\Schule02.jpg

[2012.11.30 17:23:17 | 000,393,693 | ---- | C] () -- C:\Users\******\Documents\Schule01.jpg

[2012.11.27 14:12:12 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.27 14:12:12 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk

[2012.11.26 11:22:54 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk

[2012.11.26 11:22:54 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

[2012.11.26 10:47:51 | 000,001,393 | ---- | C] () -- C:\Users\******\Desktop\Windows installieren.lnk

[2012.11.25 17:57:01 | 000,000,178 | ---- | C] () -- C:\Users\******\Desktop\Buy RAR Password Recovery Now!.url

[2012.11.21 16:38:26 | 000,024,478 | ---- | C] () -- C:\Users\******\Documents\Windows 8-Upgrade-Assistent.html

[2012.10.23 18:32:34 | 000,372,193 | ---- | C] () -- C:\ProgramData\1351013324.bdinstall.bin

[2012.09.15 09:54:15 | 000,850,964 | ---- | C] () -- C:\ProgramData\1347698460.bdinstall.bin

[2011.12.07 11:49:51 | 000,619,208 | ---- | C] () -- C:\ProgramData\bdinstall.bin

[2011.11.13 11:55:37 | 000,017,408 | ---- | C] () -- C:\Users\******\AppData\Local\WebpageIcons.db

[2011.09.08 23:00:41 | 000,000,030 | ---- | C] () -- C:\Windows\CHSSBASE.INI

[2011.09.08 22:53:42 | 000,007,676 | ---- | C] () -- C:\Windows\ENGINEEXT.INI

[2009.12.21 11:45:42 | 000,021,872 | ---- | C] () -- C:\Users\******\AppData\Roaming\Kommagetrennte Werte (Windows).ADR

[2009.12.21 10:39:44 | 000,002,126 | ---- | C] () -- C:\Users\******\classic.css

[2009.12.17 21:28:31 | 000,007,607 | ---- | C] () -- C:\Users\******\AppData\Local\Resmon.ResmonCfg

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.12.18 19:43:42 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\Bitdefender

[2011.09.30 20:34:25 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\ChessBase

[2011.10.02 23:03:50 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\GHISLER

[2012.10.04 08:05:34 | 000,000,000 | ---D | M] -- C:\Users\Internet\AppData\Roaming\ShredderChess

[2012.10.23 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Bitdefender

[2012.11.26 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canneverbe Limited

[2012.10.05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\CCS64

[2012.10.22 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ChessBase

[2012.09.19 08:41:38 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Garmin

[2012.12.18 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GHISLER

[2010.12.26 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\HIARCS Chess

[2011.05.09 08:21:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Lokasoft

[2011.12.07 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\QuickScan

[2012.12.03 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ShredderChess

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2010.02.25 23:34:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2012.11.26 10:55:01 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT

[2009.12.17 20:12:21 | 000,000,000 | ---D | M] -- C:\ATI

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.12.17 19:33:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2012.11.26 08:59:12 | 000,000,000 | RH-D | M] -- C:\ESD

[2012.01.22 11:37:13 | 000,000,000 | ---D | M] -- C:\gtb

[2009.12.19 22:17:47 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2012.11.26 22:37:10 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.12.18 22:46:54 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.12.18 22:53:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012.12.20 09:58:37 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.12.17 19:33:38 | 000,000,000 | -HSD | M] -- C:\Programme

[2009.12.17 19:33:39 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012.12.20 12:18:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.03.12 17:09:34 | 000,000,000 | ---D | M] -- C:\Tbs

[2012.11.25 18:36:59 | 000,000,000 | R--D | M] -- C:\Users

[2012.12.18 22:48:46 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.06.09 16:00:03 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Adobe

[2009.12.17 20:15:04 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ATI

[2012.10.23 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Bitdefender

[2012.11.26 11:23:07 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Canneverbe Limited

[2012.10.05 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\CCS64

[2012.10.22 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ChessBase

[2012.09.19 08:41:38 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Garmin

[2012.12.18 22:46:50 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\GHISLER

[2012.10.08 17:45:53 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Help

[2010.12.26 08:54:40 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\HIARCS Chess

[2009.12.17 19:34:00 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Identities

[2011.05.09 08:21:55 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Lokasoft

[2009.12.17 20:00:47 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Macromedia

[2012.12.18 22:53:58 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Media Center Programs

[2012.12.07 20:51:07 | 000,000,000 | --SD | M] -- C:\Users\******\AppData\Roaming\Microsoft

[2011.12.07 11:50:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\QuickScan

[2012.12.03 11:49:43 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ShredderChess

[2012.12.20 11:54:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\VMware

 
 < %APPDATA%\*.exe /s >

[2009.12.17 20:13:23 | 000,010,134 | R--- | M] () -- C:\Users\******\AppData\Roaming\Microsoft\Installer\{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}\ARPPRODUCTICON.exe

 
 < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >

 
 < %SYSTEMROOT%\System32\config\*.sav >

 
 < %SYSTEMROOT%\*. /mp /s >

 
 < %SYSTEMROOT%\system32\*.dll /lockedfiles >

 
 ========== Files - Unicode (All) ==========

[2012.09.15 09:35:02 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

[2012.09.15 09:35:02 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 757 bytes -> C:\Users\******\Documents\Rechnung Januar.eml:OECustomProperty

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2270C8D2
 

< End of report >

Warum machst du alle Logs unter Win8?! Du hast den Dreck doch unter Win7 eingefangen?! :confused:

Hallo,
ich habe ganz sicher Windows 7 gestartet, weil ich auf W8 ja nichts gefangen habe. Das ist ein Dual Boot system.
Werner

Zitat:

Zitat von cosinus (Beitrag 975447)

Warum machst du alle Logs unter Win8?! Du hast den Dreck doch unter Win7 eingefangen?! :confused:

..allerdings arbeite ich mit dem IE10, den es auch für Windows 7 gibt.
Ich bin jetzt 2h weg.
Gruß
Werner

Hm hast Recht, ich hab die Versionsnummer durcheinander bekommen :stirn:

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

So, es geht weiter - sieht nach rootkit aus :-(
Werner

Code:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software

Run date: 2012-12-20 18:51:21

-----------------------------

18:51:21.029    OS Version: Windows x64 6.1.7601 Service Pack 1

18:51:21.029    Number of processors: 4 586 0x1A05

18:51:21.029    ComputerName: I7  UserName: 

18:51:21.869    Initialize success

18:55:12.478    AVAST engine defs: 12122000

18:55:24.728    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

18:55:24.728    Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01106 Size: 953869MB BusType: 3

18:55:24.728    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1

18:55:24.728    Disk 1 Vendor: USB_eSATA_Flash_SSD 090508S Size: 15392MB BusType: 3

18:55:24.748    Disk 0 MBR read successfully

18:55:24.758    Disk 0 MBR scan

18:55:24.838    Disk 0 Windows 7 default MBR code

18:55:24.858    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

18:55:24.868    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       459900 MB offset 206848

18:55:24.908    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       370987 MB offset 942082048

18:55:24.908    Disk 0 Partition - 00     0F Extended LBA            122880 MB offset 1701863424

18:55:24.968    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       122879 MB offset 1701865472

18:55:25.018    Disk 0 scanning C:\Windows\system32\drivers

18:55:33.968    Service scanning

18:55:36.468    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5

18:55:36.508    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5

18:55:50.198    Modules scanning

18:55:50.198    Disk 0 trace - called modules:

18:55:50.238    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

18:55:50.238    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065cb060]

18:55:50.248    3 CLASSPNP.SYS[fffff88001b6a43f] -> nt!IofCallDriver -> [0xfffffa8006306580]

18:55:50.248    5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800630e060]

18:55:51.188    AVAST engine scan C:\Windows

18:55:52.988    AVAST engine scan C:\Windows\system32

18:58:12.439    AVAST engine scan C:\Windows\system32\drivers

18:58:22.659    AVAST engine scan C:\Users\Schüle

19:43:56.614    AVAST engine scan C:\ProgramData

19:45:16.721    Scan finished successfully

19:47:18.338    Disk 0 MBR has been saved successfully to "C:\Users\Schüle\Desktop\MBR.dat"

19:47:18.401    The log file has been saved successfully to "C:\Users\Schüle\Desktop\aswMBR.txt"

Code:

19:47:50.0439 2860  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

19:47:50.0736 2860  ============================================================

19:47:50.0736 2860  Current date / time: 2012/12/20 19:47:50.0736

19:47:50.0736 2860  SystemInfo:

19:47:50.0736 2860  

19:47:50.0736 2860  OS Version: 6.1.7601 ServicePack: 1.0

19:47:50.0736 2860  Product type: Workstation

19:47:50.0736 2860  ComputerName: I7

19:47:50.0736 2860  UserName: Schüle

19:47:50.0736 2860  Windows directory: C:\Windows

19:47:50.0736 2860  System windows directory: C:\Windows

19:47:50.0736 2860  Running under WOW64

19:47:50.0736 2860  Processor architecture: Intel x64

19:47:50.0736 2860  Number of processors: 4

19:47:50.0736 2860  Page size: 0x1000

19:47:50.0736 2860  Boot type: Normal boot

19:47:50.0736 2860  ============================================================

19:47:51.0859 2860  Drive \Device\Harddisk1\DR1 - Size: 0x3C2000000 (15.03 Gb), SectorSize: 0x200, Cylinders: 0x7AA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:47:51.0859 2860  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:47:51.0984 2860  ============================================================

19:47:51.0984 2860  \Device\Harddisk1\DR1:

19:47:51.0984 2860  MBR partitions:

19:47:51.0984 2860  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1E0E800

19:47:51.0984 2860  \Device\Harddisk0\DR0:

19:47:51.0984 2860  MBR partitions:

19:47:51.0984 2860  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:47:51.0984 2860  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3823E000

19:47:51.0984 2860  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38270800, BlocksNum 0x2D495800

19:47:51.0999 2860  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x65706800, BlocksNum 0xEFFF800

19:47:51.0999 2860  ============================================================

19:47:52.0046 2860  C: <-> \Device\Harddisk0\DR0\Partition3

19:47:52.0077 2860  D: <-> \Device\Harddisk0\DR0\Partition2

19:47:52.0124 2860  G: <-> \Device\Harddisk0\DR0\Partition4

19:47:52.0124 2860  F: <-> \Device\Harddisk1\DR1\Partition1

19:47:52.0124 2860  ============================================================

19:47:52.0124 2860  Initialize success

19:47:52.0124 2860  ============================================================

19:48:27.0177 5020  ============================================================

19:48:27.0177 5020  Scan started

19:48:27.0177 5020  Mode: Manual; SigCheck; TDLFS; 

19:48:27.0177 5020  ============================================================

19:48:28.0098 5020  ================ Scan system memory ========================

19:48:28.0098 5020  System memory - ok

19:48:28.0098 5020  ================ Scan services =============================

19:48:28.0222 5020  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

19:48:28.0347 5020  1394ohci - ok

19:48:28.0378 5020  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

19:48:28.0410 5020  ACPI - ok

19:48:28.0425 5020  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

19:48:28.0488 5020  AcpiPmi - ok

19:48:28.0597 5020  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:48:28.0628 5020  AdobeARMservice - ok

19:48:28.0737 5020  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:48:28.0784 5020  AdobeFlashPlayerUpdateSvc - ok

19:48:28.0815 5020  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

19:48:28.0831 5020  adp94xx - ok

19:48:28.0862 5020  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

19:48:28.0878 5020  adpahci - ok

19:48:28.0878 5020  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

19:48:28.0893 5020  adpu320 - ok

19:48:28.0909 5020  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

19:48:29.0018 5020  AeLookupSvc - ok

19:48:29.0065 5020  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys

19:48:29.0112 5020  AFD - ok

19:48:29.0127 5020  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys

19:48:29.0143 5020  agp440 - ok

19:48:29.0158 5020  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe

19:48:29.0205 5020  ALG - ok

19:48:29.0221 5020  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys

19:48:29.0236 5020  aliide - ok

19:48:29.0268 5020  [ 1D317EA326423FF7630CF1DA3BD46A1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

19:48:29.0330 5020  AMD External Events Utility - ok

19:48:29.0330 5020  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys

19:48:29.0346 5020  amdide - ok

19:48:29.0361 5020  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

19:48:29.0408 5020  AmdK8 - ok

19:48:29.0424 5020  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

19:48:29.0455 5020  AmdPPM - ok

19:48:29.0470 5020  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

19:48:29.0486 5020  amdsata - ok

19:48:29.0502 5020  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

19:48:29.0517 5020  amdsbs - ok

19:48:29.0533 5020  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

19:48:29.0564 5020  amdxata - ok

19:48:29.0580 5020  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys

19:48:29.0673 5020  AppID - ok

19:48:29.0689 5020  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

19:48:29.0751 5020  AppIDSvc - ok

19:48:29.0782 5020  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll

19:48:29.0814 5020  Appinfo - ok

19:48:29.0829 5020  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys

19:48:29.0845 5020  arc - ok

19:48:29.0860 5020  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

19:48:29.0876 5020  arcsas - ok

19:48:29.0892 5020  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

19:48:29.0938 5020  AsyncMac - ok

19:48:29.0970 5020  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys

19:48:29.0985 5020  atapi - ok

19:48:30.0063 5020  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys

19:48:30.0141 5020  athr - ok

19:48:30.0297 5020  [ 19B5C61CB09BFF2BD69E063EE54B56C3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys

19:48:30.0391 5020  atikmdag - ok

19:48:30.0438 5020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

19:48:30.0500 5020  AudioEndpointBuilder - ok

19:48:30.0516 5020  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

19:48:30.0547 5020  AudioSrv - ok

19:48:30.0594 5020  [ E7433C0C2505D8DEE6CA2A446C355595 ] avc3            C:\Windows\system32\DRIVERS\avc3.sys

19:48:30.0672 5020  avc3 - ok

19:48:30.0718 5020  [ 3B9549FEF98AB1768A1D6A919F355B70 ] avchv           C:\Windows\system32\DRIVERS\avchv.sys

19:48:30.0734 5020  avchv - ok

19:48:30.0781 5020  [ 3CA0BD46B2FC65393A9B1DCAF6E2F7E7 ] avckf           C:\Windows\system32\DRIVERS\avckf.sys

19:48:30.0796 5020  avckf - ok

19:48:30.0843 5020  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll

19:48:30.0906 5020  AxInstSV - ok

19:48:30.0937 5020  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys

19:48:30.0984 5020  b06bdrv - ok

19:48:30.0999 5020  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

19:48:31.0046 5020  b57nd60a - ok

19:48:31.0124 5020  [ EB274492865DD388FCA5BD9B0FB508EA ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe

19:48:31.0140 5020  BdDesktopParental - ok

19:48:31.0155 5020  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll

19:48:31.0186 5020  BDESVC - ok

19:48:31.0264 5020  [ 9920B815BC3B3F2D69071842DD18D422 ] BdfNdisf        c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys

19:48:31.0280 5020  BdfNdisf - ok

19:48:31.0296 5020  [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys

19:48:31.0327 5020  bdfwfpf - ok

19:48:31.0342 5020  [ F4683F14A40B05438A8B6E3B4EE765AC ] BDSandBox       C:\Windows\system32\drivers\bdsandbox.sys

19:48:31.0358 5020  BDSandBox - ok

19:48:31.0389 5020  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys

19:48:31.0452 5020  Beep - ok

19:48:31.0514 5020  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll

19:48:31.0576 5020  BFE - ok

19:48:31.0623 5020  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll

19:48:31.0686 5020  BITS - ok

19:48:31.0717 5020  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

19:48:31.0748 5020  blbdrive - ok

19:48:31.0795 5020  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

19:48:31.0826 5020  bowser - ok

19:48:31.0826 5020  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:48:31.0888 5020  BrFiltLo - ok

19:48:31.0888 5020  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:48:31.0920 5020  BrFiltUp - ok

19:48:31.0935 5020  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll

19:48:31.0966 5020  Browser - ok

19:48:31.0982 5020  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

19:48:32.0029 5020  Brserid - ok

19:48:32.0044 5020  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

19:48:32.0060 5020  BrSerWdm - ok

19:48:32.0091 5020  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

19:48:32.0122 5020  BrUsbMdm - ok

19:48:32.0138 5020  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

19:48:32.0154 5020  BrUsbSer - ok

19:48:32.0169 5020  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

19:48:32.0200 5020  BTHMODEM - ok

19:48:32.0232 5020  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll

19:48:32.0278 5020  bthserv - ok

19:48:32.0294 5020  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

19:48:32.0325 5020  cdfs - ok

19:48:32.0356 5020  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys

19:48:32.0372 5020  cdrom - ok

19:48:32.0403 5020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll

19:48:32.0450 5020  CertPropSvc - ok

19:48:32.0481 5020  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

19:48:32.0497 5020  circlass - ok

19:48:32.0512 5020  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys

19:48:32.0528 5020  CLFS - ok

19:48:32.0575 5020  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:48:32.0590 5020  clr_optimization_v2.0.50727_32 - ok

19:48:32.0637 5020  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:48:32.0653 5020  clr_optimization_v2.0.50727_64 - ok

19:48:32.0715 5020  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:48:32.0731 5020  clr_optimization_v4.0.30319_32 - ok

19:48:32.0762 5020  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:48:32.0778 5020  clr_optimization_v4.0.30319_64 - ok

19:48:32.0793 5020  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

19:48:32.0824 5020  CmBatt - ok

19:48:32.0840 5020  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys

19:48:32.0856 5020  cmdide - ok

19:48:32.0902 5020  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys

19:48:32.0949 5020  CNG - ok

19:48:32.0949 5020  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

19:48:32.0965 5020  Compbatt - ok

19:48:32.0996 5020  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

19:48:33.0012 5020  CompositeBus - ok

19:48:33.0012 5020  COMSysApp - ok

19:48:33.0058 5020  [ C08063F052308B6F5882482615387F30 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys

19:48:33.0074 5020  cpuz135 - ok

19:48:33.0090 5020  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

19:48:33.0105 5020  crcdisk - ok

19:48:33.0168 5020  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll

19:48:33.0214 5020  CryptSvc - ok

19:48:33.0261 5020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll

19:48:33.0324 5020  DcomLaunch - ok

19:48:33.0339 5020  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll

19:48:33.0386 5020  defragsvc - ok

19:48:33.0402 5020  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

19:48:33.0448 5020  DfsC - ok

19:48:33.0464 5020  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll

19:48:33.0495 5020  Dhcp - ok

19:48:33.0511 5020  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys

19:48:33.0542 5020  discache - ok

19:48:33.0573 5020  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys

19:48:33.0589 5020  Disk - ok

19:48:33.0620 5020  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

19:48:33.0667 5020  Dnscache - ok

19:48:33.0698 5020  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll

19:48:33.0745 5020  dot3svc - ok

19:48:33.0760 5020  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll

19:48:33.0807 5020  DPS - ok

19:48:33.0838 5020  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

19:48:33.0854 5020  drmkaud - ok

19:48:33.0885 5020  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

19:48:33.0916 5020  DXGKrnl - ok

19:48:33.0948 5020  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll

19:48:33.0979 5020  EapHost - ok

19:48:34.0041 5020  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys

19:48:34.0104 5020  ebdrv - ok

19:48:34.0150 5020  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe

19:48:34.0197 5020  EFS - ok

19:48:34.0244 5020  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

19:48:34.0306 5020  ehRecvr - ok

19:48:34.0322 5020  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe

19:48:34.0369 5020  ehSched - ok

19:48:34.0400 5020  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

19:48:34.0431 5020  elxstor - ok

19:48:34.0431 5020  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys

19:48:34.0447 5020  ErrDev - ok

19:48:34.0494 5020  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll

19:48:34.0525 5020  EventSystem - ok

19:48:34.0556 5020  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys

19:48:34.0587 5020  exfat - ok

19:48:34.0603 5020  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys

19:48:34.0634 5020  fastfat - ok

19:48:34.0681 5020  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe

19:48:34.0728 5020  Fax - ok

19:48:34.0759 5020  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

19:48:34.0790 5020  fdc - ok

19:48:34.0790 5020  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll

19:48:34.0852 5020  fdPHost - ok

19:48:34.0868 5020  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll

19:48:34.0899 5020  FDResPub - ok

19:48:34.0930 5020  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

19:48:34.0946 5020  FileInfo - ok

19:48:34.0946 5020  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

19:48:35.0008 5020  Filetrace - ok

19:48:35.0024 5020  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

19:48:35.0040 5020  flpydisk - ok

19:48:35.0055 5020  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

19:48:35.0071 5020  FltMgr - ok

19:48:35.0118 5020  [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache       C:\Windows\system32\FntCache.dll

19:48:35.0180 5020  FontCache - ok

19:48:35.0227 5020  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:48:35.0242 5020  FontCache3.0.0.0 - ok

19:48:35.0258 5020  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

19:48:35.0274 5020  FsDepends - ok

19:48:35.0289 5020  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

19:48:35.0305 5020  Fs_Rec - ok

19:48:35.0336 5020  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

19:48:35.0352 5020  fvevol - ok

19:48:35.0383 5020  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

19:48:35.0398 5020  gagp30kx - ok

19:48:35.0430 5020  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll

19:48:35.0476 5020  gpsvc - ok

19:48:35.0523 5020  [ BF2763FEA9704B1D9AA2C7719423251A ] gzflt           C:\Windows\system32\DRIVERS\gzflt.sys

19:48:35.0539 5020  gzflt - ok

19:48:35.0570 5020  [ 3CC07DAD48FA53193AE2F85DD8200B5E ] hcmon           C:\Windows\system32\drivers\hcmon.sys

19:48:35.0586 5020  hcmon - ok

19:48:35.0601 5020  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

19:48:35.0648 5020  hcw85cir - ok

19:48:35.0679 5020  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

19:48:35.0695 5020  HdAudAddService - ok

19:48:35.0726 5020  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

19:48:35.0742 5020  HDAudBus - ok

19:48:35.0757 5020  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

19:48:35.0773 5020  HidBatt - ok

19:48:35.0788 5020  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

19:48:35.0804 5020  HidBth - ok

19:48:35.0820 5020  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

19:48:35.0851 5020  HidIr - ok

19:48:35.0866 5020  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll

19:48:35.0929 5020  hidserv - ok

19:48:35.0960 5020  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

19:48:35.0976 5020  HidUsb - ok

19:48:36.0007 5020  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll

19:48:36.0085 5020  hkmsvc - ok

19:48:36.0100 5020  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

19:48:36.0132 5020  HomeGroupListener - ok

19:48:36.0163 5020  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

19:48:36.0178 5020  HomeGroupProvider - ok

19:48:36.0194 5020  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

19:48:36.0210 5020  HpSAMD - ok

19:48:36.0256 5020  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

19:48:36.0319 5020  HTTP - ok

19:48:36.0334 5020  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

19:48:36.0334 5020  hwpolicy - ok

19:48:36.0350 5020  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

19:48:36.0366 5020  i8042prt - ok

19:48:36.0397 5020  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

19:48:36.0412 5020  iaStorV - ok

19:48:36.0459 5020  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:48:36.0475 5020  idsvc - ok

19:48:36.0490 5020  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

19:48:36.0506 5020  iirsp - ok

19:48:36.0537 5020  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll

19:48:36.0568 5020  IKEEXT - ok

19:48:36.0584 5020  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys

19:48:36.0600 5020  intelide - ok

19:48:36.0615 5020  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

19:48:36.0631 5020  intelppm - ok

19:48:36.0662 5020  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

19:48:36.0709 5020  IPBusEnum - ok

19:48:36.0724 5020  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:48:36.0756 5020  IpFilterDriver - ok

19:48:36.0787 5020  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

19:48:36.0834 5020  iphlpsvc - ok

19:48:36.0849 5020  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

19:48:36.0865 5020  IPMIDRV - ok

19:48:36.0880 5020  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

19:48:36.0943 5020  IPNAT - ok

19:48:36.0974 5020  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

19:48:37.0052 5020  IRENUM - ok

19:48:37.0068 5020  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

19:48:37.0083 5020  isapnp - ok

19:48:37.0099 5020  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

19:48:37.0114 5020  iScsiPrt - ok

19:48:37.0130 5020  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

19:48:37.0146 5020  kbdclass - ok

19:48:37.0161 5020  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

19:48:37.0177 5020  kbdhid - ok

19:48:37.0192 5020  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe

19:48:37.0208 5020  KeyIso - ok

19:48:37.0239 5020  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

19:48:37.0255 5020  KSecDD - ok

19:48:37.0286 5020  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

19:48:37.0302 5020  KSecPkg - ok

19:48:37.0317 5020  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

19:48:37.0348 5020  ksthunk - ok

19:48:37.0380 5020  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll

19:48:37.0411 5020  KtmRm - ok

19:48:37.0442 5020  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll

19:48:37.0489 5020  LanmanServer - ok

19:48:37.0504 5020  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

19:48:37.0551 5020  LanmanWorkstation - ok

19:48:37.0567 5020  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

19:48:37.0614 5020  lltdio - ok

19:48:37.0629 5020  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

19:48:37.0660 5020  lltdsvc - ok

19:48:37.0676 5020  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll

19:48:37.0707 5020  lmhosts - ok

19:48:37.0738 5020  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

19:48:37.0754 5020  LSI_FC - ok

19:48:37.0770 5020  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

19:48:37.0770 5020  LSI_SAS - ok

19:48:37.0785 5020  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:48:37.0801 5020  LSI_SAS2 - ok

19:48:37.0816 5020  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:48:37.0832 5020  LSI_SCSI - ok

19:48:37.0848 5020  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys

19:48:37.0863 5020  luafv - ok

19:48:37.0926 5020  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

19:48:37.0941 5020  MBAMProtector - ok

19:48:37.0988 5020  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:48:38.0035 5020  MBAMScheduler - ok

19:48:38.0066 5020  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:48:38.0097 5020  MBAMService - ok

19:48:38.0144 5020  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

19:48:38.0191 5020  Mcx2Svc - ok

19:48:38.0331 5020  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

19:48:38.0456 5020  MDM ( UnsignedFile.Multi.Generic ) - warning

19:48:38.0456 5020  MDM - detected UnsignedFile.Multi.Generic (1)

19:48:38.0487 5020  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

19:48:38.0487 5020  megasas - ok

19:48:38.0518 5020  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

19:48:38.0534 5020  MegaSR - ok

19:48:38.0565 5020  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll

19:48:38.0628 5020  MMCSS - ok

19:48:38.0628 5020  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys

19:48:38.0674 5020  Modem - ok

19:48:38.0721 5020  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

19:48:38.0752 5020  monitor - ok

19:48:38.0768 5020  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

19:48:38.0784 5020  mouclass - ok

19:48:38.0799 5020  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

19:48:38.0830 5020  mouhid - ok

19:48:38.0846 5020  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

19:48:38.0862 5020  mountmgr - ok

19:48:38.0877 5020  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys

19:48:38.0893 5020  mpio - ok

19:48:38.0908 5020  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

19:48:38.0940 5020  mpsdrv - ok

19:48:38.0971 5020  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll

19:48:39.0033 5020  MpsSvc - ok

19:48:39.0064 5020  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

19:48:39.0080 5020  MRxDAV - ok

19:48:39.0111 5020  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

19:48:39.0158 5020  mrxsmb - ok

19:48:39.0174 5020  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:48:39.0205 5020  mrxsmb10 - ok

19:48:39.0236 5020  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:48:39.0252 5020  mrxsmb20 - ok

19:48:39.0283 5020  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys

19:48:39.0298 5020  msahci - ok

19:48:39.0314 5020  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

19:48:39.0330 5020  msdsm - ok

19:48:39.0345 5020  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe

19:48:39.0376 5020  MSDTC - ok

19:48:39.0408 5020  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

19:48:39.0454 5020  Msfs - ok

19:48:39.0470 5020  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

19:48:39.0517 5020  mshidkmdf - ok

19:48:39.0532 5020  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

19:48:39.0548 5020  msisadrv - ok

19:48:39.0564 5020  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

19:48:39.0626 5020  MSiSCSI - ok

19:48:39.0626 5020  msiserver - ok

19:48:39.0657 5020  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

19:48:39.0688 5020  MSKSSRV - ok

19:48:39.0688 5020  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

19:48:39.0720 5020  MSPCLOCK - ok

19:48:39.0720 5020  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

19:48:39.0766 5020  MSPQM - ok

19:48:39.0798 5020  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

19:48:39.0813 5020  MsRPC - ok

19:48:39.0829 5020  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

19:48:39.0844 5020  mssmbios - ok

19:48:39.0844 5020  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

19:48:39.0876 5020  MSTEE - ok

19:48:39.0891 5020  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

19:48:39.0907 5020  MTConfig - ok

19:48:39.0938 5020  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys

19:48:39.0985 5020  MTsensor - ok

19:48:40.0000 5020  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys

19:48:40.0032 5020  Mup - ok

19:48:40.0078 5020  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll

19:48:40.0110 5020  napagent - ok

19:48:40.0156 5020  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

19:48:40.0188 5020  NativeWifiP - ok

19:48:40.0219 5020  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys

19:48:40.0250 5020  NDIS - ok

19:48:40.0266 5020  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

19:48:40.0297 5020  NdisCap - ok

19:48:40.0328 5020  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

19:48:40.0375 5020  NdisTapi - ok

19:48:40.0406 5020  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

19:48:40.0437 5020  Ndisuio - ok

19:48:40.0468 5020  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

19:48:40.0500 5020  NdisWan - ok

19:48:40.0515 5020  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

19:48:40.0562 5020  NDProxy - ok

19:48:40.0578 5020  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

19:48:40.0609 5020  NetBIOS - ok

19:48:40.0624 5020  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

19:48:40.0671 5020  NetBT - ok

19:48:40.0687 5020  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe

19:48:40.0687 5020  Netlogon - ok

19:48:40.0718 5020  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll

19:48:40.0749 5020  Netman - ok

19:48:40.0765 5020  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll

19:48:40.0812 5020  netprofm - ok

19:48:40.0827 5020  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:48:40.0843 5020  NetTcpPortSharing - ok

19:48:40.0874 5020  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

19:48:40.0890 5020  nfrd960 - ok

19:48:40.0905 5020  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll

19:48:40.0921 5020  NlaSvc - ok

19:48:40.0952 5020  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

19:48:40.0999 5020  Npfs - ok

19:48:41.0014 5020  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll

19:48:41.0061 5020  nsi - ok

19:48:41.0061 5020  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

19:48:41.0108 5020  nsiproxy - ok

19:48:41.0155 5020  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

19:48:41.0202 5020  Ntfs - ok

19:48:41.0217 5020  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys

19:48:41.0248 5020  Null - ok

19:48:41.0264 5020  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys

19:48:41.0295 5020  nusb3hub - ok

19:48:41.0326 5020  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys

19:48:41.0358 5020  nusb3xhc - ok

19:48:41.0373 5020  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys

19:48:41.0389 5020  nvraid - ok

19:48:41.0420 5020  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys

19:48:41.0436 5020  nvstor - ok

19:48:41.0467 5020  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

19:48:41.0482 5020  nv_agp - ok

19:48:41.0560 5020  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:48:41.0685 5020  odserv - ok

19:48:41.0685 5020  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

19:48:41.0716 5020  ohci1394 - ok

19:48:41.0748 5020  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:48:41.0794 5020  ose - ok

19:48:41.0826 5020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

19:48:41.0872 5020  p2pimsvc - ok

19:48:41.0904 5020  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll

19:48:41.0919 5020  p2psvc - ok

19:48:41.0935 5020  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

19:48:41.0950 5020  Parport - ok

19:48:41.0982 5020  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys

19:48:41.0997 5020  partmgr - ok

19:48:42.0013 5020  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll

19:48:42.0044 5020  PcaSvc - ok

19:48:42.0060 5020  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys

19:48:42.0091 5020  pci - ok

19:48:42.0091 5020  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys

19:48:42.0106 5020  pciide - ok

19:48:42.0122 5020  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

19:48:42.0138 5020  pcmcia - ok

19:48:42.0169 5020  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys

19:48:42.0169 5020  pcw - ok

19:48:42.0200 5020  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

19:48:42.0247 5020  PEAUTH - ok

19:48:42.0309 5020  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe

19:48:42.0340 5020  PerfHost - ok

19:48:42.0387 5020  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll

19:48:42.0434 5020  pla - ok

19:48:42.0496 5020  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

19:48:42.0543 5020  PlugPlay - ok

19:48:42.0559 5020  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

19:48:42.0574 5020  PNRPAutoReg - ok

19:48:42.0606 5020  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

19:48:42.0621 5020  PNRPsvc - ok

19:48:42.0652 5020  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

19:48:42.0715 5020  PolicyAgent - ok

19:48:42.0730 5020  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll

19:48:42.0777 5020  Power - ok

19:48:42.0808 5020  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

19:48:42.0840 5020  PptpMiniport - ok

19:48:42.0855 5020  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys

19:48:42.0871 5020  Processor - ok

19:48:42.0902 5020  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll

19:48:42.0933 5020  ProfSvc - ok

19:48:42.0933 5020  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

19:48:42.0949 5020  ProtectedStorage - ok

19:48:42.0980 5020  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

19:48:43.0042 5020  Psched - ok

19:48:43.0074 5020  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

19:48:43.0105 5020  ql2300 - ok

19:48:43.0120 5020  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

19:48:43.0120 5020  ql40xx - ok

19:48:43.0152 5020  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll

19:48:43.0183 5020  QWAVE - ok

19:48:43.0198 5020  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

19:48:43.0214 5020  QWAVEdrv - ok

19:48:43.0261 5020  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll

19:48:43.0276 5020  RapiMgr - ok

19:48:43.0292 5020  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

19:48:43.0323 5020  RasAcd - ok

19:48:43.0354 5020  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

19:48:43.0401 5020  RasAgileVpn - ok

19:48:43.0401 5020  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll

19:48:43.0432 5020  RasAuto - ok

19:48:43.0448 5020  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

19:48:43.0495 5020  Rasl2tp - ok

19:48:43.0510 5020  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll

19:48:43.0557 5020  RasMan - ok

19:48:43.0573 5020  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

19:48:43.0604 5020  RasPppoe - ok

19:48:43.0635 5020  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

19:48:43.0666 5020  RasSstp - ok

19:48:43.0666 5020  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

19:48:43.0713 5020  rdbss - ok

19:48:43.0713 5020  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

19:48:43.0729 5020  rdpbus - ok

19:48:43.0760 5020  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

19:48:43.0791 5020  RDPCDD - ok

19:48:43.0807 5020  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

19:48:43.0854 5020  RDPENCDD - ok

19:48:43.0854 5020  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

19:48:43.0885 5020  RDPREFMP - ok

19:48:43.0932 5020  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

19:48:43.0947 5020  RdpVideoMiniport - ok

19:48:43.0978 5020  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

19:48:43.0994 5020  RDPWD - ok

19:48:44.0025 5020  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

19:48:44.0056 5020  rdyboost - ok

19:48:44.0103 5020  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll

19:48:44.0166 5020  RemoteAccess - ok

19:48:44.0181 5020  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

19:48:44.0244 5020  RemoteRegistry - ok

19:48:44.0244 5020  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

19:48:44.0290 5020  RpcEptMapper - ok

19:48:44.0322 5020  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe

19:48:44.0337 5020  RpcLocator - ok

19:48:44.0384 5020  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll

19:48:44.0431 5020  RpcSs - ok

19:48:44.0446 5020  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

19:48:44.0478 5020  rspndr - ok

19:48:44.0509 5020  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe

19:48:44.0509 5020  SamSs - ok

19:48:44.0540 5020  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

19:48:44.0556 5020  sbp2port - ok

19:48:44.0618 5020  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll

19:48:44.0727 5020  SCardSvr - ok

19:48:44.0836 5020  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

19:48:44.0883 5020  scfilter - ok

19:48:44.0930 5020  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll

19:48:44.0992 5020  Schedule - ok

19:48:45.0008 5020  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll

19:48:45.0039 5020  SCPolicySvc - ok

19:48:45.0055 5020  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

19:48:45.0102 5020  SDRSVC - ok

19:48:45.0117 5020  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

19:48:45.0148 5020  secdrv - ok

19:48:45.0180 5020  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll

19:48:45.0226 5020  seclogon - ok

19:48:45.0242 5020  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll

19:48:45.0273 5020  SENS - ok

19:48:45.0289 5020  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

19:48:45.0320 5020  SensrSvc - ok

19:48:45.0336 5020  [ 9F6490423AC3271E84A90A0DD9D30A3B ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl64.sys

19:48:45.0367 5020  Ser2pl - ok

19:48:45.0382 5020  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

19:48:45.0398 5020  Serenum - ok

19:48:45.0414 5020  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

19:48:45.0429 5020  Serial - ok

19:48:45.0445 5020  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

19:48:45.0460 5020  sermouse - ok

19:48:45.0476 5020  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll

19:48:45.0538 5020  SessionEnv - ok

19:48:45.0601 5020  [ 6F0C3E47E915BE7882629E57FA646406 ] SetClockService C:\Program Files (x86)\Aqua Computer\aquasuite\SetClockService.exe

19:48:45.0632 5020  SetClockService ( UnsignedFile.Multi.Generic ) - warning

19:48:45.0632 5020  SetClockService - detected UnsignedFile.Multi.Generic (1)

19:48:45.0648 5020  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

19:48:45.0679 5020  sffdisk - ok

19:48:45.0694 5020  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

19:48:45.0726 5020  sffp_mmc - ok

19:48:45.0741 5020  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

19:48:45.0772 5020  sffp_sd - ok

19:48:45.0788 5020  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

19:48:45.0819 5020  sfloppy - ok

19:48:45.0850 5020  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll

19:48:45.0897 5020  SharedAccess - ok

19:48:45.0928 5020  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

19:48:45.0975 5020  ShellHWDetection - ok

19:48:46.0006 5020  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:48:46.0006 5020  SiSRaid2 - ok

19:48:46.0038 5020  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

19:48:46.0038 5020  SiSRaid4 - ok

19:48:46.0053 5020  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

19:48:46.0100 5020  Smb - ok

19:48:46.0116 5020  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

19:48:46.0147 5020  SNMPTRAP - ok

19:48:46.0162 5020  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys

19:48:46.0178 5020  spldr - ok

19:48:46.0209 5020  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe

19:48:46.0256 5020  Spooler - ok

19:48:46.0334 5020  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe

19:48:46.0412 5020  sppsvc - ok

19:48:46.0443 5020  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

19:48:46.0474 5020  sppuinotify - ok

19:48:46.0506 5020  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys

19:48:46.0537 5020  srv - ok

19:48:46.0568 5020  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

19:48:46.0599 5020  srv2 - ok

19:48:46.0615 5020  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

19:48:46.0630 5020  srvnet - ok

19:48:46.0662 5020  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

19:48:46.0708 5020  SSDPSRV - ok

19:48:46.0724 5020  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll

19:48:46.0755 5020  SstpSvc - ok

19:48:46.0771 5020  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

19:48:46.0786 5020  stexstor - ok

19:48:46.0818 5020  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll

19:48:46.0864 5020  stisvc - ok

19:48:46.0880 5020  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys

19:48:46.0896 5020  swenum - ok

19:48:46.0911 5020  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll

19:48:46.0974 5020  swprv - ok

19:48:47.0020 5020  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll

19:48:47.0052 5020  SysMain - ok

19:48:47.0083 5020  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

19:48:47.0114 5020  TabletInputService - ok

19:48:47.0130 5020  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll

19:48:47.0192 5020  TapiSrv - ok

19:48:47.0208 5020  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll

19:48:47.0270 5020  TBS - ok

19:48:47.0332 5020  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

19:48:47.0379 5020  Tcpip - ok

19:48:47.0410 5020  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

19:48:47.0442 5020  TCPIP6 - ok

19:48:47.0457 5020  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

19:48:47.0488 5020  tcpipreg - ok

19:48:47.0504 5020  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

19:48:47.0535 5020  TDPIPE - ok

19:48:47.0551 5020  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

19:48:47.0566 5020  TDTCP - ok

19:48:47.0598 5020  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

19:48:47.0644 5020  tdx - ok

19:48:47.0660 5020  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys

19:48:47.0676 5020  TermDD - ok

19:48:47.0707 5020  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll

19:48:47.0754 5020  TermService - ok

19:48:47.0785 5020  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll

19:48:47.0800 5020  Themes - ok

19:48:47.0816 5020  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll

19:48:47.0847 5020  THREADORDER - ok

19:48:47.0878 5020  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll

19:48:47.0910 5020  TrkWks - ok

19:48:47.0941 5020  [ B66EE1D68197DFB9AA24F961E68ACDCC ] trufos          C:\Windows\system32\DRIVERS\trufos.sys

19:48:47.0972 5020  trufos - ok

19:48:48.0050 5020  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

19:48:48.0097 5020  TrustedInstaller - ok

19:48:48.0128 5020  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

19:48:48.0159 5020  tssecsrv - ok

19:48:48.0190 5020  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

19:48:48.0222 5020  TsUsbFlt - ok

19:48:48.0253 5020  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

19:48:48.0284 5020  tunnel - ok

19:48:48.0315 5020  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

19:48:48.0331 5020  uagp35 - ok

19:48:48.0346 5020  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

19:48:48.0393 5020  udfs - ok

19:48:48.0409 5020  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

19:48:48.0440 5020  UI0Detect - ok

19:48:48.0456 5020  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

19:48:48.0471 5020  uliagpkx - ok

19:48:48.0518 5020  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

19:48:48.0534 5020  umbus - ok

19:48:48.0549 5020  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

19:48:48.0565 5020  UmPass - ok

19:48:48.0643 5020  [ 75A488DA3EA48BE97695A727185515CF ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

19:48:48.0658 5020  UPDATESRV - ok

19:48:48.0690 5020  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll

19:48:48.0736 5020  upnphost - ok

19:48:48.0752 5020  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

19:48:48.0783 5020  usbccgp - ok

19:48:48.0814 5020  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

19:48:48.0830 5020  usbcir - ok

19:48:48.0846 5020  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

19:48:48.0877 5020  usbehci - ok

19:48:48.0908 5020  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

19:48:48.0939 5020  usbhub - ok

19:48:48.0955 5020  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

19:48:48.0970 5020  usbohci - ok

19:48:48.0970 5020  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

19:48:49.0002 5020  usbprint - ok

19:48:49.0048 5020  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

19:48:49.0064 5020  usbscan - ok

19:48:49.0080 5020  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:48:49.0111 5020  USBSTOR - ok

19:48:49.0126 5020  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

19:48:49.0142 5020  usbuhci - ok

19:48:49.0189 5020  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys

19:48:49.0220 5020  usb_rndisx - ok

19:48:49.0251 5020  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll

19:48:49.0282 5020  UxSms - ok

19:48:49.0298 5020  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe

19:48:49.0314 5020  VaultSvc - ok

19:48:49.0329 5020  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

19:48:49.0345 5020  vdrvroot - ok

19:48:49.0376 5020  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe

19:48:49.0407 5020  vds - ok

19:48:49.0438 5020  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

19:48:49.0470 5020  vga - ok

19:48:49.0470 5020  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys

19:48:49.0516 5020  VgaSave - ok

19:48:49.0532 5020  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

19:48:49.0548 5020  vhdmp - ok

19:48:49.0579 5020  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys

19:48:49.0594 5020  viaide - ok

19:48:49.0657 5020  [ A942813405C51998DD2C2B86A08394D5 ] VMAuthdService  C:\Users\Schüle\Programme\vmware-authd.exe

19:48:49.0688 5020  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning

19:48:49.0688 5020  VMAuthdService - detected UnsignedFile.Multi.Generic (1)

19:48:49.0704 5020  [ 6203C901DEFF10631AAD919B3BD1489B ] vmci            C:\Windows\system32\DRIVERS\vmci.sys

19:48:49.0719 5020  vmci - ok

19:48:49.0766 5020  [ DE8F365C4C038AFE02F6E3B18ECAED33 ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys

19:48:49.0782 5020  vmkbd - ok

19:48:49.0797 5020  [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys

19:48:49.0813 5020  VMnetAdapter - ok

19:48:49.0860 5020  [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys

19:48:49.0906 5020  VMnetBridge - ok

19:48:49.0906 5020  VMnetDHCP - ok

19:48:49.0922 5020  [ 36EDBFE2C2405081620ADEF7B691ED89 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys

19:48:49.0922 5020  VMnetuserif - ok

19:48:49.0953 5020  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys

19:48:49.0969 5020  vmusb - ok

19:48:50.0047 5020  [ B55A8DADA1D825B73C811101B06E012F ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

19:48:50.0078 5020  VMUSBArbService - ok

19:48:50.0078 5020  VMware NAT Service - ok

19:48:50.0109 5020  [ 0E6ACC0257C6EFBB41E9FF4CD2A88B7F ] vmx86           C:\Windows\system32\drivers\vmx86.sys

19:48:50.0109 5020  vmx86 - ok

19:48:50.0140 5020  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

19:48:50.0140 5020  volmgr - ok

19:48:50.0172 5020  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

19:48:50.0203 5020  volmgrx - ok

19:48:50.0218 5020  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

19:48:50.0234 5020  volsnap - ok

19:48:50.0250 5020  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

19:48:50.0265 5020  vsmraid - ok

19:48:50.0281 5020  [ EF1E48D431223F670CFFD6169B1A136F ] vsock           C:\Windows\system32\drivers\vsock.sys

19:48:50.0296 5020  vsock - ok

19:48:50.0359 5020  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe

19:48:50.0421 5020  VSS - ok

19:48:50.0468 5020  [ CE9659E7047145791F1288C167C22BFE ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

19:48:50.0499 5020  VSSERV - ok

19:48:50.0515 5020  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

19:48:50.0530 5020  vwifibus - ok

19:48:50.0562 5020  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

19:48:50.0577 5020  vwififlt - ok

19:48:50.0608 5020  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

19:48:50.0640 5020  vwifimp - ok

19:48:50.0671 5020  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll

19:48:50.0702 5020  W32Time - ok

19:48:50.0702 5020  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

19:48:50.0733 5020  WacomPen - ok

19:48:50.0764 5020  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

19:48:50.0827 5020  WANARP - ok

19:48:50.0827 5020  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

19:48:50.0858 5020  Wanarpv6 - ok

19:48:50.0920 5020  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

19:48:50.0967 5020  WatAdminSvc - ok

19:48:50.0998 5020  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe

19:48:51.0045 5020  wbengine - ok

19:48:51.0061 5020  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

19:48:51.0076 5020  WbioSrvc - ok

19:48:51.0092 5020  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll

19:48:51.0108 5020  WcesComm - ok

19:48:51.0123 5020  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll

19:48:51.0154 5020  wcncsvc - ok

19:48:51.0170 5020  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

19:48:51.0186 5020  WcsPlugInService - ok

19:48:51.0201 5020  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys

19:48:51.0217 5020  Wd - ok

19:48:51.0248 5020  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

19:48:51.0295 5020  Wdf01000 - ok

19:48:51.0295 5020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll

19:48:51.0357 5020  WdiServiceHost - ok

19:48:51.0357 5020  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll

19:48:51.0373 5020  WdiSystemHost - ok

19:48:51.0388 5020  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll

19:48:51.0435 5020  WebClient - ok

19:48:51.0435 5020  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll

19:48:51.0482 5020  Wecsvc - ok

19:48:51.0498 5020  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

19:48:51.0529 5020  wercplsupport - ok

19:48:51.0544 5020  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll

19:48:51.0591 5020  WerSvc - ok

19:48:51.0622 5020  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

19:48:51.0654 5020  WfpLwf - ok

19:48:51.0669 5020  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

19:48:51.0669 5020  WIMMount - ok

19:48:51.0685 5020  WinDefend - ok

19:48:51.0685 5020  WinHttpAutoProxySvc - ok

19:48:51.0747 5020  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

19:48:51.0794 5020  Winmgmt - ok

19:48:51.0841 5020  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll

19:48:51.0903 5020  WinRM - ok

19:48:51.0934 5020  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

19:48:51.0966 5020  WinUsb - ok

19:48:51.0997 5020  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll

19:48:52.0044 5020  Wlansvc - ok

19:48:52.0090 5020  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

19:48:52.0106 5020  WmiAcpi - ok

19:48:52.0153 5020  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

19:48:52.0184 5020  wmiApSrv - ok

19:48:52.0200 5020  WMPNetworkSvc - ok

19:48:52.0215 5020  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll

19:48:52.0246 5020  WPCSvc - ok

19:48:52.0262 5020  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

19:48:52.0293 5020  WPDBusEnum - ok

19:48:52.0309 5020  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

19:48:52.0371 5020  ws2ifsl - ok

19:48:52.0387 5020  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll

19:48:52.0418 5020  wscsvc - ok

19:48:52.0449 5020  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys

19:48:52.0480 5020  WSDPrintDevice - ok

19:48:52.0480 5020  WSearch - ok

19:48:52.0543 5020  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll

19:48:52.0590 5020  wuauserv - ok

19:48:52.0621 5020  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

19:48:52.0652 5020  WudfPf - ok

19:48:52.0683 5020  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

19:48:52.0714 5020  WUDFRd - ok

19:48:52.0730 5020  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

19:48:52.0761 5020  wudfsvc - ok

19:48:52.0792 5020  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll

19:48:52.0808 5020  WwanSvc - ok

19:48:52.0855 5020  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys

19:48:52.0917 5020  yukonw7 - ok

19:48:52.0933 5020  ================ Scan global ===============================

19:48:52.0964 5020  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

19:48:52.0995 5020  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll

19:48:52.0995 5020  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll

19:48:53.0026 5020  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

19:48:53.0042 5020  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

19:48:53.0058 5020  [Global] - ok

19:48:53.0058 5020  ================ Scan MBR ==================================

19:48:53.0058 5020  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

19:48:53.0089 5020  \Device\Harddisk1\DR1 - ok

19:48:53.0104 5020  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

19:48:53.0510 5020  \Device\Harddisk0\DR0 - ok

19:48:53.0510 5020  ================ Scan VBR ==================================

19:48:53.0526 5020  [ FA24A3BD6C5E51D12E3308AA41408E6A ] \Device\Harddisk1\DR1\Partition1

19:48:53.0526 5020  \Device\Harddisk1\DR1\Partition1 - ok

19:48:53.0541 5020  [ 2BC86AC1F3ADF177FD22F16DE1EAFCF7 ] \Device\Harddisk0\DR0\Partition1

19:48:53.0541 5020  \Device\Harddisk0\DR0\Partition1 - ok

19:48:53.0557 5020  [ BF0194E6E00FEC8CD192456991E3B221 ] \Device\Harddisk0\DR0\Partition2

19:48:53.0557 5020  \Device\Harddisk0\DR0\Partition2 - ok

19:48:53.0588 5020  [ A0D87E6B482464D6A90349A78F1A044A ] \Device\Harddisk0\DR0\Partition3

19:48:53.0588 5020  \Device\Harddisk0\DR0\Partition3 - ok

19:48:53.0619 5020  [ E719C21CB8B30C063AD4B3E290A3A7B2 ] \Device\Harddisk0\DR0\Partition4

19:48:53.0619 5020  \Device\Harddisk0\DR0\Partition4 - ok

19:48:53.0619 5020  ============================================================

19:48:53.0619 5020  Scan finished

19:48:53.0619 5020  ============================================================

19:48:53.0635 4904  Detected object count: 3

19:48:53.0635 4904  Actual detected object count: 3

19:49:12.0402 4904  MDM ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:12.0402 4904  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:12.0402 4904  SetClockService ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:12.0402 4904  SetClockService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:49:12.0402 4904  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user

19:49:12.0402 4904  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

20:17:57.0883 3884  Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-12-20.02 - Schüle 20.12.2012  20:59:30.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.3809 [GMT 1:00]

ausgeführt von:: c:\users\Sch³le\Desktop\ComboFix.exe

AV: Bitdefender Virenschutz *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}

FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

SP: Bitdefender Spyware-Schutz *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1347698460.bdinstall.bin

c:\programdata\1351013324.bdinstall.bin

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-11-20 bis 2012-12-20  ))))))))))))))))))))))))))))))

.

.

2012-12-20 20:04 . 2012-12-20 20:04        --------        d-----w-        c:\users\Internet\AppData\Local\temp

2012-12-20 20:04 . 2012-12-20 20:04        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-12-18 21:53 . 2012-12-18 21:53        --------        d-----w-        c:\users\Schüle\AppData\Roaming\Malwarebytes

2012-12-18 21:53 . 2012-12-18 21:53        --------        d-----w-        c:\programdata\Malwarebytes

2012-12-18 21:53 . 2012-12-18 21:53        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-18 21:53 . 2012-09-29 18:54        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-12-18 18:43 . 2012-12-18 18:43        --------        d-----w-        c:\users\Internet\AppData\Roaming\Bitdefender

2012-12-12 07:44 . 2012-11-14 03:51        19450880        ----a-w-        c:\windows\system32\mshtml.dll

2012-12-12 07:44 . 2012-11-14 03:25        2706432        ----a-w-        c:\windows\system32\mshtml.tlb

2012-12-12 07:44 . 2012-11-14 01:14        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb

2012-12-12 07:42 . 2012-11-09 05:45        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-12-12 07:42 . 2012-11-09 04:42        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-12-12 07:38 . 2012-11-05 20:41        367616        ----a-w-        c:\windows\system32\atmfd.dll

2012-12-12 07:38 . 2012-11-05 20:32        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll

2012-12-12 07:38 . 2012-11-05 21:35        46080        ----a-w-        c:\windows\system32\atmlib.dll

2012-12-12 07:38 . 2012-11-05 20:32        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2012-12-12 07:38 . 2012-11-22 03:26        3149824        ----a-w-        c:\windows\system32\win32k.sys

2012-12-12 07:38 . 2012-11-02 05:59        478208        ----a-w-        c:\windows\system32\dpnet.dll

2012-12-12 07:38 . 2012-11-02 05:11        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll

2012-12-10 22:06 . 2012-12-10 22:06        --------        d-----w-        c:\windows\SysWow64\searchplugins

2012-12-10 22:06 . 2012-12-10 22:06        --------        d-----w-        c:\windows\SysWow64\Extensions

2012-12-10 22:06 . 2012-12-10 22:26        --------        d-----w-        c:\users\Schüle\AppData\Local\VisualBeeExe

2012-12-10 22:05 . 2012-12-18 21:46        --------        d-----w-        c:\programdata\VisualBee

2012-12-07 19:49 . 2012-12-18 21:46        --------        d-----w-        c:\windows\WindowsMobile

2012-12-06 15:54 . 2012-12-06 15:54        --------        d-----w-        c:\programdata\Applications

2012-11-29 16:07 . 2012-11-29 16:07        --------        d-----w-        c:\program files (x86)\Renesas Electronics

2012-11-29 16:06 . 2012-11-29 16:06        --------        d-----w-        c:\programdata\Downloaded Installations

2012-11-29 16:05 . 2012-11-29 16:06        --------        d-----w-        c:\users\Schüle\Hama

2012-11-28 08:02 . 2012-08-24 18:13        154480        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2012-11-28 08:02 . 2012-08-24 18:09        458712        ----a-w-        c:\windows\system32\drivers\cng.sys

2012-11-28 08:02 . 2012-08-24 18:05        340992        ----a-w-        c:\windows\system32\schannel.dll

2012-11-28 08:02 . 2012-08-24 18:04        307200        ----a-w-        c:\windows\system32\ncrypt.dll

2012-11-28 08:02 . 2012-08-24 18:03        1448448        ----a-w-        c:\windows\system32\lsasrv.dll

2012-11-28 08:02 . 2012-08-24 16:57        247808        ----a-w-        c:\windows\SysWow64\schannel.dll

2012-11-28 08:02 . 2012-08-24 16:57        220160        ----a-w-        c:\windows\SysWow64\ncrypt.dll

2012-11-28 08:02 . 2012-08-24 16:57        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2012-11-28 08:02 . 2012-08-24 16:53        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

2012-11-27 13:13 . 2012-12-20 11:00        --------        d-----w-        c:\users\Schüle\AppData\Local\VMware

2012-11-27 13:13 . 2012-12-20 10:54        --------        d-----w-        c:\users\Schüle\AppData\Roaming\VMware

2012-11-27 13:13 . 2012-10-24 13:17        67224        ----a-w-        c:\windows\system32\vsocklib.dll

2012-11-27 13:13 . 2012-10-24 13:17        63128        ----a-w-        c:\windows\SysWow64\vsocklib.dll

2012-11-27 13:13 . 2012-10-24 13:17        70296        ----a-w-        c:\windows\system32\drivers\vsock.sys

2012-11-27 13:13 . 2012-11-01 01:34        67224        ----a-w-        c:\windows\system32\drivers\vmx86.sys

2012-11-27 13:13 . 2012-11-01 01:34        32920        ----a-w-        c:\windows\system32\drivers\VMkbd.sys

2012-11-27 13:12 . 2012-11-01 01:35        357016        ----a-w-        c:\windows\SysWow64\vmnetdhcp.exe

2012-11-27 13:12 . 2012-11-01 01:34        435864        ----a-w-        c:\windows\SysWow64\vmnat.exe

2012-11-27 13:12 . 2012-11-01 01:34        30360        ----a-w-        c:\windows\system32\drivers\vmnetuserif.sys

2012-11-27 13:12 . 2012-11-01 01:35        933528        ----a-w-        c:\windows\system32\vnetlib64.dll

2012-11-27 13:12 . 2012-10-11 16:15        52376        ----a-w-        c:\windows\system32\drivers\hcmon.sys

2012-11-27 13:12 . 2012-11-27 13:12        --------        d-----w-        c:\program files\Common Files\VMware

2012-11-27 13:12 . 2012-12-20 20:08        --------        d-----w-        c:\programdata\VMware

2012-11-27 13:12 . 2012-11-27 13:12        --------        d-----w-        c:\program files (x86)\Common Files\VMware

2012-11-26 10:23 . 2012-11-26 10:23        --------        d-----w-        c:\users\Schüle\AppData\Roaming\Canneverbe Limited

2012-11-26 10:23 . 2012-11-26 10:23        --------        d-----w-        c:\programdata\Canneverbe Limited

2012-11-26 10:22 . 2012-12-18 21:46        --------        d-----w-        c:\program files (x86)\CDBurnerXP

2012-11-26 09:54 . 2012-11-26 09:55        --------        d-----w-        C:\$WINDOWS.~BT

2012-11-26 07:59 . 2012-11-26 07:59        --------        d-----r-        C:\ESD

2012-11-25 17:36 . 2012-11-25 17:36        --------        d-----w-        c:\users\MCP6

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-19 11:31 . 2012-09-15 08:52        261056        ----a-w-        c:\windows\system32\drivers\avchv.sys

2012-12-12 07:44 . 2009-12-19 17:56        67413224        ----a-w-        c:\windows\system32\MRT.exe

2012-12-11 20:08 . 2012-04-15 21:50        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-11 20:08 . 2011-05-15 08:30        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-29 21:55 . 2012-10-23 17:29        350160        ----a-w-        c:\windows\system32\drivers\trufos.sys

2012-11-14 08:32 . 2012-11-14 08:32        97280        ----a-w-        c:\windows\system32\mshtmled.dll

2012-11-14 08:32 . 2012-11-14 08:32        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2012-11-14 08:32 . 2012-11-14 08:32        905216        ----a-w-        c:\windows\system32\mshtmlmedia.dll

2012-11-14 08:32 . 2012-11-14 08:32        89600        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2012-11-14 08:32 . 2012-11-14 08:32        854528        ----a-w-        c:\windows\system32\jscript.dll

2012-11-14 08:32 . 2012-11-14 08:32        81408        ----a-w-        c:\windows\system32\icardie.dll

2012-11-14 08:32 . 2012-11-14 08:32        77312        ----a-w-        c:\windows\system32\tdc.ocx

2012-11-14 08:32 . 2012-11-14 08:32        762368        ----a-w-        c:\windows\system32\ieapfltr.dll

2012-11-14 08:32 . 2012-11-14 08:32        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe

2012-11-14 08:32 . 2012-11-14 08:32        718336        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll

2012-11-14 08:32 . 2012-11-14 08:32        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-11-14 08:32 . 2012-11-14 08:32        67072        ----a-w-        c:\windows\system32\iesetup.dll

2012-11-14 08:32 . 2012-11-14 08:32        62976        ----a-w-        c:\windows\system32\pngfilt.dll

2012-11-14 08:32 . 2012-11-14 08:32        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx

2012-11-14 08:32 . 2012-11-14 08:32        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll

2012-11-14 08:32 . 2012-11-14 08:32        603136        ----a-w-        c:\windows\system32\msfeeds.dll

2012-11-14 08:32 . 2012-11-14 08:32        593408        ----a-w-        c:\windows\system32\vbscript.dll

2012-11-14 08:32 . 2012-11-14 08:32        53760        ----a-w-        c:\windows\system32\jsproxy.dll

2012-11-14 08:32 . 2012-11-14 08:32        531456        ----a-w-        c:\windows\system32\ieui.dll

2012-11-14 08:32 . 2012-11-14 08:32        525312        ----a-w-        c:\windows\SysWow64\vbscript.dll

2012-11-14 08:32 . 2012-11-14 08:32        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll

2012-11-14 08:32 . 2012-11-14 08:32        51200        ----a-w-        c:\windows\system32\imgutil.dll

2012-11-14 08:32 . 2012-11-14 08:32        50688        ----a-w-        c:\windows\system32\ie4uinit.exe

2012-11-14 08:32 . 2012-11-14 08:32        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll

2012-11-14 08:32 . 2012-11-14 08:32        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2012-11-14 08:32 . 2012-11-14 08:32        453120        ----a-w-        c:\windows\system32\dxtmsft.dll

2012-11-14 08:32 . 2012-11-14 08:32        441856        ----a-w-        c:\windows\system32\html.iec

2012-11-14 08:32 . 2012-11-14 08:32        39936        ----a-w-        c:\windows\system32\iernonce.dll

2012-11-14 08:32 . 2012-11-14 08:32        3966976        ----a-w-        c:\windows\system32\jscript9.dll

2012-11-14 08:32 . 2012-11-14 08:32        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll

2012-11-14 08:32 . 2012-11-14 08:32        361984        ----a-w-        c:\windows\SysWow64\html.iec

2012-11-14 08:32 . 2012-11-14 08:32        2882048        ----a-w-        c:\windows\SysWow64\jscript9.dll

2012-11-14 08:32 . 2012-11-14 08:32        281600        ----a-w-        c:\windows\system32\dxtrans.dll

2012-11-14 08:32 . 2012-11-14 08:32        27648        ----a-w-        c:\windows\system32\licmgr10.dll

2012-11-14 08:32 . 2012-11-14 08:32        270848        ----a-w-        c:\windows\system32\iedkcs32.dll

2012-11-14 08:32 . 2012-11-14 08:32        2670080        ----a-w-        c:\windows\system32\iertutil.dll

2012-11-14 08:32 . 2012-11-14 08:32        247296        ----a-w-        c:\windows\system32\webcheck.dll

2012-11-14 08:32 . 2012-11-14 08:32        235008        ----a-w-        c:\windows\system32\url.dll

2012-11-14 08:32 . 2012-11-14 08:32        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll

2012-11-14 08:32 . 2012-11-14 08:32        226304        ----a-w-        c:\windows\system32\elshyph.dll

2012-11-14 08:32 . 2012-11-14 08:32        2245120        ----a-w-        c:\windows\system32\wininet.dll

2012-11-14 08:32 . 2012-11-14 08:32        216576        ----a-w-        c:\windows\system32\msls31.dll

2012-11-14 08:32 . 2012-11-14 08:32        197120        ----a-w-        c:\windows\system32\msrating.dll

2012-11-14 08:32 . 2012-11-14 08:32        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll

2012-11-14 08:32 . 2012-11-14 08:32        1772032        ----a-w-        c:\windows\SysWow64\wininet.dll

2012-11-14 08:32 . 2012-11-14 08:32        173568        ----a-w-        c:\windows\system32\ieUnatt.exe

2012-11-14 08:32 . 2012-11-14 08:32        167424        ----a-w-        c:\windows\system32\iexpress.exe

2012-11-14 08:32 . 2012-11-14 08:32        158720        ----a-w-        c:\windows\SysWow64\msls31.dll

2012-11-14 08:32 . 2012-11-14 08:32        15418368        ----a-w-        c:\windows\system32\ieframe.dll

2012-11-14 08:32 . 2012-11-14 08:32        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-11-14 08:32 . 2012-11-14 08:32        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe

2012-11-14 08:32 . 2012-11-14 08:32        149504        ----a-w-        c:\windows\system32\occache.dll

2012-11-14 08:32 . 2012-11-14 08:32        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl

2012-11-14 08:32 . 2012-11-14 08:32        142848        ----a-w-        c:\windows\system32\wextract.exe

2012-11-14 08:32 . 2012-11-14 08:32        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat

2012-11-14 08:32 . 2012-11-14 08:32        13824        ----a-w-        c:\windows\system32\mshta.exe

2012-11-14 08:32 . 2012-11-14 08:32        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe

2012-11-14 08:32 . 2012-11-14 08:32        136704        ----a-w-        c:\windows\system32\iesysprep.dll

2012-11-14 08:32 . 2012-11-14 08:32        136192        ----a-w-        c:\windows\system32\iepeers.dll

2012-11-14 08:32 . 2012-11-14 08:32        136192        ----a-w-        c:\windows\system32\IEAdvpack.dll

2012-11-14 08:32 . 2012-11-14 08:32        135680        ----a-w-        c:\windows\SysWow64\wextract.exe

2012-11-14 08:32 . 2012-11-14 08:32        1352192        ----a-w-        c:\windows\system32\urlmon.dll

2012-11-14 08:32 . 2012-11-14 08:32        12800        ----a-w-        c:\windows\SysWow64\mshta.exe

2012-11-14 08:32 . 2012-11-14 08:32        12800        ----a-w-        c:\windows\system32\msfeedssync.exe

2012-11-14 08:32 . 2012-11-14 08:32        111104        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll

2012-11-14 08:32 . 2012-11-14 08:32        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll

2012-11-14 08:32 . 2012-11-14 08:32        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe

2012-11-14 08:32 . 2012-11-14 08:32        102912        ----a-w-        c:\windows\system32\inseng.dll

2012-11-14 08:31 . 2012-11-14 08:31        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll

2012-11-14 08:31 . 2012-11-14 08:31        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2012-11-14 08:31 . 2012-11-14 08:31        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll

2012-11-14 08:31 . 2012-11-14 08:31        648192        ----a-w-        c:\windows\system32\d3d10level9.dll

2012-11-14 08:31 . 2012-11-14 08:31        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2012-11-14 08:31 . 2012-11-14 08:31        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2012-11-14 08:31 . 2012-11-14 08:31        465920        ----a-w-        c:\windows\system32\WMPhoto.dll

2012-11-14 08:31 . 2012-11-14 08:31        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll

2012-11-14 08:31 . 2012-11-14 08:31        3928064        ----a-w-        c:\windows\system32\d2d1.dll

2012-11-14 08:31 . 2012-11-14 08:31        363008        ----a-w-        c:\windows\system32\dxgi.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"PDFPrint"="c:\users\Schüle\Programme\PDF24\pdf24.exe" [2012-10-25 162408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-10-31 587024]

R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-10-31 82384]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]

R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-12-19 68440]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-10-31 705552]

S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-08-29 145696]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]

S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 93160]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 202752]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

S2 SetClockService;Set Clock Service 2.0;c:\program files (x86)\Aqua Computer\aquasuite\SetClockService.exe [2008-09-19 241152]

S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-12-19 68416]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-12-19 261056]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

Inhalt des "geplante Tasks" Ordners

.

2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-12-19 1571656]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

FontCache

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.t-online.de/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\SysWOW64\vmnat.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\users\Schüle\Programme\vmware-authd.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-12-20  21:12:43 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-12-20 20:12

.

Vor Suchlauf: 9 Verzeichnis(se), 280.428.814.336 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 282.391.547.904 Bytes frei

.

- - End Of File - - 2313E63DAB66E6955062FF1C7276F8F1

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hallo Cosinus,
hier die Logdatei:
Werner

Code:

# AdwCleaner v2.101 - Datei am 20/12/2012 um 21:34:49 erstellt

# Aktualisiert am 16/12/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Schüle - I7

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Schüle\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 
 

***** [Registrierungsdatenbank] *****
 
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16438
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Google Chrome v [Version kann nicht ermittelt werden]
 

Datei : C:\Users\Schüle\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Gefunden [l.43] : icon_url = "hxxp://www.babylon.com/favicon.ico",

Gefunden [l.46] : keyword = "babylon.com",

Gefunden [l.49] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=116295&tt=091212_9101_5012_3&babsrc=SP_ss&mntrId=00e106b8000000000000060fb5237758",
 

*************************
 

AdwCleaner[R1].txt - [2661 octets] - [19/12/2012 08:41:49]

AdwCleaner[R2].txt - [958 octets] - [19/12/2012 11:52:58]

AdwCleaner[R3].txt - [1106 octets] - [20/12/2012 21:34:49]

AdwCleaner[S1].txt - [2618 octets] - [19/12/2012 08:44:20]
 

########## EOF - C:\AdwCleaner[R3].txt - [1226 octets] ##########

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.