Win\ldpinch.DB & TR/Ransom.Gimemo.ucd (unter anderem?) via Drive-By erhalten

verwanzt · 02.06.2012, 08:53

Guten Morgen!

Beim Surfen mit dem guten alten IE habe ich auf einen Link geklickt, der zu einer Nachrichtenseite führt. Schon beim Laden der Seite habe ich gesehen, dass der Java-Tay erscheint. Aber da war es schon zu spät ;-/

Avira hat daraufhin per Meldung darauf hingewiesen, dass sich in dem Ordner meiner Latex-Installation 3 Dateien mit folgendem Problem befinden: "Enthält Erkennungsmuster des Windows-Virus W32/Infector.Gen8". Latex selbst war zu diesem Zeitpunkt nicht offen(seit Monaten nicht, bin eher der MSOffice Typ). Scan über OS-Partition hat dann im oben genannten Ordner 28 Mal den
Windows-Virus W32/Infector.Gen8 reklamiert. Hab ich alles in Quarantäne verschieben lassen.

Dann habe ich mir meine Prozesse angesehen und mindestens einen gefunden, der nicht i.O. war (Name sah nach Random generiert aus). Der Prozess lies nicht dauerhaft stoppen, da er von Windows Host Prozess neu erzeugt wurde.

Windows Defender einer weiteren Windows Installation auf diesem Rechner erkannte folgendes:

Zitat:

Kategorie:
Kennwortstehlprogramm

Beschreibung:
Dieses Programm ist gefährlich. Es zeichnet Benutzerkennwörter auf.

Empfehlung:
Entfernen Sie diese Software unverzüglich.

Ressourcen:
containerfile:
F:\Users\mobile\AppData\Local\Temp\~!#19B0.tmp

file:
F:\Users\mobile\AppData\Local\Temp\~!#19B0.tmp->(UPX)->[DynDrop]->(UPX)

Ich bin den Anweisungen des Defenders gefolgt und kann den Prozess seitdem nicht mehr entdecken. Desweiteren habe ich alles aus dem App Data Ordner gelöscht was mir dubios vorkam und sich löschen lies (teilweise durch laufende Prozesse blockiert).

Ausserdem lädt sich ein Zeitgenosse (F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe) über den Autostart nach. Entfernen wird durch laufende Prozesse blockiert. Ich habe den Verweis erstmal nicht entfernt, um nicht noch weitere Spuren zu verwischen.

Weitere Auffälligkeit: Über den UAC Prompt wollte ein Befehlsprozessor meine Authorisierung. Bei Ablehnung erfolgt sofort erneute Nachfrage. Habe das erstmal nicht bestätigt und minimiert. Während ich diesen Text schreibe, ist die Nachfrage verschwunden - möglicherweise habe ich "Aus Versehen" bestätigt?

Die hier im Forum empfohlenen Schritte 1 und 2 habe ich durchgeführt. Folgend die Logs:

OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.06.2012 00:11:14 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 69,71% Memory free
7,35 Gb Paging File | 5,97 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,47 Gb Free Space | 30,14% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,26 Gb Free Space | 0,87% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,35 Gb Free Space | 2,46% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 00:06:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Downloads\OTL.exe
PRC - [2012.06.01 17:00:31 | 000,102,400 | --S- | M] () -- F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.01 17:00:31 | 000,102,400 | --S- | M] () -- F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 19 EE 8C 95 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
 
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.15 11:55:12 | 000,002,344 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.15 11:55:12 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.15 11:55:12 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CweWjhjf] F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O4 - Startup: F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe ()
O4 - Startup: F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 18:20:27 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Local\ttmkyhao
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:53:26 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 23:53:26 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.01 23:44:08 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012.06.01 23:44:03 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:17:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
[2012.06.01 17:38:16 | 000,001,124 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000UA.job
[2012.06.01 17:00:31 | 000,102,400 | --S- | M] () -- F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe
[2012.06.01 09:38:03 | 000,001,072 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000Core.job
 
========== Files Created - No Company Name ==========
 
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 19:44:58 | 000,102,400 | --S- | C] () -- F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
 
========== LOP Check ==========
 
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.01 23:45:21 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,028,602 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 

< End of report >

--- --- ---

Extras.txt:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.06.2012 00:11:14 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 69,71% Memory free
7,35 Gb Paging File | 5,97 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,47 Gb Free Space | 30,14% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,26 Gb Free Space | 0,87% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,35 Gb Free Space | 2,46% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe | 
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system | 
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe | 
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe | 
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe | 
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe | 
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe | 
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{A8D28D8C-E821-4244-A211-B21645129859}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe | 
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe | 
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe | 
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{AA70EAF8-9121-4766-9733-296BF343D27C}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"VP Suite 5.0" = VP Suite 5.0
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2012 06:22:41 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e34    Startzeit: 01cd3c328f9b8a1e    Endzeit: 96    Anwendungspfad: 
F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 29.05.2012 02:09:45 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1b98    Startzeit: 01cd3c9ed866a025    Endzeit: 824    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 29.05.2012 07:25:23 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.  .
 
Error - 29.05.2012 07:25:28 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.  .
 
Error - 29.05.2012 07:25:52 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.  .
 
Error - 29.05.2012 07:25:57 | Computer Name = ***** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger zur Verfügung.  .
 
Error - 31.05.2012 01:00:56 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 244c    Startzeit: 01cd3e958c5ecfbb    Endzeit: 19    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 01.06.2012 01:18:39 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 20d4    Startzeit: 01cd3f5be755c638    Endzeit: 13    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8193
Description = 
 
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8211
Description = 
 
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2010 08:54:41 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 06:35:08 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 82848 seconds with 120 seconds of active time.  This session ended with a
 crash.
 
Error - 24.02.2011 08:16:33 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2011 01:27:56 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.04.2012 03:09:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 08.04.2012 13:54:58 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 10.04.2012 06:41:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 11.04.2012 14:17:29 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 12.04.2012 04:25:50 | Computer Name = ***** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 13.04.2012 02:51:52 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
Error - 13.04.2012 15:23:11 | Computer Name = ***** | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 13.04.2012 15:23:12 | Computer Name = ***** | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

--- --- ---

Kann ich das System noch retten? ;(

kira · 02.06.2012, 20:41

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.03.15 11:55:12 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.15 11:55:12 | 000,002,344 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.15 11:55:12 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.15 11:55:12 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O4 - HKCU..\Run: [CweWjhjf] F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe ()
O4 - Startup: F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.06.01 17:38:16 | 000,001,124 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000UA.job
[2012.06.01 09:38:03 | 000,001,072 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000Core.job

:Files
F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe
 F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe 
F:\Users\mobile\AppData\Local\ttmkyhao
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

4.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

verwanzt · 02.06.2012, 22:43

Hallo kira,
Danke für deine Hilfsbereitschaft - leider habe ich in der Zwischenzeit schon Antivir einen Komplett-Scan durchführen lassen, Sorry! Ich halte jetzt die Finger still.

Kann ich trotzdem den von dir vorgeschlagenen Weg nehmen, oder ist das so nun nicht mehr möglich?

Folgendes Ergebnis lieferte der Scan:

Code:

ATTFilter

F:\Users\mobile\AppData\Local\Temp\tfculjllhengxcet.exe
  [FUND]      Ist das Trojanische Pferd TR/Ransom.Gimemo.ucd
F:\Users\mobile\AppData\Local\Temp\~!#13C6.tmp
  [FUND]      Ist das Trojanische Pferd TR/Ransom.Gimemo.ucd
F:\Users\mobile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7841db00-4a59d7be
  [0] Archivtyp: ZIP
  --> pera/F.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.BL
  --> pera/pere.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.BM
F:\Users\mobile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c99f0e7-328f5147
  [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.636689.6
F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe
  [FUND]      Ist das Trojanische Pferd TR/Ransom.Gimemo.ucd

Ich habe alles in Quarantäne verschieben lassen.

kira · 03.06.2012, 06:44

nein, die Augaben sollten erledigt werden!

verwanzt · 03.06.2012, 12:51

Hi kira,

1. Fixen mit OTL (meinst du das Text-File?)

Code:

ATTFilter

Files\Folders moved on Reboot...
F:\Users\mobile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

2. Scan Bericht Malwarebytes Anti Malware:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mobile :: **** [Administrator]

03.06.2012 09:52:50
mbam-log-2012-06-03 (09-52-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 643385
Laufzeit: 2 Stunde(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

3. Installierte Software:

Code:

ATTFilter

7-Zip 9.20 (x64 edition)	Igor Pavlov	13.04.2011	4,53MB	9.20.00.0
Acer PowerSmart Manager	Acer Incorporated	30.05.2010		5.02.3000
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	18.08.2011	6,00MB	10.3.183.5
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	20.04.2012	6,00MB	11.2.202.233
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver	Atheros Communications Inc.	28.05.2010		1.0.0.23
Avira AntiVir Personal - Free Antivirus	Avira GmbH	12.02.2012	61,8MB	10.2.0.707
CCleaner	Piriform	22.05.2012		3.19
Cisco Systems VPN Client 5.0.07.0290		28.03.2011	10,6MB	
Dropbox	Dropbox, Inc.	14.03.2012		1.2.52
ECL Viewer	SAP AG	13.10.2010		6.0
FASM version 0.16		21.11.2010		
Foxit Reader	Foxit Software Company	28.05.2010	10,6MB	3.3.1.518
Google Web Toolkit Developer Plugin for IE (x64)	Google	29.06.2011	0,32MB	1.2.9570
Google Web Toolkit Developer Plugin for IE (x86)	Google	03.10.2011	0,26MB	1.2.9570
InfoZoom 4.10	humanIT	20.06.2010	273MB	4.10.07
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	29.05.2010		8.15.10.2057
ISO Recorder	Alex Feinman	16.04.2011	1,63MB	3.1.0
Java(TM) 6 Update 23 (64-bit)	Oracle	20.12.2010	90,9MB	6.0.230
Java(TM) 6 Update 26	Oracle	01.11.2010	95,0MB	6.0.260
Java(TM) SE Development Kit 6 Update 23 (64-bit)	Oracle	20.12.2010	146,3MB	1.6.0.230
Launch Manager	Acer Inc.	30.05.2010		4.0.5
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	02.06.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	29.06.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	29.06.2011	2,94MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	15.09.2011	7,95MB	14.0.5130.5003
Microsoft Office Ultimate 2007	Microsoft Corporation	17.12.2011		12.0.6425.1000
Microsoft Project Professional 2010	Microsoft Corporation	10.11.2011		14.0.6029.1000
Microsoft redistributable runtime DLLs VS2005 SP1(x86)	SAP	13.10.2010	5,72MB	8.0.50727.762
Microsoft Silverlight	Microsoft Corporation	22.02.2012	160,0MB	4.1.10111.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	22.06.2010	0,21MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	13.04.2011	0,77MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	13.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	02.06.2010	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	17.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	28.05.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	0,59MB	9.0.30729.6161
Miranda IM 0.8.24		28.05.2010		
Mozilla Firefox (3.6.28)	Mozilla	11.04.2012		3.6.28 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.10.2010	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	19.10.2010	1,33MB	4.20.9876.0
MSXML4.0 redistributable	SAP	13.10.2010	3,70MB	4.0.0.0
Pidgin		30.05.2010		2.7.0
Protege 4.1	Stanford Center for Biomedical Informatics Research	24.04.2012		1.0.0.0
QIP 2005 8097 Jeak-Edition	jeak.de	17.11.2010	6,74MB	1.0.8097
SAP GUI 7.10	SAP AG	13.10.2010		7.10 Compilation 4
Skype™ 5.0	Skype Technologies S.A.	09.02.2011	15,2MB	5.0.156
SpeedFan (remove only)		01.07.2010		
Streamripper (Remove only)		02.04.2011		
TeX Live 2010		13.04.2011		2010
TeXnicCenter Version 1.0 Stable RC1	TeXnicCenter.org	13.04.2011		Version 1.0 Stable RC1
TortoiseSVN 1.6.12.20536 (64 bit)	TortoiseSVN	23.02.2011	21,8MB	1.6.20536
TrueCrypt	TrueCrypt Foundation	31.12.2010		7.0a
VLC media player 1.1.7	VideoLAN	04.02.2011		1.1.7
VMware Player	VMware, Inc	18.04.2011	391MB	3.1.4.16648		
Winamp	Nullsoft, Inc	02.04.2011		5.61 
Zune	Microsoft Corporation	31.10.2011		04.08.2345.00

4. Der erneute Scan mit OTL ergab folgendes:

Code:

ATTFilter

OTL logfile created on: 03.06.2012 12:12:22 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 43,54% Memory free
7,35 Gb Paging File | 5,10 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,27 Gb Free Space | 30,00% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,40 Gb Free Space | 1,35% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 00:06:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Downloads\OTL.exe
PRC - [2012.04.21 21:18:19 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.03 10:34:37 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 19 EE 8C 95 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
 
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CweWjhjf] F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 12:04:44 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.03 12:04:42 | 000,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2012.06.03 09:50:00 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\Malwarebytes
[2012.06.03 09:49:54 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 09:49:52 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012.06.03 09:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 09:49:51 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.03 09:40:55 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 12:17:02 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 12:04:44 | 000,000,839 | ---- | M] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:50:30 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 09:50:30 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 09:49:54 | 000,001,126 | ---- | M] () -- F:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.03 09:42:57 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012.06.03 09:42:52 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
[2012.06.03 12:04:44 | 000,000,839 | ---- | C] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | C] () -- F:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
 
========== LOP Check ==========
 
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.03 09:44:24 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,028,854 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 03.06.2012 12:12:22 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = F:\Users\mobile\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 43,54% Memory free
7,35 Gb Paging File | 5,10 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,27 Gb Free Space | 30,00% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 0,40 Gb Free Space | 1,35% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
 
Computer Name: *****  | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe | 
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system | 
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe | 
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe | 
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe | 
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe | 
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe | 
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{A8D28D8C-E821-4244-A211-B21645129859}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe | 
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe | 
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe | 
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{AA70EAF8-9121-4766-9733-296BF343D27C}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.05.2012 01:00:56 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 244c    Startzeit: 01cd3e958c5ecfbb    Endzeit: 19    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 01.06.2012 01:18:39 | Computer Name = mobile-*****| Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 20d4    Startzeit: 01cd3f5be755c638    Endzeit: 13    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8193
Description = 
 
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8211
Description = 
 
Error - 02.06.2012 05:03:11 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
 Zeitstempel: 0x4b57c888  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xcc4  Startzeit der fehlerhaften Anwendung: 0x01cd403fe2592958
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: c6a42ad3-ac91-11e1-a993-e2d23d058f2c
 
Error - 02.06.2012 13:30:52 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: fa8    Startzeit: 01cd4044b1a99075    Endzeit: 70    Anwendungspfad: 
F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 02.06.2012 17:21:53 | Computer Name = ***** | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 57c0    Startzeit: 01cd40c3f4a4a3be    Endzeit: 16    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 03.06.2012 03:41:10 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7abf0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000020a4a
ID
 des fehlerhaften Prozesses: 0x218  Startzeit der fehlerhaften Anwendung: 0x01cd403fac206e2a
Pfad
 der fehlerhaften Anwendung: F:\Windows\system32\lsm.exe  Pfad des fehlerhaften Moduls:
 F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7c72c599-ad4f-11e1-a993-e2d23d058f2c
 
Error - 03.06.2012 03:41:15 | Computer Name = ***** | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess F:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 255. Der Computer muss neu gestartet werden.
 
Error - 03.06.2012 03:45:08 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
 Zeitstempel: 0x4b57c888  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xee4  Startzeit der fehlerhaften Anwendung: 0x01cd415ccadcda70
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0a194c7e-ad50-11e1-821e-005056c00008
 
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2010 08:54:41 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 06:35:08 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 82848 seconds with 120 seconds of active time.  This session ended with a
 crash.
 
Error - 24.02.2011 08:16:33 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2011 01:27:56 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.04.2012 03:09:43 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 08.04.2012 13:54:58 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 10.04.2012 06:41:43 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 11.04.2012 14:17:29 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 12.04.2012 04:25:50 | Computer Name = *****  | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.04.2012 02:42:52 | Computer Name = *****  | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.04.2012 02:42:52 | Computer Name = *****  | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 13.04.2012 02:51:52 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
Error - 13.04.2012 15:23:11 | Computer Name = *****  | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 13.04.2012 15:23:12 | Computer Name = *****  | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

kira · 03.06.2012, 16:44

habe übersehen, dass Du OTL falsch installiert hast:

1.
Hast Du OTL falsch installiert:
OTL muss auf dem Desktop gespechert werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Nach installation in der Log-Datei soll etwa so aussehen:

Zitat:

Folder = C:\Users\***\Desktop

2.
die Schritte 1. und 4. bitte nochmal:-> http://www.trojaner-board.de/116259-...tml#post838135

verwanzt · 03.06.2012, 19:04

Ok, da hab ich mich vertan.

Also Schritt 1:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File F:\Users\mobile\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
File F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml not found.
File F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CweWjhjf not found.
File F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe not found.
File F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
File F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000UA.job not found.
File F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-244666757-3947190157-3562518001-1000Core.job not found.
========== FILES ==========
File\Folder F:\Users\mobile\AppData\Local\ttmkyhao\cwewjhjf.exe not found.
File\Folder F:\Users\mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cwewjhjf.exe not found.
File\Folder F:\Users\mobile\AppData\Local\ttmkyhao not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
F:\Users\mobile\Desktop\cmd.bat deleted successfully.
F:\Users\mobile\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mobile
->Temp folder emptied: 445801 bytes
->Temporary Internet Files folder emptied: 2168637 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2655 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,00 mb
 
 
OTL by OldTimer - Version 3.2.46.0 log created on 06032012_192213

Files\Folders moved on Reboot...
F:\Users\mobile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2Z1N9Y6M\ads[2].htm moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2Z1N9Y6M\register[1].htm moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2K9KU7H9\116259-win-ldpinch-db-tr-ransom-gimemo-ucd-anderem-via-drive-by-erhalten[1].htm moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2K9KU7H9\ads[1].htm moved successfully.
F:\Users\mobile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
F:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1796.log moved successfully.
File move failed. F:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot

Schritt 4:

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 03.06.2012 19:38:40 - Run 3
OTL by OldTimer - Version 3.2.46.0     Folder = F:\Users\mobile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 68,55% Memory free
7,35 Gb Paging File | 6,01 Gb Available in Paging File | 81,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,09 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 1,68 Gb Free Space | 5,72% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
 
Computer Name: *****  | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.03 19:21:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
PRC - [2012.04.21 21:18:19 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.03 10:34:37 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 19 EE 8C 95 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
 
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.02 00:03:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 19:21:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
[2012.06.03 12:04:44 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.03 12:04:42 | 000,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2012.06.03 09:50:00 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\Malwarebytes
[2012.06.03 09:49:54 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 09:49:52 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012.06.03 09:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 09:49:51 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.03 09:40:55 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 19:31:53 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 19:31:53 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 19:24:20 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2012.06.03 19:24:15 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.03 19:21:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
[2012.06.03 19:17:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 12:04:44 | 000,000,839 | ---- | M] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | M] () -- F:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
[2012.06.03 12:04:44 | 000,000,839 | ---- | C] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | C] () -- F:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
 
========== LOP Check ==========
 
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.03 19:34:11 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,029,610 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

und Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 03.06.2012 19:38:40 - Run 3
OTL by OldTimer - Version 3.2.46.0     Folder = F:\Users\mobile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 68,55% Memory free
7,35 Gb Paging File | 6,01 Gb Available in Paging File | 81,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 43,09 Gb Free Space | 29,87% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 1,68 Gb Free Space | 5,72% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,34 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe | 
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system | 
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe | 
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe | 
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe | 
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe | 
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe | 
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{A8D28D8C-E821-4244-A211-B21645129859}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe | 
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe | 
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe | 
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{AA70EAF8-9121-4766-9733-296BF343D27C}F:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2012 05:11:47 | Computer Name = ***** | Source = System Restore | ID = 8193
Description = 
 
Error - 01.06.2012 05:11:47 | Computer Name = *****  | Source = System Restore | ID = 8211
Description = 
 
Error - 02.06.2012 05:03:11 | Computer Name = *****  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
 Zeitstempel: 0x4b57c888  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xcc4  Startzeit der fehlerhaften Anwendung: 0x01cd403fe2592958
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: c6a42ad3-ac91-11e1-a993-e2d23d058f2c
 
Error - 02.06.2012 13:30:52 | Computer Name = *****  | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: fa8    Startzeit: 01cd4044b1a99075    Endzeit: 70    Anwendungspfad: 
F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 02.06.2012 17:21:53 | Computer Name = *****  | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 57c0    Startzeit: 01cd40c3f4a4a3be    Endzeit: 16    Anwendungspfad:
 F:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 03.06.2012 03:41:10 | Computer Name = *****  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7abf0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000020a4a
ID
 des fehlerhaften Prozesses: 0x218  Startzeit der fehlerhaften Anwendung: 0x01cd403fac206e2a
Pfad
 der fehlerhaften Anwendung: F:\Windows\system32\lsm.exe  Pfad des fehlerhaften Moduls:
 F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 7c72c599-ad4f-11e1-a993-e2d23d058f2c
 
Error - 03.06.2012 03:41:15 | Computer Name = ***** | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess F:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 255. Der Computer muss neu gestartet werden.
 
Error - 03.06.2012 03:45:08 | Computer Name = *****  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ePowerTray.exe, Version: 5.2.3000.0,
 Zeitstempel: 0x4b57c888  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0xee4  Startzeit der fehlerhaften Anwendung: 0x01cd415ccadcda70
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0a194c7e-ad50-11e1-821e-005056c00008
 
Error - 03.06.2012 12:53:26 | Computer Name = *****  | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: lsm.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7abf0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000020a4a
ID
 des fehlerhaften Prozesses: 0x218  Startzeit der fehlerhaften Anwendung: 0x01cd415c7db206e8
Pfad
 der fehlerhaften Anwendung: F:\Windows\system32\lsm.exe  Pfad des fehlerhaften Moduls:
 F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a29456da-ad9c-11e1-821e-d065d091096e
 
Error - 03.06.2012 12:53:28 | Computer Name = *****  | Source = Wininit | ID = 1015
Description = Ein kritischer Systemprozess F:\Windows\system32\lsm.exe ist fehlgeschlagen
 mit den Statuscode 255. Der Computer muss neu gestartet werden.
 
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2010 08:54:41 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 06:35:08 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 82848 seconds with 120 seconds of active time.  This session ended with a
 crash.
 
Error - 24.02.2011 08:16:33 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2011 01:27:56 | Computer Name = *****  | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 07.04.2012 03:09:43 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 08.04.2012 13:54:58 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 10.04.2012 06:41:43 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 11.04.2012 14:17:29 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 12.04.2012 04:25:50 | Computer Name = *****  | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.04.2012 02:42:52 | Computer Name = *****  | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.04.2012 02:42:52 | Computer Name = *****  | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 13.04.2012 02:51:52 | Computer Name = *****  | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
Error - 13.04.2012 15:23:11 | Computer Name = *****  | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 13.04.2012 15:23:12 | Computer Name = *****  | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

kira · 04.06.2012, 07:00

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

3.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

4.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

5.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

verwanzt · 04.06.2012, 16:52

Hi Kira,

1. Ergab:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
F:\Users\mobile\Desktop\cmd.bat deleted successfully.
F:\Users\mobile\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mobile
->Temp folder emptied: 429417 bytes
->Temporary Internet Files folder emptied: 78437058 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69961469 bytes
->Flash cache emptied: 1233 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6025 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 142,00 mb
 
 
OTL by OldTimer - Version 3.2.46.0 log created on 06042012_170121

Files\Folders moved on Reboot...
F:\Users\mobile\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
F:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1792.log moved successfully.
File move failed. F:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Java lässt sich nicht installieren. Offline Installation: "Beim Erstellen der für die Installation erforderlichen temporären Datei ist ein Fehler aufgetreten".

kira · 06.06.2012, 04:39

was passiert wenn Du über "Java aktualisieren- über Systemsteuerung-> Nach Update suchen..." erledigst?
ansonsten mach bitte zunächst weiter

verwanzt · 15.06.2012, 08:46

Hi Kira,

in diesem Fall fehlt der Update Tab. (Auch schon über CMD als Admin versucht...). Auch das Automatische Update scheitert.

Davon abgesehen treten eigentlich keine Probleme auf. Seit einiger Zeit kommt es zum Teil dazu, dass beim Abspielen von Streams wie Youtube oder der ÖR Mediatheken das System zwischendurch mal für ca. 30 Sekunden hängt. Liegt aber möglicherweise am WLan oder dem Flash Plugin.

5. SUPERAntiSpyware Scan

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/07/2012 at 01:56 PM

Application Version : 5.0.1150

Core Rules Database Version : 8693
Trace Rules Database Version: 6505

Scan type       : Complete Scan
Total Scan Time : 02:17:56

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 528
Memory threats detected   : 0
Registry items scanned    : 67860
Registry threats detected : 0
File items scanned        : 118649
File threats detected     : 33

Adware.Tracking Cookie
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\A92S2GF0.txt [ Cookie:mobile@tradedoubler.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\JR9PN4I9.txt [ Cookie:mobile@doubleclick.net/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\BVRDD34T.txt [ Cookie:mobile@ad3.adfarm1.adition.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERCQ5I9L.txt [ Cookie:mobile@questionmarket.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\B5MUKS9C.txt [ Cookie:mobile@tracking.quisma.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CO744XBB.txt [ Cookie:mobile@adfarm1.adition.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8H3XG3B5.txt [ Cookie:mobile@revsci.net/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4THYLUPD.txt [ Cookie:mobile@ad.dyntracker.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SCR5XZPB.txt [ Cookie:mobile@ad.dyntracker.de/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2DGFFAKI.txt [ Cookie:mobile@atdmt.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\M9VCDZN0.txt [ Cookie:mobile@webmasterplan.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBZD2FJ3.txt [ Cookie:mobile@zanox.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\JXW66728.txt [ Cookie:mobile@adform.net/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\LRK3BEWJ.txt [ Cookie:mobile@ad1.adfarm1.adition.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\S4GOIAW6.txt [ Cookie:mobile@zanox-affiliate.de/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WQJZZSFK.txt [ Cookie:mobile@ad.zanox.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\O234VNB3.txt [ Cookie:mobile@serving-sys.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\S02ES2D9.txt [ Cookie:mobile@counter.hitslink.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\URNBYJVA.txt [ Cookie:mobile@ad4.adfarm1.adition.com/ ]
	F:\USERS\MOBILE\AppData\Roaming\Microsoft\Windows\Cookies\Low\XE2XB03C.txt [ Cookie:mobile@track.adform.net/ ]
	.doubleclick.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	.microsoftsto.112.2o7.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]
	www.active-tracking.de [ F:\USERS\MOBILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O8P7EJ6X.DEFAULT\COOKIES.SQLITE ]

8.erneut einen Scan mit OTL

Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 12.06.2012 21:17:08 - Run 4
OTL by OldTimer - Version 3.2.46.0     Folder = F:\Users\mobile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,03% Memory free
7,35 Gb Paging File | 4,97 Gb Available in Paging File | 67,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 40,77 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 8,75 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 1,09 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,32 Gb Free Space | 2,29% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- F:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "F:\Windows\System32\rundll32.exe" "F:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "F:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08107AE2-6C4A-4685-8CA3-5870F581C6C9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0F44C468-8426-4E63-AE4A-CC399C86D241}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F567F06-BA35-40BA-B630-9EA4846E3DDB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\outlook.exe | 
"{2803B4EB-9494-4A41-BC3B-DBCE94FFD8AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3714E0F3-C1D3-487B-803E-C23DCC7D14D4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3732F1D9-5426-48A9-B42D-9C0520C80E21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A516AE2-6A0A-4340-A9F4-C74BE55D64F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3FF707DF-CF5F-443E-ACE0-46B23B6221EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{46FDC923-4DEA-4185-9802-A72D2E6BDB61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A4AD361-DCF5-4CAF-A7BB-4FAD2C0D2C69}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8030830F-3356-4553-A19B-EA48CA9C4FAE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8334A3A2-A44F-4975-9E16-8082F72F9484}" = rport=139 | protocol=6 | dir=out | app=system | 
"{98992D2B-5713-42C0-A1F3-6D54C9154D49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A1B6E8AF-9DF7-47B7-8F9D-EE9D9B54F429}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB00ECBE-9834-4AB7-B23A-CAA05C57098E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B010D33F-CA07-4116-B668-04E75B5D8B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B038BAAC-173A-4BE4-AAAF-DD774AD29033}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D168F71B-C31A-4B69-9D77-1AC31CF7174F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4720449-8E88-40A0-BCB3-85DFAC8771CA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E77E9C0C-683C-4506-8CB0-3B618BE4CF47}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F2B36BEE-7A44-4F16-B14E-A49760F2A3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F553D608-510E-4DB4-ABD3-BA25CCB4899C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEDB49DA-D3FD-4526-9994-09A529D6BB9A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{102B2FC3-7E47-4594-9AD9-47545BE89357}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2E348EC0-5D11-4832-B42B-57BF3BB01916}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{50F05203-938C-4B40-96FC-AF013A378988}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{5EABC6EB-C039-4B61-A8E6-C104D1673CFC}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe | 
"{65422950-BC13-48F0-A8EB-9C233BBD5F0C}" = protocol=17 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe | 
"{66BB5243-F9C4-42B1-86E1-A6F3E7A22758}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6EFD23B0-3A60-48CA-B554-276471BB431F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{81F39932-7E72-47CF-BAE5-89E6C1D98685}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe | 
"{9DB14E23-E179-40DC-9338-AF38D965A750}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe | 
"{A7A5BC7D-6862-4E1D-B1CF-391B6C464A3F}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AB082FF8-4ED6-4DFA-858C-DF629EF971E3}" = protocol=6 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{AD69D563-6D24-4C38-BDB9-50E61E8CAC41}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\onenote.exe | 
"{AFD29611-84D4-41F3-9864-D6B0FC4D461F}" = protocol=6 | dir=in | app=f:\users\mobile\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B3CFC50E-6CBA-40C1-A50E-D70EF2D66730}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office12\groove.exe | 
"{B8909E9B-9A73-42FD-9D06-C5ECA10B75BF}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{EC219A88-91F5-4374-8BB0-95996A578393}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE0651A9-35AD-4525-A39C-1647877B546D}" = protocol=17 | dir=in | app=f:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{F914C9A9-23C7-4141-B9EC-09C9ECA0A2B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{209F4E90-9067-4ABA-8694-C3297976B651}F:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=f:\windows\system32\javaw.exe | 
"TCP Query User{3583AC51-D108-4635-B0BC-6F56E5ED8F4C}F:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{81F0B50F-1B02-4808-9711-1FBE32650D65}F:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{AA9096BB-0634-4D4E-8517-D84E0550C713}F:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=f:\windows\syswow64\svchost.exe | 
"TCP Query User{CA81D9CA-7BF0-4339-B668-F61AC3847DBC}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{FB66BE99-85DB-4ABC-AD28-4199C857517C}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=6 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{09989FB6-235F-43CA-B118-698D77FB303E}F:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=f:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{1F37F3E4-F26F-4BB0-A00D-F90623E8DF57}F:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=f:\windows\system32\javaw.exe | 
"UDP Query User{5C7A66DD-3303-4F4D-AA4C-C470BC2A869A}F:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=f:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{5DC904CF-4D6C-42D3-B837-0472F0EF099F}F:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=f:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{81386AA6-3847-4717-ABD8-2630E22642C5}F:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe" = protocol=17 | dir=in | app=f:\users\mobile\desktop\tools\teamviewer portableordner\teamviewer.exe | 
"UDP Query User{F6F596D7-1970-49AE-BA61-4177F627F4CD}F:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=f:\windows\syswow64\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}" = ISO Recorder
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7C8A7076-3266-480B-9944-B86EBD7BF589}" = Google Web Toolkit Developer Plugin for IE (x64)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Protege 4.1" = Protege 4.1
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0402D28F-B9B7-4983-93FC-DBF673736D3F}" = Google Web Toolkit Developer Plugin for IE (x86)
"{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F77D1207-7FA7-4FDC-BF7B-D08395AA9722}" = QIP 2005 8097 Jeak-Edition
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FASM_is1" = FASM version 0.16
"Foxit Reader" = Foxit Reader
"InstallShield_{0B92F7F1-8089-4670-9EB6-9DAA25163FB0}" = InfoZoom 4.10
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Miranda IM" = Miranda IM 0.8.24
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Pidgin" = Pidgin
"SAP_ECL" = ECL Viewer
"SAPGUI710" = SAP GUI 7.10
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 1.1.7
"VMware_Player" = VMware Player
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"TeXLive2010" = TeX Live 2010
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2012 14:37:34 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:37:37 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:37:45 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:37:47 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:38:13 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:38:33 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:38:35 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:42:33 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:42:36 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
Error - 12.06.2012 14:42:38 | Computer Name = ***** | Source = MsiInstaller | ID = 11711
Description = 
 
[ OSession Events ]
Error - 19.06.2010 08:43:59 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 984
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2010 08:54:41 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 629
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 02.12.2010 06:35:08 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 82848 seconds with 120 seconds of active time.  This session ended with a
 crash.
 
Error - 24.02.2011 08:16:33 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2011 01:27:56 | Computer Name = ***** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 44285
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.04.2012 03:27:38 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 06.04.2012 12:01:42 | Computer Name = ***** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 07.04.2012 03:09:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 08.04.2012 13:54:58 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 10.04.2012 06:41:43 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 11.04.2012 14:17:29 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
 XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
 Server 2008 R2 für x64-basierte Systeme (KB2600217)
 
Error - 12.04.2012 04:25:50 | Computer Name = ***** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "F:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 13.04.2012 02:42:52 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 13.04.2012 02:51:52 | Computer Name = ***** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
 2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
 
 
< End of report >

OTL.txt

Code:

ATTFilter

OTL logfile created on: 12.06.2012 21:17:08 - Run 4
OTL by OldTimer - Version 3.2.46.0     Folder = F:\Users\mobile\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 61,03% Memory free
7,35 Gb Paging File | 4,97 Gb Available in Paging File | 67,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 144,26 Gb Total Space | 40,77 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 8,75 Gb Free Space | 8,96% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 1,09 Gb Free Space | 3,72% Space Free | Partition Type: NTFS
Drive H: | 14,08 Gb Total Space | 0,32 Gb Free Space | 2,29% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.03 19:21:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- F:\Users\mobile\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.21 21:18:19 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 23:26:58 | 000,064,112 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2011.03.25 22:31:52 | 000,010,240 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\VMware\VMware Player\vprintproxy.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.01.01 12:03:49 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- F:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2010.11.03 10:34:37 | 000,281,768 | ---- | M] (Avira GmbH) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.02.25 22:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.25 22:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- F:\Program Files (x86)\Launch Manager\LMworker.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.25 23:26:48 | 000,970,352 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2011.03.25 23:26:18 | 000,068,720 | ---- | M] () -- F:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2009.05.20 14:02:04 | 000,072,200 | ---- | M] () -- F:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 21:18:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.08.05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.30 12:26:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 13:50:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 23:26:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:26:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:26:16 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 22:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- F:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.20 19:26:20 | 000,819,232 | ---- | M] (Acer Incorporated) [Auto | Running] -- F:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- F:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.30 12:26:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 12:26:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- F:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.25 23:27:36 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:27:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:25:46 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:25:34 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.01 12:03:50 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.25 17:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.08 03:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.01.06 21:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.22 09:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- F:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- F:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 F8 63 C1 CB 48 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROJEC~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROJEC~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 20:05:23 | 000,000,000 | ---D | M]
 
[2010.05.29 20:04:45 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Extensions
[2012.06.09 15:11:22 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions
[2011.07.28 11:32:20 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.04.10 12:46:05 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2012.06.09 15:11:22 | 000,000,000 | ---D | M] (Google Web Toolkit Developer Plugin for Firefox) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\gwt-dev-plugin@google.com
[2011.02.22 11:45:22 | 000,000,000 | ---D | M] (Read It Later) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\isreaditlater@ideashower.com
[2012.04.10 12:46:03 | 000,000,000 | ---D | M] (No name found) -- F:\Users\mobile\AppData\Roaming\mozilla\Firefox\Profiles\o8p7ej6x.default\extensions\staged-xpis
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 11:10:06 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 12:51:47 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 18:53:08 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 10:30:27 | 000,000,000 | ---D | M] (Java Console) -- F:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.29 20:19:37 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.03.15 11:55:12 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Project Professional\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] F:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] F:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] F:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] F:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] F:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] F:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [VMware hqtray] F:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] F:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] F:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83E09DA1-FD56-48FF-8CB9-163A8BA269D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\SAPGUI\GUI\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - F:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - F:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 20:13:10 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.06 20:09:19 | 000,000,000 | ---D | C] -- F:\ProgramData\SUPERAntiSpyware.com
[2012.06.06 20:09:19 | 000,000,000 | ---D | C] -- F:\Program Files\SUPERAntiSpyware
[2012.06.04 17:28:45 | 000,892,360 | ---- | C] (Oracle Corporation) -- F:\Users\mobile\Desktop\JavaSetup7u4.exe
[2012.06.04 17:18:55 | 021,053,392 | ---- | C] (Oracle Corporation) -- F:\Users\mobile\Desktop\jre-7u4-windows-i586.exe
[2012.06.03 19:21:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
[2012.06.03 12:04:44 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.06.03 12:04:42 | 000,000,000 | ---D | C] -- F:\Program Files\CCleaner
[2012.06.03 09:50:00 | 000,000,000 | ---D | C] -- F:\Users\mobile\AppData\Roaming\Malwarebytes
[2012.06.03 09:49:54 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 09:49:52 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2012.06.03 09:49:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 09:49:51 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.03 09:40:55 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.10.14 16:10:28 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- F:\Program Files (x86)\Common Files\sapxlhelper.dll
[2010.10.14 16:10:27 | 000,626,688 | ---- | C] (SAP AG) -- F:\Program Files (x86)\Common Files\sapconsaccess.dll
[2010.10.14 16:10:27 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- F:\Program Files (x86)\Common Files\sapconsr3.dll
[2010.10.14 16:10:26 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- F:\Program Files (x86)\Common Files\DigitalSignature.ocx
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.12 21:17:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.12 18:14:13 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat[2012.06.10 10:36:32 | 000,000,999 | ---- | M] () -- F:\Users\mobile\Desktop\Dropbox.lnk
[2012.06.07 08:02:44 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 08:02:44 | 000,014,752 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.06 20:09:23 | 000,001,825 | ---- | M] () -- F:\Users\mobile\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.06 19:58:32 | 2960,523,264 | -HS- | M] () -- F:\hiberfil.sys
[2012.06.06 19:50:05 | 000,456,562 | ---- | M] () -- F:\Users\mobile\Desktop\cc_20120606_194931.reg
[2012.06.04 17:28:45 | 000,892,360 | ---- | M] (Oracle Corporation) -- F:\Users\mobile\Desktop\JavaSetup7u4.exe
[2012.06.04 17:18:55 | 021,053,392 | ---- | M] (Oracle Corporation) -- F:\Users\mobile\Desktop\jre-7u4-windows-i586.exe
[2012.06.03 19:21:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\Users\mobile\Desktop\OTL.exe
[2012.06.03 12:04:44 | 000,000,839 | ---- | M] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | M] () -- F:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | M] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:54:37 | 000,036,243 | ---- | M] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:03 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2012.06.01 23:27:59 | 000,050,477 | ---- | M] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 18:03:59 | 000,002,048 | -H-- | M] () -- F:\Users\mobile\Documents\Default.rdp
 
========== Files Created - No Company Name ==========
 
[2012.06.06 20:09:23 | 000,001,825 | ---- | C] () -- F:\Users\mobile\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.06 19:49:33 | 000,456,562 | ---- | C] () -- F:\Users\mobile\Desktop\cc_20120606_194931.reg
[2012.06.03 12:04:44 | 000,000,839 | ---- | C] () -- F:\Users\Public\Desktop\CCleaner.lnk
[2012.06.03 09:49:54 | 000,001,126 | ---- | C] () -- F:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 00:08:06 | 000,000,000 | ---- | C] () -- F:\Users\mobile\defogger_reenable
[2012.06.01 23:55:57 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe
[2012.06.01 23:54:43 | 000,036,243 | ---- | C] () -- F:\Users\mobile\Desktop\85104-otl-otlogfile-by-oldtimer.htm.iyk46dy.partial
[2012.06.01 23:54:13 | 000,050,477 | ---- | C] () -- F:\Users\mobile\Desktop\Defogger.exe.ccz0wnt.partial
[2011.11.01 15:07:47 | 000,003,584 | ---- | C] () -- F:\Users\mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.14 16:10:27 | 000,955,904 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL.xlt
[2010.10.14 16:10:27 | 000,949,760 | ---- | C] () -- F:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
[2010.10.14 16:09:31 | 001,064,960 | ---- | C] () -- F:\Windows\SysWow64\h5krnl32.dll
[2010.10.14 16:09:31 | 000,188,928 | ---- | C] () -- F:\Windows\SysWow64\h5icon32.dll
[2010.10.14 16:09:31 | 000,175,616 | ---- | C] () -- F:\Windows\SysWow64\h5menu32.dll
[2010.10.14 16:09:31 | 000,095,744 | ---- | C] () -- F:\Windows\SysWow64\h5rtf32.dll
[2010.10.14 16:09:31 | 000,051,200 | ---- | C] () -- F:\Windows\SysWow64\h5tool32.dll
 
========== LOP Check ==========
 
[2011.02.17 21:56:13 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\.purple
[2012.04.26 11:09:10 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Canon
[2012.06.10 10:50:43 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Dropbox
[2010.05.31 18:53:22 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\enchant
[2010.07.14 19:43:54 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Foxit Software
[2010.11.11 14:05:05 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\gtk-2.0
[2011.04.03 18:14:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\streamripper
[2011.02.24 14:13:31 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\Subversion
[2011.10.18 17:14:33 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TeamViewer
[2011.01.01 12:05:56 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TrueCrypt
[2010.06.03 15:59:14 | 000,000,000 | ---D | M] -- F:\Users\mobile\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,030,114 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

kira · 15.06.2012, 09:09

TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.
Falls etwas findet in der Quarantäne verschieben!

► Hast Du ein Win7-CD?

verwanzt · 15.06.2012, 11:19

Eine Win7-CD habe ich leider nicht. (OEM und AA Lizensierung). Rechner hat auch kein optisches Laufwerk.

Keine Funde durch TDSSKiller.

Code:

ATTFilter

12:03:16.0274 5000	TDSS rootkit removing tool 2.7.39.0 Jun 14 2012 08:11:46
12:03:16.0430 5000	============================================================
12:03:16.0430 5000	Current date / time: 2012/06/15 12:03:16.0430
12:03:16.0430 5000	SystemInfo:
12:03:16.0430 5000	
12:03:16.0430 5000	OS Version: 6.1.7601 ServicePack: 1.0
12:03:16.0430 5000	Product type: Workstation
12:03:16.0430 5000	ComputerName: *****
12:03:16.0430 5000	UserName: mobile
12:03:16.0430 5000	Windows directory: F:\Windows
12:03:16.0430 5000	System windows directory: F:\Windows
12:03:16.0430 5000	Running under WOW64
12:03:16.0430 5000	Processor architecture: Intel x64
12:03:16.0430 5000	Number of processors: 4
12:03:16.0430 5000	Page size: 0x1000
12:03:16.0430 5000	Boot type: Normal boot
12:03:16.0430 5000	============================================================
12:03:18.0161 5000	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:03:18.0161 5000	============================================================
12:03:18.0161 5000	\Device\Harddisk0\DR0:
12:03:18.0161 5000	MBR partitions:
12:03:18.0161 5000	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
12:03:18.0161 5000	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x120852B0
12:03:18.0193 5000	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13A1C800, BlocksNum 0x3A98000
12:03:18.0193 5000	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x174B5000, BlocksNum 0xC350000
12:03:18.0224 5000	\Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x23805800, BlocksNum 0x1C28800
12:03:18.0224 5000	============================================================
12:03:18.0255 5000	C: <-> \Device\Harddisk0\DR0\Partition1
12:03:18.0302 5000	F: <-> \Device\Harddisk0\DR0\Partition2
12:03:18.0380 5000	H: <-> \Device\Harddisk0\DR0\Partition4
12:03:18.0380 5000	============================================================
12:03:18.0380 5000	Initialize success
12:03:18.0380 5000	============================================================
12:03:38.0488 5100	============================================================
12:03:38.0488 5100	Scan started
12:03:38.0488 5100	Mode: Manual; 
12:03:38.0488 5100	============================================================
12:03:42.0295 5100	!SASCORE        (7d9d615201a483d6fa99491c2e655a5a) F:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:03:42.0295 5100	!SASCORE - ok
12:03:42.0497 5100	1394ohci        (a87d604aea360176311474c87a63bb88) F:\Windows\system32\drivers\1394ohci.sys
12:03:42.0497 5100	1394ohci - ok
12:03:42.0560 5100	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) F:\Windows\system32\drivers\ACPI.sys
12:03:42.0575 5100	ACPI - ok
12:03:42.0622 5100	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) F:\Windows\system32\drivers\acpipmi.sys
12:03:42.0622 5100	AcpiPmi - ok
12:03:42.0700 5100	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) F:\Windows\system32\DRIVERS\adp94xx.sys
12:03:42.0716 5100	adp94xx - ok
12:03:42.0747 5100	adpahci         (597f78224ee9224ea1a13d6350ced962) F:\Windows\system32\DRIVERS\adpahci.sys
12:03:42.0747 5100	adpahci - ok
12:03:42.0778 5100	adpu320         (e109549c90f62fb570b9540c4b148e54) F:\Windows\system32\DRIVERS\adpu320.sys
12:03:42.0794 5100	adpu320 - ok
12:03:42.0841 5100	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) F:\Windows\System32\aelupsvc.dll
12:03:42.0841 5100	AeLookupSvc - ok
12:03:42.0903 5100	AFD             (1c7857b62de5994a75b054a9fd4c3825) F:\Windows\system32\drivers\afd.sys
12:03:42.0919 5100	AFD - ok
12:03:42.0965 5100	agp440          (608c14dba7299d8cb6ed035a68a15799) F:\Windows\system32\drivers\agp440.sys
12:03:42.0965 5100	agp440 - ok
12:03:42.0981 5100	ALG             (3290d6946b5e30e70414990574883ddb) F:\Windows\System32\alg.exe
12:03:42.0981 5100	ALG - ok
12:03:43.0012 5100	aliide          (5812713a477a3ad7363c7438ca2ee038) F:\Windows\system32\drivers\aliide.sys
12:03:43.0012 5100	aliide - ok
12:03:43.0028 5100	amdide          (1ff8b4431c353ce385c875f194924c0c) F:\Windows\system32\drivers\amdide.sys
12:03:43.0028 5100	amdide - ok
12:03:43.0075 5100	AmdK8           (7024f087cff1833a806193ef9d22cda9) F:\Windows\system32\DRIVERS\amdk8.sys
12:03:43.0075 5100	AmdK8 - ok
12:03:43.0090 5100	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) F:\Windows\system32\DRIVERS\amdppm.sys
12:03:43.0090 5100	AmdPPM - ok
12:03:43.0137 5100	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) F:\Windows\system32\drivers\amdsata.sys
12:03:43.0137 5100	amdsata - ok
12:03:43.0184 5100	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) F:\Windows\system32\DRIVERS\amdsbs.sys
12:03:43.0184 5100	amdsbs - ok
12:03:43.0215 5100	amdxata         (540daf1cea6094886d72126fd7c33048) F:\Windows\system32\drivers\amdxata.sys
12:03:43.0215 5100	amdxata - ok
12:03:43.0480 5100	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:03:43.0480 5100	AntiVirSchedulerService - ok
12:03:43.0527 5100	AntiVirService  (72d90e56563165984224493069c69ed4) F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:03:43.0527 5100	AntiVirService - ok
12:03:43.0574 5100	AppID           (89a69c3f2f319b43379399547526d952) F:\Windows\system32\drivers\appid.sys
12:03:43.0574 5100	AppID - ok
12:03:43.0605 5100	AppIDSvc        (0bc381a15355a3982216f7172f545de1) F:\Windows\System32\appidsvc.dll
12:03:43.0605 5100	AppIDSvc - ok
12:03:43.0652 5100	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) F:\Windows\System32\appinfo.dll
12:03:43.0667 5100	Appinfo - ok
12:03:43.0714 5100	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) F:\Windows\System32\appmgmts.dll
12:03:43.0714 5100	AppMgmt - ok
12:03:43.0745 5100	arc             (c484f8ceb1717c540242531db7845c4e) F:\Windows\system32\DRIVERS\arc.sys
12:03:43.0761 5100	arc - ok
12:03:43.0761 5100	arcsas          (019af6924aefe7839f61c830227fe79c) F:\Windows\system32\DRIVERS\arcsas.sys
12:03:43.0761 5100	arcsas - ok
12:03:43.0808 5100	AsyncMac        (769765ce2cc62867468cea93969b2242) F:\Windows\system32\DRIVERS\asyncmac.sys
12:03:43.0808 5100	AsyncMac - ok
12:03:43.0839 5100	atapi           (02062c0b390b7729edc9e69c680a6f3c) F:\Windows\system32\drivers\atapi.sys
12:03:43.0839 5100	atapi - ok
12:03:43.0995 5100	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) F:\Windows\system32\DRIVERS\athrx.sys
12:03:44.0057 5100	athr - ok
12:03:44.0260 5100	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) F:\Windows\System32\Audiosrv.dll
12:03:44.0276 5100	AudioEndpointBuilder - ok
12:03:44.0291 5100	AudioSrv        (f23fef6d569fce88671949894a8becf1) F:\Windows\System32\Audiosrv.dll
12:03:44.0291 5100	AudioSrv - ok
12:03:44.0354 5100	avgntflt        (b1224e6b086cd6548315b04ab575a23e) F:\Windows\system32\DRIVERS\avgntflt.sys
12:03:44.0369 5100	avgntflt - ok
12:03:44.0385 5100	avipbb          (ed45f12cfa62b83765c9c1496758cc87) F:\Windows\system32\DRIVERS\avipbb.sys
12:03:44.0385 5100	avipbb - ok
12:03:44.0447 5100	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) F:\Windows\System32\AxInstSV.dll
12:03:44.0447 5100	AxInstSV - ok
12:03:44.0525 5100	b06bdrv         (3e5b191307609f7514148c6832bb0842) F:\Windows\system32\DRIVERS\bxvbda.sys
12:03:44.0572 5100	b06bdrv - ok
12:03:44.0635 5100	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) F:\Windows\system32\DRIVERS\b57nd60a.sys
12:03:44.0635 5100	b57nd60a - ok
12:03:44.0697 5100	BDESVC          (fde360167101b4e45a96f939f388aeb0) F:\Windows\System32\bdesvc.dll
12:03:44.0697 5100	BDESVC - ok
12:03:44.0713 5100	Beep            (16a47ce2decc9b099349a5f840654746) F:\Windows\system32\drivers\Beep.sys
12:03:44.0713 5100	Beep - ok
12:03:44.0806 5100	BFE             (82974d6a2fd19445cc5171fc378668a4) F:\Windows\System32\bfe.dll
12:03:44.0822 5100	BFE - ok
12:03:44.0900 5100	BITS            (1ea7969e3271cbc59e1730697dc74682) F:\Windows\System32\qmgr.dll
12:03:44.0915 5100	BITS - ok
12:03:44.0962 5100	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) F:\Windows\system32\DRIVERS\blbdrive.sys
12:03:44.0978 5100	blbdrive - ok
12:03:44.0993 5100	bowser          (6c02a83164f5cc0a262f4199f0871cf5) F:\Windows\system32\DRIVERS\bowser.sys
12:03:45.0009 5100	bowser - ok
12:03:45.0040 5100	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) F:\Windows\system32\DRIVERS\BrFiltLo.sys
12:03:45.0040 5100	BrFiltLo - ok
12:03:45.0056 5100	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) F:\Windows\system32\DRIVERS\BrFiltUp.sys
12:03:45.0056 5100	BrFiltUp - ok
12:03:45.0087 5100	Browser         (8ef0d5c41ec907751b8429162b1239ed) F:\Windows\System32\browser.dll
12:03:45.0087 5100	Browser - ok
12:03:45.0118 5100	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) F:\Windows\System32\Drivers\Brserid.sys
12:03:45.0134 5100	Brserid - ok
12:03:45.0134 5100	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) F:\Windows\System32\Drivers\BrSerWdm.sys
12:03:45.0149 5100	BrSerWdm - ok
12:03:45.0165 5100	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) F:\Windows\System32\Drivers\BrUsbMdm.sys
12:03:45.0165 5100	BrUsbMdm - ok
12:03:45.0181 5100	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) F:\Windows\System32\Drivers\BrUsbSer.sys
12:03:45.0181 5100	BrUsbSer - ok
12:03:45.0227 5100	BthEnum         (cf98190a94f62e405c8cb255018b2315) F:\Windows\system32\DRIVERS\BthEnum.sys
12:03:45.0227 5100	BthEnum - ok
12:03:45.0243 5100	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) F:\Windows\system32\DRIVERS\bthmodem.sys
12:03:45.0243 5100	BTHMODEM - ok
12:03:45.0305 5100	BthPan          (02dd601b708dd0667e1331fa8518e9ff) F:\Windows\system32\DRIVERS\bthpan.sys
12:03:45.0305 5100	BthPan - ok
12:03:45.0368 5100	BTHPORT         (64c198198501f7560ee41d8d1efa7952) F:\Windows\System32\Drivers\BTHport.sys
12:03:45.0383 5100	BTHPORT - ok
12:03:45.0446 5100	bthserv         (95f9c2976059462cbbf227f7aab10de9) F:\Windows\system32\bthserv.dll
12:03:45.0446 5100	bthserv - ok
12:03:45.0477 5100	BTHUSB          (f188b7394d81010767b6df3178519a37) F:\Windows\System32\Drivers\BTHUSB.sys
12:03:45.0477 5100	BTHUSB - ok
12:03:45.0524 5100	cdfs            (b8bd2bb284668c84865658c77574381a) F:\Windows\system32\DRIVERS\cdfs.sys
12:03:45.0524 5100	cdfs - ok
12:03:45.0571 5100	cdrom           (f036ce71586e93d94dab220d7bdf4416) F:\Windows\system32\drivers\cdrom.sys
12:03:45.0586 5100	cdrom - ok
12:03:45.0617 5100	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) F:\Windows\System32\certprop.dll
12:03:45.0617 5100	CertPropSvc - ok
12:03:45.0633 5100	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) F:\Windows\system32\DRIVERS\circlass.sys
12:03:45.0633 5100	circlass - ok
12:03:45.0695 5100	CLFS            (fe1ec06f2253f691fe36217c592a0206) F:\Windows\system32\CLFS.sys
12:03:45.0695 5100	CLFS - ok
12:03:45.0789 5100	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:03:45.0789 5100	clr_optimization_v2.0.50727_32 - ok
12:03:45.0836 5100	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) F:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:03:45.0836 5100	clr_optimization_v2.0.50727_64 - ok
12:03:45.0929 5100	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:03:45.0929 5100	clr_optimization_v4.0.30319_32 - ok
12:03:45.0961 5100	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:03:45.0961 5100	clr_optimization_v4.0.30319_64 - ok
12:03:45.0992 5100	CmBatt          (0840155d0bddf1190f84a663c284bd33) F:\Windows\system32\DRIVERS\CmBatt.sys
12:03:45.0992 5100	CmBatt - ok
12:03:46.0023 5100	cmdide          (e19d3f095812725d88f9001985b94edd) F:\Windows\system32\drivers\cmdide.sys
12:03:46.0023 5100	cmdide - ok
12:03:46.0085 5100	CNG             (c4943b6c962e4b82197542447ad599f4) F:\Windows\system32\Drivers\cng.sys
12:03:46.0101 5100	CNG - ok
12:03:46.0117 5100	Compbatt        (102de219c3f61415f964c88e9085ad14) F:\Windows\system32\DRIVERS\compbatt.sys
12:03:46.0132 5100	Compbatt - ok
12:03:46.0163 5100	CompositeBus    (03edb043586cceba243d689bdda370a8) F:\Windows\system32\drivers\CompositeBus.sys
12:03:46.0163 5100	CompositeBus - ok
12:03:46.0179 5100	COMSysApp - ok
12:03:46.0210 5100	crcdisk         (1c827878a998c18847245fe1f34ee597) F:\Windows\system32\DRIVERS\crcdisk.sys
12:03:46.0210 5100	crcdisk - ok
12:03:46.0257 5100	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) F:\Windows\system32\cryptsvc.dll
12:03:46.0257 5100	CryptSvc - ok
12:03:46.0319 5100	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) F:\Windows\system32\drivers\csc.sys
12:03:46.0335 5100	CSC - ok
12:03:46.0663 5100	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) F:\Windows\System32\cscsvc.dll
12:03:46.0709 5100	CscService - ok
12:03:46.0756 5100	CVirtA          (44bddeb03c84a1c993c992ffb5700357) F:\Windows\system32\DRIVERS\CVirtA64.sys
12:03:46.0756 5100	CVirtA - ok
12:03:46.0990 5100	CVPND           (66257cb4e4fb69887cddc71663741435) F:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
12:03:47.0021 5100	CVPND - ok
12:03:47.0177 5100	CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) F:\Windows\system32\Drivers\CVPNDRVA.sys
12:03:47.0177 5100	CVPNDRVA - ok
12:03:47.0271 5100	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) F:\Windows\system32\rpcss.dll
12:03:47.0271 5100	DcomLaunch - ok
12:03:47.0333 5100	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) F:\Windows\System32\defragsvc.dll
12:03:47.0349 5100	defragsvc - ok
12:03:47.0396 5100	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) F:\Windows\system32\Drivers\dfsc.sys
12:03:47.0396 5100	DfsC - ok
12:03:47.0458 5100	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) F:\Windows\system32\dhcpcore.dll
12:03:47.0474 5100	Dhcp - ok
12:03:47.0489 5100	discache        (13096b05847ec78f0977f2c0f79e9ab3) F:\Windows\system32\drivers\discache.sys
12:03:47.0505 5100	discache - ok
12:03:47.0552 5100	Disk            (9819eee8b5ea3784ec4af3b137a5244c) F:\Windows\system32\DRIVERS\disk.sys
12:03:47.0552 5100	Disk - ok
12:03:47.0614 5100	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) F:\Windows\system32\DRIVERS\dne64x.sys
12:03:47.0614 5100	DNE - ok
12:03:47.0692 5100	Dnscache        (16835866aaa693c7d7fceba8fff706e4) F:\Windows\System32\dnsrslvr.dll
12:03:47.0708 5100	Dnscache - ok
12:03:47.0755 5100	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) F:\Windows\System32\dot3svc.dll
12:03:47.0770 5100	dot3svc - ok
12:03:47.0864 5100	dot4            (b42ed0320c6e41102fde0005154849bb) F:\Windows\system32\DRIVERS\Dot4.sys
12:03:47.0864 5100	dot4 - ok
12:03:47.0895 5100	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) F:\Windows\system32\drivers\Dot4Prt.sys
12:03:47.0895 5100	Dot4Print - ok
12:03:47.0911 5100	dot4usb         (fd05a02b0370bc3000f402e543ca5814) F:\Windows\system32\DRIVERS\dot4usb.sys
12:03:47.0911 5100	dot4usb - ok
12:03:47.0957 5100	DPS             (b26f4f737e8f9df4f31af6cf31d05820) F:\Windows\system32\dps.dll
12:03:47.0957 5100	DPS - ok
12:03:47.0989 5100	drmkaud         (9b19f34400d24df84c858a421c205754) F:\Windows\system32\drivers\drmkaud.sys
12:03:47.0989 5100	drmkaud - ok
12:03:48.0145 5100	DsiWMIService   (55f6f3e0df82e0113082852347bf2c16) F:\Program Files (x86)\Launch Manager\dsiwmis.exe
12:03:48.0160 5100	DsiWMIService - ok
12:03:48.0269 5100	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) F:\Windows\System32\drivers\dxgkrnl.sys
12:03:48.0301 5100	DXGKrnl - ok
12:03:48.0363 5100	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) F:\Windows\System32\eapsvc.dll
12:03:48.0363 5100	EapHost - ok
12:03:48.0628 5100	ebdrv           (dc5d737f51be844d8c82c695eb17372f) F:\Windows\system32\DRIVERS\evbda.sys
12:03:48.0722 5100	ebdrv - ok
12:03:48.0878 5100	EFS             (c118a82cd78818c29ab228366ebf81c3) F:\Windows\System32\lsass.exe
12:03:48.0878 5100	EFS - ok
12:03:48.0971 5100	ehRecvr         (c4002b6b41975f057d98c439030cea07) F:\Windows\ehome\ehRecvr.exe
12:03:48.0987 5100	ehRecvr - ok
12:03:49.0018 5100	ehSched         (4705e8ef9934482c5bb488ce28afc681) F:\Windows\ehome\ehsched.exe
12:03:49.0034 5100	ehSched - ok
12:03:49.0159 5100	elxstor         (0e5da5369a0fcaea12456dd852545184) F:\Windows\system32\DRIVERS\elxstor.sys
12:03:49.0174 5100	elxstor - ok
12:03:49.0361 5100	ePowerSvc       (30bb48f6e48436bb5f332832b142945c) F:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
12:03:49.0377 5100	ePowerSvc - ok
12:03:49.0533 5100	ErrDev          (34a3c54752046e79a126e15c51db409b) F:\Windows\system32\drivers\errdev.sys
12:03:49.0549 5100	ErrDev - ok
12:03:49.0611 5100	EventSystem     (4166f82be4d24938977dd1746be9b8a0) F:\Windows\system32\es.dll
12:03:49.0611 5100	EventSystem - ok
12:03:49.0658 5100	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) F:\Windows\system32\drivers\exfat.sys
12:03:49.0673 5100	exfat - ok
12:03:49.0689 5100	fastfat         (0adc83218b66a6db380c330836f3e36d) F:\Windows\system32\drivers\fastfat.sys
12:03:49.0689 5100	fastfat - ok
12:03:49.0783 5100	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) F:\Windows\system32\fxssvc.exe
12:03:49.0783 5100	Fax - ok
12:03:49.0798 5100	fdc             (d765d19cd8ef61f650c384f62fac00ab) F:\Windows\system32\DRIVERS\fdc.sys
12:03:49.0798 5100	fdc - ok
12:03:49.0829 5100	fdPHost         (0438cab2e03f4fb61455a7956026fe86) F:\Windows\system32\fdPHost.dll
12:03:49.0829 5100	fdPHost - ok
12:03:49.0845 5100	FDResPub        (802496cb59a30349f9a6dd22d6947644) F:\Windows\system32\fdrespub.dll
12:03:49.0845 5100	FDResPub - ok
12:03:49.0861 5100	FileInfo        (655661be46b5f5f3fd454e2c3095b930) F:\Windows\system32\drivers\fileinfo.sys
12:03:49.0876 5100	FileInfo - ok
12:03:49.0892 5100	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) F:\Windows\system32\drivers\filetrace.sys
12:03:49.0892 5100	Filetrace - ok
12:03:49.0907 5100	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) F:\Windows\system32\DRIVERS\flpydisk.sys
12:03:49.0907 5100	flpydisk - ok
12:03:49.0954 5100	FltMgr          (da6b67270fd9db3697b20fce94950741) F:\Windows\system32\drivers\fltmgr.sys
12:03:49.0970 5100	FltMgr - ok
12:03:50.0079 5100	FontCache       (5c4cb4086fb83115b153e47add961a0c) F:\Windows\system32\FntCache.dll
12:03:50.0110 5100	FontCache - ok
12:03:50.0219 5100	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) F:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:03:50.0219 5100	FontCache3.0.0.0 - ok
12:03:50.0266 5100	FsDepends       (d43703496149971890703b4b1b723eac) F:\Windows\system32\drivers\FsDepends.sys
12:03:50.0266 5100	FsDepends - ok
12:03:50.0282 5100	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) F:\Windows\system32\drivers\Fs_Rec.sys
12:03:50.0282 5100	Fs_Rec - ok
12:03:50.0360 5100	fvevol          (1f7b25b858fa27015169fe95e54108ed) F:\Windows\system32\DRIVERS\fvevol.sys
12:03:50.0360 5100	fvevol - ok
12:03:50.0391 5100	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) F:\Windows\system32\DRIVERS\gagp30kx.sys
12:03:50.0391 5100	gagp30kx - ok
12:03:50.0485 5100	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) F:\Windows\System32\gpsvc.dll
12:03:50.0500 5100	gpsvc - ok
12:03:50.0547 5100	hcmon           (d5fa01185a7d5a65724fd87b34e53f5b) F:\Windows\system32\drivers\hcmon.sys
12:03:50.0547 5100	hcmon - ok
12:03:50.0547 5100	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) F:\Windows\system32\drivers\hcw85cir.sys
12:03:50.0547 5100	hcw85cir - ok
12:03:50.0609 5100	HdAudAddService (975761c778e33cd22498059b91e7373a) F:\Windows\system32\drivers\HdAudio.sys
12:03:50.0625 5100	HdAudAddService - ok
12:03:50.0672 5100	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) F:\Windows\system32\drivers\HDAudBus.sys
12:03:50.0672 5100	HDAudBus - ok
12:03:50.0703 5100	HidBatt         (78e86380454a7b10a5eb255dc44a355f) F:\Windows\system32\DRIVERS\HidBatt.sys
12:03:50.0719 5100	HidBatt - ok
12:03:50.0719 5100	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) F:\Windows\system32\DRIVERS\hidbth.sys
12:03:50.0734 5100	HidBth - ok
12:03:50.0750 5100	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) F:\Windows\system32\DRIVERS\hidir.sys
12:03:50.0750 5100	HidIr - ok
12:03:50.0765 5100	hidserv         (bd9eb3958f213f96b97b1d897dee006d) F:\Windows\system32\hidserv.dll
12:03:50.0781 5100	hidserv - ok
12:03:50.0828 5100	HidUsb          (9592090a7e2b61cd582b612b6df70536) F:\Windows\system32\DRIVERS\hidusb.sys
12:03:50.0828 5100	HidUsb - ok
12:03:50.0875 5100	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) F:\Windows\system32\kmsvc.dll
12:03:50.0875 5100	hkmsvc - ok
12:03:50.0953 5100	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) F:\Windows\system32\ListSvc.dll
12:03:50.0953 5100	HomeGroupListener - ok
12:03:50.0999 5100	HomeGroupProvider (908acb1f594274965a53926b10c81e89) F:\Windows\system32\provsvc.dll
12:03:50.0999 5100	HomeGroupProvider - ok
12:03:51.0031 5100	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) F:\Windows\system32\drivers\HpSAMD.sys
12:03:51.0031 5100	HpSAMD - ok
12:03:51.0140 5100	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) F:\Windows\system32\drivers\HTTP.sys
12:03:51.0155 5100	HTTP - ok
12:03:51.0187 5100	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) F:\Windows\system32\drivers\hwpolicy.sys
12:03:51.0187 5100	hwpolicy - ok
12:03:51.0233 5100	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) F:\Windows\system32\drivers\i8042prt.sys
12:03:51.0233 5100	i8042prt - ok
12:03:51.0311 5100	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) F:\Windows\system32\drivers\iaStorV.sys
12:03:51.0327 5100	iaStorV - ok
12:03:51.0421 5100	IDriverT        (6f95324909b502e2651442c1548ab12f) F:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:03:51.0421 5100	IDriverT - ok
12:03:51.0561 5100	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) F:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:03:51.0577 5100	idsvc - ok
12:03:52.0185 5100	igfx            (7467ae8f96ea983423148c62458669fa) F:\Windows\system32\DRIVERS\igdkmd64.sys
12:03:52.0357 5100	igfx - ok
12:03:52.0528 5100	iirsp           (5c18831c61933628f5bb0ea2675b9d21) F:\Windows\system32\DRIVERS\iirsp.sys
12:03:52.0544 5100	iirsp - ok
12:03:52.0637 5100	IKEEXT          (fcd84c381e0140af901e58d48882d26b) F:\Windows\System32\ikeext.dll
12:03:52.0653 5100	IKEEXT - ok
12:03:52.0715 5100	Impcd           (c48567d80ad357613cd0eeade18780ae) F:\Windows\system32\DRIVERS\Impcd.sys
12:03:52.0731 5100	Impcd - ok
12:03:52.0778 5100	IntcDAud        (da24c1f66ee1b5a92e045376d7a44b58) F:\Windows\system32\DRIVERS\IntcDAud.sys
12:03:52.0793 5100	IntcDAud - ok
12:03:52.0825 5100	intelide        (f00f20e70c6ec3aa366910083a0518aa) F:\Windows\system32\drivers\intelide.sys
12:03:52.0825 5100	intelide - ok
12:03:52.0887 5100	intelppm        (ada036632c664caa754079041cf1f8c1) F:\Windows\system32\DRIVERS\intelppm.sys
12:03:52.0887 5100	intelppm - ok
12:03:52.0918 5100	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) F:\Windows\system32\ipbusenum.dll
12:03:52.0918 5100	IPBusEnum - ok
12:03:52.0949 5100	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) F:\Windows\system32\DRIVERS\ipfltdrv.sys
12:03:52.0949 5100	IpFilterDriver - ok
12:03:53.0043 5100	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) F:\Windows\System32\iphlpsvc.dll
12:03:53.0059 5100	iphlpsvc - ok
12:03:53.0090 5100	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) F:\Windows\system32\drivers\IPMIDrv.sys
12:03:53.0090 5100	IPMIDRV - ok
12:03:53.0137 5100	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) F:\Windows\system32\drivers\ipnat.sys
12:03:53.0137 5100	IPNAT - ok
12:03:53.0168 5100	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) F:\Windows\system32\drivers\irenum.sys
12:03:53.0168 5100	IRENUM - ok
12:03:53.0199 5100	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) F:\Windows\system32\drivers\isapnp.sys
12:03:53.0199 5100	isapnp - ok
12:03:53.0246 5100	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) F:\Windows\system32\drivers\msiscsi.sys
12:03:53.0261 5100	iScsiPrt - ok
12:03:53.0293 5100	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) F:\Windows\system32\drivers\kbdclass.sys
12:03:53.0293 5100	kbdclass - ok
12:03:53.0324 5100	kbdhid          (0705eff5b42a9db58548eec3b26bb484) F:\Windows\system32\drivers\kbdhid.sys
12:03:53.0324 5100	kbdhid - ok
12:03:53.0355 5100	KeyIso          (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:03:53.0355 5100	KeyIso - ok
12:03:53.0386 5100	KSecDD          (da1e991a61cfdd755a589e206b97644b) F:\Windows\system32\Drivers\ksecdd.sys
12:03:53.0386 5100	KSecDD - ok
12:03:53.0402 5100	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) F:\Windows\system32\Drivers\ksecpkg.sys
12:03:53.0417 5100	KSecPkg - ok
12:03:53.0449 5100	ksthunk         (6869281e78cb31a43e969f06b57347c4) F:\Windows\system32\drivers\ksthunk.sys
12:03:53.0449 5100	ksthunk - ok
12:03:53.0511 5100	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) F:\Windows\system32\msdtckrm.dll
12:03:53.0527 5100	KtmRm - ok
12:03:53.0589 5100	L1C             (39918db0efcf045a1ce6fabbf339f975) F:\Windows\system32\DRIVERS\L1C62x64.sys
12:03:53.0589 5100	L1C - ok
12:03:53.0651 5100	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) F:\Windows\system32\srvsvc.dll
12:03:53.0651 5100	LanmanServer - ok
12:03:53.0714 5100	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) F:\Windows\System32\wkssvc.dll
12:03:53.0729 5100	LanmanWorkstation - ok
12:03:53.0792 5100	lltdio          (1538831cf8ad2979a04c423779465827) F:\Windows\system32\DRIVERS\lltdio.sys
12:03:53.0792 5100	lltdio - ok
12:03:53.0854 5100	lltdsvc         (c1185803384ab3feed115f79f109427f) F:\Windows\System32\lltdsvc.dll
12:03:53.0870 5100	lltdsvc - ok
12:03:53.0901 5100	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) F:\Windows\System32\lmhsvc.dll
12:03:53.0901 5100	lmhosts - ok
12:03:53.0948 5100	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) F:\Windows\system32\DRIVERS\lsi_fc.sys
12:03:53.0948 5100	LSI_FC - ok
12:03:53.0963 5100	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) F:\Windows\system32\DRIVERS\lsi_sas.sys
12:03:53.0963 5100	LSI_SAS - ok
12:03:53.0995 5100	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) F:\Windows\system32\DRIVERS\lsi_sas2.sys
12:03:53.0995 5100	LSI_SAS2 - ok
12:03:54.0026 5100	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) F:\Windows\system32\DRIVERS\lsi_scsi.sys
12:03:54.0026 5100	LSI_SCSI - ok
12:03:54.0073 5100	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) F:\Windows\system32\drivers\luafv.sys
12:03:54.0073 5100	luafv - ok
12:03:54.0104 5100	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) F:\Windows\system32\Mcx2Svc.dll
12:03:54.0104 5100	Mcx2Svc - ok
12:03:54.0119 5100	megasas         (a55805f747c6edb6a9080d7c633bd0f4) F:\Windows\system32\DRIVERS\megasas.sys
12:03:54.0119 5100	megasas - ok
12:03:54.0151 5100	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) F:\Windows\system32\DRIVERS\MegaSR.sys
12:03:54.0166 5100	MegaSR - ok
12:03:54.0291 5100	Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) F:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:03:54.0291 5100	Microsoft Office Groove Audit Service - ok
12:03:54.0338 5100	MMCSS           (e40e80d0304a73e8d269f7141d77250b) F:\Windows\system32\mmcss.dll
12:03:54.0338 5100	MMCSS - ok
12:03:54.0369 5100	Modem           (800ba92f7010378b09f9ed9270f07137) F:\Windows\system32\drivers\modem.sys
12:03:54.0369 5100	Modem - ok
12:03:54.0400 5100	monitor         (b03d591dc7da45ece20b3b467e6aadaa) F:\Windows\system32\DRIVERS\monitor.sys
12:03:54.0400 5100	monitor - ok
12:03:54.0431 5100	mouclass        (7d27ea49f3c1f687d357e77a470aea99) F:\Windows\system32\DRIVERS\mouclass.sys
12:03:54.0431 5100	mouclass - ok
12:03:54.0463 5100	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) F:\Windows\system32\DRIVERS\mouhid.sys
12:03:54.0463 5100	mouhid - ok
12:03:54.0494 5100	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) F:\Windows\system32\drivers\mountmgr.sys
12:03:54.0494 5100	mountmgr - ok
12:03:54.0525 5100	mpio            (a44b420d30bd56e145d6a2bc8768ec58) F:\Windows\system32\drivers\mpio.sys
12:03:54.0541 5100	mpio - ok
12:03:54.0587 5100	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) F:\Windows\system32\drivers\mpsdrv.sys
12:03:54.0587 5100	mpsdrv - ok
12:03:54.0681 5100	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) F:\Windows\system32\mpssvc.dll
12:03:54.0697 5100	MpsSvc - ok
12:03:54.0743 5100	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) F:\Windows\system32\drivers\mrxdav.sys
12:03:54.0743 5100	MRxDAV - ok
12:03:54.0790 5100	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) F:\Windows\system32\DRIVERS\mrxsmb.sys
12:03:54.0806 5100	mrxsmb - ok
12:03:54.0853 5100	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) F:\Windows\system32\DRIVERS\mrxsmb10.sys
12:03:54.0868 5100	mrxsmb10 - ok
12:03:54.0915 5100	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) F:\Windows\system32\DRIVERS\mrxsmb20.sys
12:03:54.0915 5100	mrxsmb20 - ok
12:03:54.0931 5100	msahci          (c25f0bafa182cbca2dd3c851c2e75796) F:\Windows\system32\drivers\msahci.sys
12:03:54.0931 5100	msahci - ok
12:03:54.0977 5100	msdsm           (db801a638d011b9633829eb6f663c900) F:\Windows\system32\drivers\msdsm.sys
12:03:54.0993 5100	msdsm - ok
12:03:55.0024 5100	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) F:\Windows\System32\msdtc.exe
12:03:55.0040 5100	MSDTC - ok
12:03:55.0087 5100	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) F:\Windows\system32\drivers\Msfs.sys
12:03:55.0087 5100	Msfs - ok
12:03:55.0118 5100	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) F:\Windows\System32\drivers\mshidkmdf.sys
12:03:55.0118 5100	mshidkmdf - ok
12:03:55.0133 5100	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) F:\Windows\system32\drivers\msisadrv.sys
12:03:55.0133 5100	msisadrv - ok
12:03:55.0180 5100	MSiSCSI         (808e98ff49b155c522e6400953177b08) F:\Windows\system32\iscsiexe.dll
12:03:55.0196 5100	MSiSCSI - ok
12:03:55.0196 5100	msiserver - ok
12:03:55.0243 5100	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) F:\Windows\system32\drivers\MSKSSRV.sys
12:03:55.0243 5100	MSKSSRV - ok
12:03:55.0274 5100	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) F:\Windows\system32\drivers\MSPCLOCK.sys
12:03:55.0274 5100	MSPCLOCK - ok
12:03:55.0289 5100	MSPQM           (4ed981241db27c3383d72092b618a1d0) F:\Windows\system32\drivers\MSPQM.sys
12:03:55.0289 5100	MSPQM - ok
12:03:55.0336 5100	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) F:\Windows\system32\drivers\MsRPC.sys
12:03:55.0336 5100	MsRPC - ok
12:03:55.0367 5100	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) F:\Windows\system32\drivers\mssmbios.sys
12:03:55.0367 5100	mssmbios - ok
12:03:55.0383 5100	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) F:\Windows\system32\drivers\MSTEE.sys
12:03:55.0383 5100	MSTEE - ok
12:03:55.0399 5100	MTConfig        (7ea404308934e675bffde8edf0757bcd) F:\Windows\system32\DRIVERS\MTConfig.sys
12:03:55.0399 5100	MTConfig - ok
12:03:55.0414 5100	Mup             (f9a18612fd3526fe473c1bda678d61c8) F:\Windows\system32\Drivers\mup.sys
12:03:55.0430 5100	Mup - ok
12:03:55.0492 5100	napagent        (582ac6d9873e31dfa28a4547270862dd) F:\Windows\system32\qagentRT.dll
12:03:55.0508 5100	napagent - ok
12:03:55.0570 5100	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) F:\Windows\system32\DRIVERS\nwifi.sys
12:03:55.0586 5100	NativeWifiP - ok
12:03:55.0711 5100	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) F:\Windows\system32\drivers\ndis.sys
12:03:55.0726 5100	NDIS - ok
12:03:55.0742 5100	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) F:\Windows\system32\DRIVERS\ndiscap.sys
12:03:55.0742 5100	NdisCap - ok
12:03:55.0773 5100	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) F:\Windows\system32\DRIVERS\ndistapi.sys
12:03:55.0773 5100	NdisTapi - ok
12:03:55.0820 5100	Ndisuio         (136185f9fb2cc61e573e676aa5402356) F:\Windows\system32\DRIVERS\ndisuio.sys
12:03:55.0820 5100	Ndisuio - ok
12:03:55.0851 5100	NdisWan         (53f7305169863f0a2bddc49e116c2e11) F:\Windows\system32\DRIVERS\ndiswan.sys
12:03:55.0867 5100	NdisWan - ok
12:03:55.0913 5100	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) F:\Windows\system32\drivers\NDProxy.sys
12:03:55.0913 5100	NDProxy - ok
12:03:55.0929 5100	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) F:\Windows\system32\DRIVERS\netbios.sys
12:03:55.0929 5100	NetBIOS - ok
12:03:55.0976 5100	NetBT           (09594d1089c523423b32a4229263f068) F:\Windows\system32\DRIVERS\netbt.sys
12:03:55.0991 5100	NetBT - ok
12:03:56.0007 5100	Netlogon        (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:03:56.0007 5100	Netlogon - ok
12:03:56.0069 5100	Netman          (847d3ae376c0817161a14a82c8922a9e) F:\Windows\System32\netman.dll
12:03:56.0069 5100	Netman - ok
12:03:56.0116 5100	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) F:\Windows\System32\netprofm.dll
12:03:56.0132 5100	netprofm - ok
12:03:56.0194 5100	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) F:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:03:56.0210 5100	NetTcpPortSharing - ok
12:03:56.0241 5100	nfrd960         (77889813be4d166cdab78ddba990da92) F:\Windows\system32\DRIVERS\nfrd960.sys
12:03:56.0257 5100	nfrd960 - ok
12:03:56.0303 5100	NlaSvc          (1ee99a89cc788ada662441d1e9830529) F:\Windows\System32\nlasvc.dll
12:03:56.0319 5100	NlaSvc - ok
12:03:56.0335 5100	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) F:\Windows\system32\drivers\Npfs.sys
12:03:56.0335 5100	Npfs - ok
12:03:56.0366 5100	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) F:\Windows\system32\nsisvc.dll
12:03:56.0366 5100	nsi - ok
12:03:56.0381 5100	nsiproxy        (e7f5ae18af4168178a642a9247c63001) F:\Windows\system32\drivers\nsiproxy.sys
12:03:56.0381 5100	nsiproxy - ok
12:03:56.0537 5100	Ntfs            (a2f74975097f52a00745f9637451fdd8) F:\Windows\system32\drivers\Ntfs.sys
12:03:56.0600 5100	Ntfs - ok
12:03:56.0959 5100	Null            (9899284589f75fa8724ff3d16aed75c1) F:\Windows\system32\drivers\Null.sys
12:03:56.0959 5100	Null - ok
12:03:57.0005 5100	nvraid          (0a92cb65770442ed0dc44834632f66ad) F:\Windows\system32\drivers\nvraid.sys
12:03:57.0005 5100	nvraid - ok
12:03:57.0052 5100	nvstor          (dab0e87525c10052bf65f06152f37e4a) F:\Windows\system32\drivers\nvstor.sys
12:03:57.0052 5100	nvstor - ok
12:03:57.0115 5100	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) F:\Windows\system32\drivers\nv_agp.sys
12:03:57.0115 5100	nv_agp - ok
12:03:57.0239 5100	odserv          (1f0e05dff4f5a833168e49be1256f002) F:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:03:57.0255 5100	odserv - ok
12:03:57.0302 5100	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) F:\Windows\system32\drivers\ohci1394.sys
12:03:57.0302 5100	ohci1394 - ok
12:03:57.0364 5100	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) F:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:03:57.0364 5100	ose - ok
12:03:57.0785 5100	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:03:57.0910 5100	osppsvc - ok
12:03:58.0066 5100	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) F:\Windows\system32\pnrpsvc.dll
12:03:58.0097 5100	p2pimsvc - ok
12:03:58.0144 5100	p2psvc          (927463ecb02179f88e4b9a17568c63c3) F:\Windows\system32\p2psvc.dll
12:03:58.0160 5100	p2psvc - ok
12:03:58.0222 5100	Parport         (0086431c29c35be1dbc43f52cc273887) F:\Windows\system32\DRIVERS\parport.sys
12:03:58.0222 5100	Parport - ok
12:03:58.0269 5100	partmgr         (871eadac56b0a4c6512bbe32753ccf79) F:\Windows\system32\drivers\partmgr.sys
12:03:58.0269 5100	partmgr - ok
12:03:58.0316 5100	PcaSvc          (3aeaa8b561e63452c655dc0584922257) F:\Windows\System32\pcasvc.dll
12:03:58.0316 5100	PcaSvc - ok
12:03:58.0347 5100	pci             (94575c0571d1462a0f70bde6bd6ee6b3) F:\Windows\system32\drivers\pci.sys
12:03:58.0363 5100	pci - ok
12:03:58.0394 5100	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) F:\Windows\system32\drivers\pciide.sys
12:03:58.0394 5100	pciide - ok
12:03:58.0425 5100	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) F:\Windows\system32\DRIVERS\pcmcia.sys
12:03:58.0441 5100	pcmcia - ok
12:03:58.0456 5100	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) F:\Windows\system32\drivers\pcw.sys
12:03:58.0456 5100	pcw - ok
12:03:58.0519 5100	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) F:\Windows\system32\drivers\peauth.sys
12:03:58.0550 5100	PEAUTH - ok
12:03:58.0675 5100	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) F:\Windows\system32\peerdistsvc.dll
12:03:58.0721 5100	PeerDistSvc - ok
12:03:58.0815 5100	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) F:\Windows\SysWow64\perfhost.exe
12:03:58.0815 5100	PerfHost - ok
12:03:59.0049 5100	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) F:\Windows\system32\pla.dll
12:03:59.0111 5100	pla - ok
12:03:59.0189 5100	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) F:\Windows\system32\umpnpmgr.dll
12:03:59.0189 5100	PlugPlay - ok
12:03:59.0236 5100	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) F:\Windows\system32\pnrpauto.dll
12:03:59.0236 5100	PNRPAutoReg - ok
12:03:59.0267 5100	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) F:\Windows\system32\pnrpsvc.dll
12:03:59.0283 5100	PNRPsvc - ok
12:03:59.0345 5100	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) F:\Windows\System32\ipsecsvc.dll
12:03:59.0361 5100	PolicyAgent - ok
12:03:59.0408 5100	Power           (6ba9d927dded70bd1a9caded45f8b184) F:\Windows\system32\umpo.dll
12:03:59.0408 5100	Power - ok
12:03:59.0486 5100	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) F:\Windows\system32\DRIVERS\raspptp.sys
12:03:59.0486 5100	PptpMiniport - ok
12:03:59.0517 5100	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) F:\Windows\system32\DRIVERS\processr.sys
12:03:59.0533 5100	Processor - ok
12:03:59.0579 5100	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) F:\Windows\system32\profsvc.dll
12:03:59.0579 5100	ProfSvc - ok
12:03:59.0611 5100	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:03:59.0611 5100	ProtectedStorage - ok
12:03:59.0642 5100	Psched          (0557cf5a2556bd58e26384169d72438d) F:\Windows\system32\DRIVERS\pacer.sys
12:03:59.0657 5100	Psched - ok
12:03:59.0782 5100	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) F:\Windows\system32\DRIVERS\ql2300.sys
12:03:59.0845 5100	ql2300 - ok
12:03:59.0985 5100	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) F:\Windows\system32\DRIVERS\ql40xx.sys
12:04:00.0001 5100	ql40xx - ok
12:04:00.0047 5100	QWAVE           (906191634e99aea92c4816150bda3732) F:\Windows\system32\qwave.dll
12:04:00.0063 5100	QWAVE - ok
12:04:00.0079 5100	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) F:\Windows\system32\drivers\qwavedrv.sys
12:04:00.0079 5100	QWAVEdrv - ok
12:04:00.0110 5100	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) F:\Windows\system32\DRIVERS\rasacd.sys
12:04:00.0110 5100	RasAcd - ok
12:04:00.0157 5100	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) F:\Windows\system32\DRIVERS\AgileVpn.sys
12:04:00.0157 5100	RasAgileVpn - ok
12:04:00.0172 5100	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) F:\Windows\System32\rasauto.dll
12:04:00.0172 5100	RasAuto - ok
12:04:00.0235 5100	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) F:\Windows\system32\DRIVERS\rasl2tp.sys
12:04:00.0235 5100	Rasl2tp - ok
12:04:00.0281 5100	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) F:\Windows\System32\rasmans.dll
12:04:00.0297 5100	RasMan - ok
12:04:00.0313 5100	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) F:\Windows\system32\DRIVERS\raspppoe.sys
12:04:00.0328 5100	RasPppoe - ok
12:04:00.0344 5100	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) F:\Windows\system32\DRIVERS\rassstp.sys
12:04:00.0359 5100	RasSstp - ok
12:04:00.0406 5100	rdbss           (77f665941019a1594d887a74f301fa2f) F:\Windows\system32\DRIVERS\rdbss.sys
12:04:00.0422 5100	rdbss - ok
12:04:00.0437 5100	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) F:\Windows\system32\DRIVERS\rdpbus.sys
12:04:00.0437 5100	rdpbus - ok
12:04:00.0469 5100	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) F:\Windows\system32\DRIVERS\RDPCDD.sys
12:04:00.0469 5100	RDPCDD - ok
12:04:00.0515 5100	RDPDR           (1b6163c503398b23ff8b939c67747683) F:\Windows\system32\drivers\rdpdr.sys
12:04:00.0531 5100	RDPDR - ok
12:04:00.0547 5100	RDPENCDD        (bb5971a4f00659529a5c44831af22365) F:\Windows\system32\drivers\rdpencdd.sys
12:04:00.0547 5100	RDPENCDD - ok
12:04:00.0578 5100	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) F:\Windows\system32\drivers\rdprefmp.sys
12:04:00.0578 5100	RDPREFMP - ok
12:04:00.0625 5100	RDPWD           (6d76e6433574b058adcb0c50df834492) F:\Windows\system32\drivers\RDPWD.sys
12:04:00.0625 5100	RDPWD - ok
12:04:00.0687 5100	rdyboost        (34ed295fa0121c241bfef24764fc4520) F:\Windows\system32\drivers\rdyboost.sys
12:04:00.0687 5100	rdyboost - ok
12:04:00.0734 5100	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) F:\Windows\System32\mprdim.dll
12:04:00.0734 5100	RemoteAccess - ok
12:04:00.0765 5100	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) F:\Windows\system32\regsvc.dll
12:04:00.0781 5100	RemoteRegistry - ok
12:04:00.0827 5100	RFCOMM          (3dd798846e2c28102b922c56e71b7932) F:\Windows\system32\DRIVERS\rfcomm.sys
12:04:00.0827 5100	RFCOMM - ok
12:04:00.0874 5100	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) F:\Windows\System32\RpcEpMap.dll
12:04:00.0874 5100	RpcEptMapper - ok
12:04:00.0905 5100	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) F:\Windows\system32\locator.exe
12:04:00.0905 5100	RpcLocator - ok
12:04:00.0983 5100	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) F:\Windows\system32\rpcss.dll
12:04:00.0999 5100	RpcSs - ok
12:04:01.0046 5100	rspndr          (ddc86e4f8e7456261e637e3552e804ff) F:\Windows\system32\DRIVERS\rspndr.sys
12:04:01.0046 5100	rspndr - ok
12:04:01.0077 5100	s3cap           (e60c0a09f997826c7627b244195ab581) F:\Windows\system32\drivers\vms3cap.sys
12:04:01.0077 5100	s3cap - ok
12:04:01.0108 5100	SamSs           (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:04:01.0108 5100	SamSs - ok
12:04:01.0186 5100	SASDIFSV        (3289766038db2cb14d07dc84392138d5) F:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:04:01.0186 5100	SASDIFSV - ok
12:04:01.0217 5100	SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) F:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:04:01.0217 5100	SASKUTIL - ok
12:04:01.0249 5100	sbp2port        (ac03af3329579fffb455aa2daabbe22b) F:\Windows\system32\drivers\sbp2port.sys
12:04:01.0249 5100	sbp2port - ok
12:04:01.0295 5100	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) F:\Windows\System32\SCardSvr.dll
12:04:01.0311 5100	SCardSvr - ok
12:04:01.0342 5100	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) F:\Windows\system32\DRIVERS\scfilter.sys
12:04:01.0342 5100	scfilter - ok
12:04:01.0483 5100	Schedule        (262f6592c3299c005fd6bec90fc4463a) F:\Windows\system32\schedsvc.dll
12:04:01.0498 5100	Schedule - ok
12:04:01.0545 5100	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) F:\Windows\System32\certprop.dll
12:04:01.0545 5100	SCPolicySvc - ok
12:04:01.0576 5100	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) F:\Windows\System32\SDRSVC.dll
12:04:01.0592 5100	SDRSVC - ok
12:04:01.0654 5100	secdrv          (3ea8a16169c26afbeb544e0e48421186) F:\Windows\system32\drivers\secdrv.sys
12:04:01.0654 5100	secdrv - ok
12:04:01.0685 5100	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) F:\Windows\system32\seclogon.dll
12:04:01.0701 5100	seclogon - ok
12:04:01.0732 5100	SENS            (c32ab8fa018ef34c0f113bd501436d21) F:\Windows\System32\sens.dll
12:04:01.0732 5100	SENS - ok
12:04:01.0748 5100	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) F:\Windows\system32\sensrsvc.dll
12:04:01.0748 5100	SensrSvc - ok
12:04:01.0763 5100	Serenum         (cb624c0035412af0debec78c41f5ca1b) F:\Windows\system32\DRIVERS\serenum.sys
12:04:01.0763 5100	Serenum - ok
12:04:01.0810 5100	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) F:\Windows\system32\DRIVERS\serial.sys
12:04:01.0810 5100	Serial - ok
12:04:01.0857 5100	sermouse        (1c545a7d0691cc4a027396535691c3e3) F:\Windows\system32\DRIVERS\sermouse.sys
12:04:01.0857 5100	sermouse - ok
12:04:01.0966 5100	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) F:\Windows\system32\sessenv.dll
12:04:01.0966 5100	SessionEnv - ok
12:04:01.0997 5100	sffdisk         (a554811bcd09279536440c964ae35bbf) F:\Windows\system32\drivers\sffdisk.sys
12:04:02.0013 5100	sffdisk - ok
12:04:02.0029 5100	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) F:\Windows\system32\drivers\sffp_mmc.sys
12:04:02.0029 5100	sffp_mmc - ok
12:04:02.0029 5100	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) F:\Windows\system32\drivers\sffp_sd.sys
12:04:02.0044 5100	sffp_sd - ok
12:04:02.0060 5100	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) F:\Windows\system32\DRIVERS\sfloppy.sys
12:04:02.0075 5100	sfloppy - ok
12:04:02.0122 5100	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) F:\Windows\System32\ipnathlp.dll
12:04:02.0138 5100	SharedAccess - ok
12:04:02.0185 5100	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) F:\Windows\System32\shsvcs.dll
12:04:02.0185 5100	ShellHWDetection - ok
12:04:02.0216 5100	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) F:\Windows\system32\DRIVERS\SiSRaid2.sys
12:04:02.0216 5100	SiSRaid2 - ok
12:04:02.0231 5100	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) F:\Windows\system32\DRIVERS\sisraid4.sys
12:04:02.0231 5100	SiSRaid4 - ok
12:04:02.0263 5100	Smb             (548260a7b8654e024dc30bf8a7c5baa4) F:\Windows\system32\DRIVERS\smb.sys
12:04:02.0263 5100	Smb - ok
12:04:02.0294 5100	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) F:\Windows\System32\snmptrap.exe
12:04:02.0309 5100	SNMPTRAP - ok
12:04:02.0419 5100	speedfan        (5f9785e7535f8f602cb294a54962c9e7) F:\Windows\syswow64\speedfan.sys
12:04:02.0419 5100	speedfan - ok
12:04:02.0450 5100	spldr           (b9e31e5cacdfe584f34f730a677803f9) F:\Windows\system32\drivers\spldr.sys
12:04:02.0450 5100	spldr - ok
12:04:02.0512 5100	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) F:\Windows\System32\spoolsv.exe
12:04:02.0528 5100	Spooler - ok
12:04:02.0793 5100	sppsvc          (e17e0188bb90fae42d83e98707efa59c) F:\Windows\system32\sppsvc.exe
12:04:02.0918 5100	sppsvc - ok
12:04:03.0058 5100	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) F:\Windows\system32\sppuinotify.dll
12:04:03.0058 5100	sppuinotify - ok
12:04:03.0136 5100	srv             (441fba48bff01fdb9d5969ebc1838f0b) F:\Windows\system32\DRIVERS\srv.sys
12:04:03.0152 5100	srv - ok
12:04:03.0230 5100	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) F:\Windows\system32\DRIVERS\srv2.sys
12:04:03.0245 5100	srv2 - ok
12:04:03.0292 5100	srvnet          (27e461f0be5bff5fc737328f749538c3) F:\Windows\system32\DRIVERS\srvnet.sys
12:04:03.0292 5100	srvnet - ok
12:04:03.0339 5100	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) F:\Windows\System32\ssdpsrv.dll
12:04:03.0355 5100	SSDPSRV - ok
12:04:03.0370 5100	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) F:\Windows\system32\sstpsvc.dll
12:04:03.0370 5100	SstpSvc - ok
12:04:03.0401 5100	stexstor        (f3817967ed533d08327dc73bc4d5542a) F:\Windows\system32\DRIVERS\stexstor.sys
12:04:03.0401 5100	stexstor - ok
12:04:03.0495 5100	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) F:\Windows\System32\wiaservc.dll
12:04:03.0511 5100	stisvc - ok
12:04:03.0542 5100	storflt         (7785dc213270d2fc066538daf94087e7) F:\Windows\system32\drivers\vmstorfl.sys
12:04:03.0542 5100	storflt - ok
12:04:03.0573 5100	StorSvc         (c40841817ef57d491f22eb103da587cc) F:\Windows\system32\storsvc.dll
12:04:03.0573 5100	StorSvc - ok
12:04:03.0604 5100	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) F:\Windows\system32\drivers\storvsc.sys
12:04:03.0620 5100	storvsc - ok
12:04:03.0635 5100	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) F:\Windows\system32\drivers\swenum.sys
12:04:03.0635 5100	swenum - ok
12:04:03.0713 5100	swprv           (e08e46fdd841b7184194011ca1955a0b) F:\Windows\System32\swprv.dll
12:04:03.0713 5100	swprv - ok
12:04:03.0885 5100	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) F:\Windows\system32\sysmain.dll
12:04:03.0947 5100	SysMain - ok
12:04:04.0088 5100	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) F:\Windows\System32\TabSvc.dll
12:04:04.0088 5100	TabletInputService - ok
12:04:04.0135 5100	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) F:\Windows\System32\tapisrv.dll
12:04:04.0150 5100	TapiSrv - ok
12:04:04.0197 5100	TBS             (1be03ac720f4d302ea01d40f588162f6) F:\Windows\System32\tbssvc.dll
12:04:04.0213 5100	TBS - ok
12:04:04.0384 5100	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) F:\Windows\system32\drivers\tcpip.sys
12:04:04.0447 5100	Tcpip - ok
12:04:04.0743 5100	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) F:\Windows\system32\DRIVERS\tcpip.sys
12:04:04.0759 5100	TCPIP6 - ok
12:04:04.0899 5100	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) F:\Windows\system32\drivers\tcpipreg.sys
12:04:04.0915 5100	tcpipreg - ok
12:04:04.0946 5100	TDPIPE          (3371d21011695b16333a3934340c4e7c) F:\Windows\system32\drivers\tdpipe.sys
12:04:04.0961 5100	TDPIPE - ok
12:04:04.0993 5100	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) F:\Windows\system32\drivers\tdtcp.sys
12:04:04.0993 5100	TDTCP - ok
12:04:05.0055 5100	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) F:\Windows\system32\DRIVERS\tdx.sys
12:04:05.0055 5100	tdx - ok
12:04:05.0102 5100	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) F:\Windows\system32\drivers\termdd.sys
12:04:05.0102 5100	TermDD - ok
12:04:05.0164 5100	TermService     (2e648163254233755035b46dd7b89123) F:\Windows\System32\termsrv.dll
12:04:05.0180 5100	TermService - ok
12:04:05.0211 5100	Themes          (f0344071948d1a1fa732231785a0664c) F:\Windows\system32\themeservice.dll
12:04:05.0211 5100	Themes - ok
12:04:05.0242 5100	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) F:\Windows\system32\mmcss.dll
12:04:05.0242 5100	THREADORDER - ok
12:04:05.0258 5100	TrkWks          (7e7afd841694f6ac397e99d75cead49d) F:\Windows\System32\trkwks.dll
12:04:05.0258 5100	TrkWks - ok
12:04:05.0320 5100	truecrypt       (ea43de1743c1ba0d2d17b8db90c91d88) F:\Windows\system32\drivers\truecrypt.sys
12:04:05.0336 5100	truecrypt - ok
12:04:05.0414 5100	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) F:\Windows\servicing\TrustedInstaller.exe
12:04:05.0414 5100	TrustedInstaller - ok
12:04:05.0445 5100	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) F:\Windows\system32\DRIVERS\tssecsrv.sys
12:04:05.0445 5100	tssecsrv - ok
12:04:05.0507 5100	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) F:\Windows\system32\drivers\tsusbflt.sys
12:04:05.0507 5100	TsUsbFlt - ok
12:04:05.0570 5100	tunnel          (3566a8daafa27af944f5d705eaa64894) F:\Windows\system32\DRIVERS\tunnel.sys
12:04:05.0570 5100	tunnel - ok
12:04:05.0601 5100	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) F:\Windows\system32\DRIVERS\uagp35.sys
12:04:05.0601 5100	uagp35 - ok
12:04:05.0648 5100	udfs            (ff4232a1a64012baa1fd97c7b67df593) F:\Windows\system32\DRIVERS\udfs.sys
12:04:05.0663 5100	udfs - ok
12:04:05.0788 5100	ufad-ws60       (215462ae7e6a897d675e84dd1e3b3b56) F:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
12:04:05.0804 5100	ufad-ws60 - ok
12:04:05.0835 5100	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) F:\Windows\system32\UI0Detect.exe
12:04:05.0851 5100	UI0Detect - ok
12:04:05.0882 5100	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) F:\Windows\system32\drivers\uliagpkx.sys
12:04:05.0882 5100	uliagpkx - ok
12:04:05.0913 5100	umbus           (dc54a574663a895c8763af0fa1ff7561) F:\Windows\system32\drivers\umbus.sys
12:04:05.0913 5100	umbus - ok
12:04:05.0944 5100	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) F:\Windows\system32\DRIVERS\umpass.sys
12:04:05.0944 5100	UmPass - ok
12:04:05.0975 5100	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) F:\Windows\System32\umrdp.dll
12:04:05.0991 5100	UmRdpService - ok
12:04:06.0053 5100	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) F:\Windows\System32\upnphost.dll
12:04:06.0069 5100	upnphost - ok
12:04:06.0100 5100	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) F:\Windows\system32\DRIVERS\usbccgp.sys
12:04:06.0100 5100	usbccgp - ok
12:04:06.0147 5100	usbcir          (af0892a803fdda7492f595368e3b68e7) F:\Windows\system32\drivers\usbcir.sys
12:04:06.0147 5100	usbcir - ok
12:04:06.0178 5100	usbehci         (c025055fe7b87701eb042095df1a2d7b) F:\Windows\system32\drivers\usbehci.sys
12:04:06.0178 5100	usbehci - ok
12:04:06.0241 5100	usbhub          (287c6c9410b111b68b52ca298f7b8c24) F:\Windows\system32\DRIVERS\usbhub.sys
12:04:06.0256 5100	usbhub - ok
12:04:06.0272 5100	usbohci         (9840fc418b4cbd632d3d0a667a725c31) F:\Windows\system32\drivers\usbohci.sys
12:04:06.0272 5100	usbohci - ok
12:04:06.0319 5100	usbprint        (73188f58fb384e75c4063d29413cee3d) F:\Windows\system32\DRIVERS\usbprint.sys
12:04:06.0334 5100	usbprint - ok
12:04:06.0365 5100	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) F:\Windows\system32\DRIVERS\usbscan.sys
12:04:06.0365 5100	usbscan - ok
12:04:06.0397 5100	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) F:\Windows\system32\DRIVERS\USBSTOR.SYS
12:04:06.0412 5100	USBSTOR - ok
12:04:06.0443 5100	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) F:\Windows\system32\drivers\usbuhci.sys
12:04:06.0443 5100	usbuhci - ok
12:04:06.0490 5100	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) F:\Windows\System32\Drivers\usbvideo.sys
12:04:06.0506 5100	usbvideo - ok
12:04:06.0537 5100	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) F:\Windows\System32\uxsms.dll
12:04:06.0537 5100	UxSms - ok
12:04:06.0584 5100	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) F:\Windows\system32\lsass.exe
12:04:06.0584 5100	VaultSvc - ok
12:04:06.0631 5100	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) F:\Windows\system32\drivers\vdrvroot.sys
12:04:06.0631 5100	vdrvroot - ok
12:04:06.0693 5100	vds             (8d6b481601d01a456e75c3210f1830be) F:\Windows\System32\vds.exe
12:04:06.0709 5100	vds - ok
12:04:06.0755 5100	vga             (da4da3f5e02943c2dc8c6ed875de68dd) F:\Windows\system32\DRIVERS\vgapnp.sys
12:04:06.0771 5100	vga - ok
12:04:06.0787 5100	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) F:\Windows\System32\drivers\vga.sys
12:04:06.0787 5100	VgaSave - ok
12:04:06.0833 5100	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) F:\Windows\system32\drivers\vhdmp.sys
12:04:06.0833 5100	vhdmp - ok
12:04:06.0865 5100	viaide          (e5689d93ffe4e5d66c0178761240dd54) F:\Windows\system32\drivers\viaide.sys
12:04:06.0865 5100	viaide - ok
12:04:06.0989 5100	VMAuthdService  (11dcd7a2a0b1f8532b80f5aa98f9903e) F:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
12:04:06.0989 5100	VMAuthdService - ok
12:04:07.0036 5100	vmbus           (86ea3e79ae350fea5331a1303054005f) F:\Windows\system32\drivers\vmbus.sys
12:04:07.0052 5100	vmbus - ok
12:04:07.0083 5100	VMBusHID        (7de90b48f210d29649380545db45a187) F:\Windows\system32\drivers\VMBusHID.sys
12:04:07.0083 5100	VMBusHID - ok
12:04:07.0130 5100	vmci            (4c8a14dbd410b510a88f77cb645f2c2a) F:\Windows\system32\drivers\vmci.sys
12:04:07.0130 5100	vmci - ok
12:04:07.0161 5100	vmkbd           (ffc30caeeb2fc5fee8568cff74edeaed) F:\Windows\system32\drivers\VMkbd.sys
12:04:07.0161 5100	vmkbd - ok
12:04:07.0192 5100	VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) F:\Windows\system32\DRIVERS\vmnetadapter.sys
12:04:07.0192 5100	VMnetAdapter - ok
12:04:07.0208 5100	VMnetBridge     (fb54ef3aa613d2832fd3812e7cb2fc75) F:\Windows\system32\DRIVERS\vmnetbridge.sys
12:04:07.0208 5100	VMnetBridge - ok
12:04:07.0223 5100	VMnetDHCP - ok
12:04:07.0223 5100	VMnetuserif     (d0b809f6a9fb437c2b880c3ca8c10780) F:\Windows\system32\drivers\vmnetuserif.sys
12:04:07.0239 5100	VMnetuserif - ok
12:04:07.0317 5100	VMUSBArbService (19368f7c4dc6ef444b826249fc8a0e30) F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
12:04:07.0317 5100	VMUSBArbService - ok
12:04:07.0333 5100	VMware NAT Service - ok
12:04:07.0364 5100	vmx86           (541a6d6536710fd0602ec3aa24a81756) F:\Windows\system32\drivers\vmx86.sys
12:04:07.0364 5100	vmx86 - ok
12:04:07.0395 5100	volmgr          (d2aafd421940f640b407aefaaebd91b0) F:\Windows\system32\drivers\volmgr.sys
12:04:07.0395 5100	volmgr - ok
12:04:07.0442 5100	volmgrx         (a255814907c89be58b79ef2f189b843b) F:\Windows\system32\drivers\volmgrx.sys
12:04:07.0457 5100	volmgrx - ok
12:04:07.0489 5100	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) F:\Windows\system32\drivers\volsnap.sys
12:04:07.0504 5100	volsnap - ok
12:04:07.0567 5100	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) F:\Windows\system32\DRIVERS\vsmraid.sys
12:04:07.0582 5100	vsmraid - ok
12:04:07.0723 5100	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) F:\Windows\system32\vssvc.exe
12:04:07.0754 5100	VSS - ok
12:04:07.0863 5100	vstor2-ws60     (e61c910e2ddf4797c1b1f9239636e894) F:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
12:04:07.0863 5100	vstor2-ws60 - ok
12:04:07.0988 5100	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) F:\Windows\system32\DRIVERS\vwifibus.sys
12:04:07.0988 5100	vwifibus - ok
12:04:08.0019 5100	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) F:\Windows\system32\DRIVERS\vwififlt.sys
12:04:08.0019 5100	vwififlt - ok
12:04:08.0035 5100	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) F:\Windows\system32\DRIVERS\vwifimp.sys
12:04:08.0035 5100	vwifimp - ok
12:04:08.0097 5100	W32Time         (1c9d80cc3849b3788048078c26486e1a) F:\Windows\system32\w32time.dll
12:04:08.0113 5100	W32Time - ok
12:04:08.0128 5100	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) F:\Windows\system32\DRIVERS\wacompen.sys
12:04:08.0128 5100	WacomPen - ok
12:04:08.0191 5100	WANARP          (356afd78a6ed4457169241ac3965230c) F:\Windows\system32\DRIVERS\wanarp.sys
12:04:08.0191 5100	WANARP - ok
12:04:08.0206 5100	Wanarpv6        (356afd78a6ed4457169241ac3965230c) F:\Windows\system32\DRIVERS\wanarp.sys
12:04:08.0222 5100	Wanarpv6 - ok
12:04:08.0362 5100	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) F:\Windows\system32\wbengine.exe
12:04:08.0425 5100	wbengine - ok
12:04:08.0565 5100	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) F:\Windows\System32\wbiosrvc.dll
12:04:08.0581 5100	WbioSrvc - ok
12:04:08.0643 5100	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) F:\Windows\System32\wcncsvc.dll
12:04:08.0659 5100	wcncsvc - ok
12:04:08.0690 5100	WcsPlugInService (20f7441334b18cee52027661df4a6129) F:\Windows\System32\WcsPlugInService.dll
12:04:08.0690 5100	WcsPlugInService - ok
12:04:08.0752 5100	Wd              (72889e16ff12ba0f235467d6091b17dc) F:\Windows\system32\DRIVERS\wd.sys
12:04:08.0752 5100	Wd - ok
12:04:08.0815 5100	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) F:\Windows\system32\drivers\Wdf01000.sys
12:04:08.0830 5100	Wdf01000 - ok
12:04:08.0861 5100	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) F:\Windows\system32\wdi.dll
12:04:08.0861 5100	WdiServiceHost - ok
12:04:08.0877 5100	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) F:\Windows\system32\wdi.dll
12:04:08.0877 5100	WdiSystemHost - ok
12:04:08.0939 5100	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) F:\Windows\System32\webclnt.dll
12:04:08.0955 5100	WebClient - ok
12:04:09.0002 5100	Wecsvc          (c749025a679c5103e575e3b48e092c43) F:\Windows\system32\wecsvc.dll
12:04:09.0017 5100	Wecsvc - ok
12:04:09.0033 5100	wercplsupport   (7e591867422dc788b9e5bd337a669a08) F:\Windows\System32\wercplsupport.dll
12:04:09.0033 5100	wercplsupport - ok
12:04:09.0080 5100	WerSvc          (6d137963730144698cbd10f202e9f251) F:\Windows\System32\WerSvc.dll
12:04:09.0080 5100	WerSvc - ok
12:04:09.0158 5100	WfpLwf          (611b23304bf067451a9fdee01fbdd725) F:\Windows\system32\DRIVERS\wfplwf.sys
12:04:09.0158 5100	WfpLwf - ok
12:04:09.0173 5100	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) F:\Windows\system32\drivers\wimmount.sys
12:04:09.0173 5100	WIMMount - ok
12:04:09.0220 5100	WinDefend - ok
12:04:09.0220 5100	WinHttpAutoProxySvc - ok
12:04:09.0298 5100	Winmgmt         (19b07e7e8915d701225da41cb3877306) F:\Windows\system32\wbem\WMIsvc.dll
12:04:09.0298 5100	Winmgmt - ok
12:04:09.0470 5100	WinRM           (bcb1310604aa415c4508708975b3931e) F:\Windows\system32\WsmSvc.dll
12:04:09.0532 5100	WinRM - ok
12:04:09.0704 5100	WinUSB          (fe88b288356e7b47b74b13372add906d) F:\Windows\system32\DRIVERS\WinUSB.sys
12:04:09.0704 5100	WinUSB - ok
12:04:09.0797 5100	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) F:\Windows\System32\wlansvc.dll
12:04:09.0813 5100	Wlansvc - ok
12:04:09.0844 5100	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) F:\Windows\system32\drivers\wmiacpi.sys
12:04:09.0844 5100	WmiAcpi - ok
12:04:09.0922 5100	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) F:\Windows\system32\wbem\WmiApSrv.exe
12:04:09.0922 5100	wmiApSrv - ok
12:04:09.0969 5100	WMPNetworkSvc - ok
12:04:10.0063 5100	WMZuneComm      (83b6ca03c846fcd47f9883d77d1eb27b) F:\Program Files\Zune\WMZuneComm.exe
12:04:10.0078 5100	WMZuneComm - ok
12:04:10.0109 5100	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) F:\Windows\System32\wpcsvc.dll
12:04:10.0125 5100	WPCSvc - ok
12:04:10.0141 5100	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) F:\Windows\system32\wpdbusenum.dll
12:04:10.0156 5100	WPDBusEnum - ok
12:04:10.0187 5100	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) F:\Windows\system32\drivers\ws2ifsl.sys
12:04:10.0187 5100	ws2ifsl - ok
12:04:10.0203 5100	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) F:\Windows\System32\wscsvc.dll
12:04:10.0203 5100	wscsvc - ok
12:04:10.0203 5100	WSearch - ok
12:04:10.0406 5100	wuauserv        (9df12edbc698b0bc353b3ef84861e430) F:\Windows\system32\wuaueng.dll
12:04:10.0468 5100	wuauserv - ok
12:04:10.0609 5100	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) F:\Windows\system32\drivers\WudfPf.sys
12:04:10.0609 5100	WudfPf - ok
12:04:10.0655 5100	WUDFRd          (cf8d590be3373029d57af80914190682) F:\Windows\system32\DRIVERS\WUDFRd.sys
12:04:10.0671 5100	WUDFRd - ok
12:04:10.0718 5100	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) F:\Windows\System32\WUDFSvc.dll
12:04:10.0733 5100	wudfsvc - ok
12:04:10.0780 5100	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) F:\Windows\System32\wwansvc.dll
12:04:10.0796 5100	WwanSvc - ok
12:04:11.0420 5100	ZuneNetworkSvc  (67b787c34fb2888d01b130ae007042d8) F:\Program Files\Zune\ZuneNss.exe
12:04:11.0623 5100	ZuneNetworkSvc - ok
12:04:11.0732 5100	ZuneWlanCfgSvc  (4d89fc1c20cf655739efac5da81a67bc) F:\Program Files\Zune\ZuneWlanCfgSvc.exe
12:04:11.0747 5100	ZuneWlanCfgSvc - ok
12:04:11.0810 5100	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:04:12.0091 5100	\Device\Harddisk0\DR0 - ok
12:04:12.0106 5100	Boot (0x1200)   (1d80c71112f84c01d1065821600c4420) \Device\Harddisk0\DR0\Partition0
12:04:12.0106 5100	\Device\Harddisk0\DR0\Partition0 - ok
12:04:12.0122 5100	Boot (0x1200)   (88324b35b9c9da4f2e101047b9e09566) \Device\Harddisk0\DR0\Partition1
12:04:12.0122 5100	\Device\Harddisk0\DR0\Partition1 - ok
12:04:12.0153 5100	Boot (0x1200)   (8ee0055263cfeb7eb2e70a81e628e433) \Device\Harddisk0\DR0\Partition2
12:04:12.0153 5100	\Device\Harddisk0\DR0\Partition2 - ok
12:04:12.0184 5100	Boot (0x1200)   (842c9a7ec519afbde4e3e51ff2e7ccf0) \Device\Harddisk0\DR0\Partition3
12:04:12.0184 5100	\Device\Harddisk0\DR0\Partition3 - ok
12:04:12.0215 5100	Boot (0x1200)   (b96f32b784acd97bb39d74bb5d221af4) \Device\Harddisk0\DR0\Partition4
12:04:12.0215 5100	\Device\Harddisk0\DR0\Partition4 - ok
12:04:12.0215 5100	============================================================
12:04:12.0215 5100	Scan finished
12:04:12.0215 5100	============================================================
12:04:12.0215 5092	Detected object count: 0
12:04:12.0215 5092	Actual detected object count: 0

kira · 15.06.2012, 12:18

Mit Hilfe eine auf der Platte liegende Recovery (versteckte Partition auf der Platte) kannst "per Hand" das System in den Auslieferungszustand zurück versetzen?

verwanzt · 15.06.2012, 19:58

Nein, leider auch nicht.

Win\ldpinch.DB & TR/Ransom.Gimemo.ucd (unter anderem?) via Drive-By erhalten

Log-Analyse und Auswertung: Win\ldpinch.DB & TR/Ransom.Gimemo.ucd (unter anderem?) via Drive-By erhalten