Mehrfach iexplorer.exe in den Prozessen

tweidner · 29.10.2012, 09:25

Hallo,

habe gerade mal festgestellt, dass iexplorer.exe mehrfach (bis 5x) im Taskmanager unter den Prozessen gelistet ist.

Schaute deswegen nach, weil ich sehr oft einen langsamen Notebook und sehr langsames Internet mit ganz niedrigen Übertragungsgeschwindigkeiten habe. Dabei nutze ich doch LTE...

Habe AVIRA komplett drüber laufen lassen ohne Fund. Malwarebytes läuft auch drüber, auch ohne Fund. Habe nun HijackThis drüber laufen lassen, und hänge das Logfile mal hier ran, und hoffe, dass mir viele gut und schnell helfen können. Allerdings muss ich gleich erwähnen, das ich mich mit HijackThis noch nicht auskenne, also eventuell Hilfe bräuchte.

Zitat:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:05:01, on 29.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Torsten Weidner\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
O2 - BHO: DVDVideoSoftTB DE - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
O3 - Toolbar: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: Free YouTube Download - C:\Users\Torsten Weidner\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Torsten Weidner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Internet Manager. OUC (Internet Manager. RunOuc) - Unknown owner - C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Torsten Weidner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone-Mobile-Broadband-Dienst (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14470 bytes

markusg · 29.10.2012, 13:36

hi
ein langsames gerät hindrt nicht daran, unsere anleitungen zu lesen, hijackthis wollen wir schon seit mindestens nem jahr nicht mehr sehen :-)
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

tweidner · 29.10.2012, 14:47

Sorry, hatte es wirklich aus Versehen überlesen...SORRY!!!

Im Anhang sende ich die Dateien als ZIP, da ich das nicht als Text posten konnte (zu viele Zeichen), und auch nicht hochgeladen werden konnte, da zu groß ist....

DANKE für eure Hilfe...

markusg · 29.10.2012, 16:30

hi

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

tweidner · 29.10.2012, 17:21

Hallo, hier die ComboFix.txt:Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-29.03 - Torsten Weidner 29.10.2012  16:56:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4044.2082 [GMT 1:00]
ausgeführt von:: c:\users\Torsten Weidner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Torsten Weidner\AppData\Roaming\1&1
c:\users\Torsten Weidner\AppData\Roaming\Microsoft\Windows\Cookies\WUQE6WFD.txt
c:\windows\logboot_12.10.2012.tureg.log
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\tmp1479.tmp
c:\windows\SysWow64\tmp923C.tmp
c:\windows\SysWow64\tmp926B.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-28 bis 2012-10-29  ))))))))))))))))))))))))))))))
.
.
2012-10-29 16:03 . 2012-10-29 16:03	--------	d-----w-	c:\users\Ich\AppData\Local\temp
2012-10-29 16:03 . 2012-10-29 16:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-29 13:42 . 2012-10-29 13:42	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\WinZip
2012-10-29 13:42 . 2012-10-29 13:42	--------	d-----w-	c:\program files\WinZip
2012-10-29 11:25 . 2012-10-29 12:19	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-10-29 11:17 . 2012-10-29 12:24	--------	d-----w-	c:\program files\HiJackThis
2012-10-29 08:12 . 2012-10-29 08:12	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-29 08:12 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-28 10:06 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files\iPod
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files\iTunes
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files (x86)\iTunes
2012-10-28 10:05 . 2012-10-28 10:05	--------	d-----w-	c:\program files\Bonjour
2012-10-28 10:05 . 2012-10-28 10:05	--------	d-----w-	c:\program files (x86)\Bonjour
2012-10-28 09:54 . 2012-08-21 12:01	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-10-28 09:54 . 2012-08-21 12:01	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files (x86)\QuickTime
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Apple
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files\Common Files\Apple
2012-10-28 09:53 . 2012-10-28 10:06	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2012-10-26 19:43 . 2012-10-26 19:43	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2012-10-26 18:38 . 2012-10-26 18:38	--------	d-----w-	c:\program files (x86)\Norza
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\pdfforge
2012-10-26 07:19 . 2012-10-12 05:34	100864	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-26 07:19 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-10-26 07:19 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-10-26 07:19 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-10-26 07:19 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Programs
2012-10-26 05:45 . 2012-10-26 05:45	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\DesktopIconForAmazon
2012-10-26 05:45 . 2012-10-26 05:45	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\OCS
2012-10-23 12:48 . 2011-04-18 13:43	85504	----a-w-	c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-23 12:23 . 2012-04-20 15:45	223232	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2012-10-23 12:23 . 2012-04-20 15:45	422400	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2012-10-23 12:22 . 2012-10-23 12:22	--------	d-----w-	c:\program files (x86)\Sierra Wireless Inc
2012-10-22 14:12 . 2012-10-22 14:12	--------	d-----w-	c:\program files (x86)\Vodafone
2012-10-22 12:31 . 2012-10-22 06:41	28672	----a-w-	c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-22 12:31 . 2012-10-22 06:41	212992	----a-w-	c:\windows\system32\drivers\ew_juwwanecm.sys
2012-10-22 12:31 . 2012-10-22 06:41	13952	----a-w-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-22 12:31 . 2012-10-22 06:41	1001472	----a-w-	c:\windows\system32\drivers\mod7700.sys
2012-10-22 12:31 . 2012-10-22 06:41	98816	----a-w-	c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-22 12:31 . 2012-10-22 06:41	69632	----a-w-	c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-22 12:31 . 2012-10-22 06:41	421376	----a-w-	c:\windows\system32\drivers\ewusbwwan.sys
2012-10-22 12:31 . 2012-10-22 06:41	32768	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2012-10-22 12:31 . 2012-10-22 06:41	22016	----a-w-	c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-22 12:31 . 2012-10-22 06:41	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-22 11:56 . 2012-10-22 11:56	--------	d-----w-	c:\program files\CCleaner
2012-10-22 06:34 . 2012-10-22 06:41	1490656	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-22 06:34 . 2012-10-22 06:34	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\T-Mobile
2012-10-22 06:34 . 2012-10-22 06:33	724608	----a-w-	c:\windows\SysWow64\bmutil.dll
2012-10-22 06:33 . 2012-10-22 06:33	--------	d-----w-	c:\program files (x86)\T-Mobile
2012-10-21 20:25 . 2012-10-21 20:25	--------	d-----w-	C:\DRIVERS
2012-10-21 19:33 . 2012-10-22 12:17	39592	----a-w-	c:\windows\system32\drivers\tcpipBM.sys
2012-10-21 19:33 . 2012-10-22 12:17	16552	----a-w-	c:\windows\system32\drivers\BMLoad.sys
2012-10-21 06:02 . 2012-10-21 06:02	--------	d-----w-	c:\program files (x86)\Microsoft WSE
2012-10-21 06:02 . 2012-10-21 06:02	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\PackageAware
2012-10-21 05:53 . 2012-10-21 05:53	--------	d-----w-	c:\program files\Deutsche Telekom
2012-10-21 05:53 . 2011-07-14 10:27	456848	----a-w-	c:\windows\system32\MDS_Uninstall.exe
2012-10-21 05:53 . 2012-10-21 05:53	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\mquadr.at
2012-10-19 21:38 . 2012-10-19 21:38	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Winamp Toolbar
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp Toolbar
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Common Files\Software Update Utility
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp Detect
2012-10-19 19:44 . 2012-10-23 10:43	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Winamp
2012-10-19 18:37 . 2012-10-19 18:37	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-19 18:37 . 2012-10-19 18:37	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-19 13:24 . 2012-10-19 13:24	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Avira
2012-10-19 13:19 . 2012-10-19 13:11	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-19 13:19 . 2012-10-19 13:11	129576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-19 13:19 . 2012-10-19 13:11	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-19 13:19 . 2012-10-19 13:19	--------	d-----w-	c:\program files (x86)\Avira
2012-10-19 12:32 . 2012-10-19 12:32	--------	d-----w-	C:\Setup-10.3.204.39000
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\zteusbvoice.sys
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-10-19 10:57 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2012-10-19 10:33 . 2012-10-19 10:33	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\{EBB94E3B-3BF9-4353-8238-02E9637A682C}
2012-10-18 11:04 . 2012-10-18 11:04	--------	d-----w-	c:\program files (x86)\EA SPORTS
2012-10-18 11:02 . 2012-10-18 11:03	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-18 11:02 . 2012-10-18 11:04	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\DAEMON Tools Lite
2012-10-18 11:02 . 2012-10-18 11:02	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-10-18 10:02 . 2012-10-18 10:02	--------	d-----w-	c:\windows\uninstall
2012-10-18 02:14 . 2012-10-18 02:14	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Malwarebytes
2012-10-17 19:32 . 2012-10-17 19:32	--------	d-----w-	c:\program files (x86)\Softonic
2012-10-17 18:29 . 2012-10-19 19:12	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\vlc
2012-10-17 18:28 . 2012-10-17 18:28	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-10-15 20:40 . 2012-10-15 20:40	--------	d-----w-	c:\program files (x86)\Elaborate Bytes
2012-10-15 09:42 . 2012-10-15 09:42	--------	d-----w-	C:\MF110_WCDMA_USB_Modem_XP_Vista_7-x86_x64
2012-10-15 09:16 . 2012-10-22 06:41	1490656	----a-w-	c:\windows\system32\wdfcoinstaller01007.dll
2012-10-15 09:16 . 2012-04-20 15:45	158720	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys
2012-10-14 08:22 . 2012-10-14 08:22	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Macromedia
2012-10-13 07:05 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp
2012-10-11 12:43 . 2012-05-31 10:25	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-10-11 07:09 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-11 07:09 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-11 07:09 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-11 07:09 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-11 07:09 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-11 07:09 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-11 07:09 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-11 07:09 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-11 07:09 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-11 07:09 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-11 07:09 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-11 07:09 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-06 14:29 . 2012-10-29 11:52	--------	d-----w-	C:\ProgramData
2012-10-01 11:26 . 2012-10-01 11:26	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2012-10-01 11:26 . 2012-10-01 11:26	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-10-01 11:26 . 2012-10-01 11:26	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 11:59 . 2011-10-22 06:39	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-08-24 11:15 . 2012-09-27 01:03	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-27 01:03	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-27 01:03	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-27 01:03	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-27 01:03	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-27 01:03	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-27 01:03	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-27 01:03	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-27 01:03	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-27 01:03	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-27 01:03	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-27 01:03	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-27 01:03	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-27 01:03	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-27 01:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-27 01:03	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-27 01:03	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-27 01:03	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-27 01:03	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-27 01:03	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-27 01:03	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-27 01:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-26 17:50	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-26 17:50	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-26 17:50	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-26 17:50	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 17:44	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-11 07:20	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-26 17:50	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-26 17:50	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-03-15 13:57	242384	----a-w-	c:\program files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-30 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-10-19 386336]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2012-10-22 224096]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Torsten Weidner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-10-26 40960]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 250808]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-10-22 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-22 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-10-22 421376]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-04-20 422400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-10-22 98816]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-08-18 11776]
R3 mr8980;Digital Wireless Camera;c:\windows\system32\DRIVERS\mr8980x64.sys [2010-06-16 113920]
R3 netr28ux;Belkin Wireless Adapter Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-07-27 1631808]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-18 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2012-04-20 158720]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2012-04-20 123264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-10-22 16552]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-10-19 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-18 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-31 203776]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-10-19 369952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-19 84256]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-10-19 554784]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MSSQL$LEXWARE;SQL Server (LEXWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [2011-04-25 451936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-06-24 317296]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-31 8281600]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-31 292864]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 31088]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 85504]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-12-17 12256512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 18:37]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 11:01]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 11:01]
.
2012-10-25 c:\windows\Tasks\HPCeeScheduleForTorsten Weidner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-10-29 c:\windows\Tasks\HPCeeScheduleForTORSTENWEIDNER$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Ocs_SM"="c:\users\Torsten Weidner\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-10-26 106496]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Torsten Weidner\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Torsten Weidner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_USERS\S-1-5-21-1511923294-3779207433-3340345899-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,c4,53,3a,3c,7c,95,da,9c,f2,f3,08,92,74,79,36,5e,70,ba,a8,70,
   5e,ff,a7,69,c3,22,ef,5c,ff,4c,9a,07,36,72,11,c7,88,f2,1c,93,ba,eb,25,dc,d5,\
"rkeysecu"=hex:b6,02,34,0f,1c,49,35,c7,fd,cc,7a,cb,ba,76,16,6e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\programdata\Internet Manager\OnlineUpdate\ouc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-29  17:14:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-29 16:14
.
Vor Suchlauf: 15 Verzeichnis(se), 411.609.628.672 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 412.217.778.176 Bytes frei
.
- - End Of File - - 0F91631801F0DC9A09710A19EA49B369

--- --- ---

Hallo hier nun die ComboFix.txt:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-29.03 - Torsten Weidner 29.10.2012  16:56:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4044.2082 [GMT 1:00]
ausgeführt von:: c:\users\Torsten Weidner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Torsten Weidner\AppData\Roaming\1&1
c:\users\Torsten Weidner\AppData\Roaming\Microsoft\Windows\Cookies\WUQE6WFD.txt
c:\windows\logboot_12.10.2012.tureg.log
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\tmp1479.tmp
c:\windows\SysWow64\tmp923C.tmp
c:\windows\SysWow64\tmp926B.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-28 bis 2012-10-29  ))))))))))))))))))))))))))))))
.
.
2012-10-29 16:03 . 2012-10-29 16:03	--------	d-----w-	c:\users\Ich\AppData\Local\temp
2012-10-29 16:03 . 2012-10-29 16:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-29 13:42 . 2012-10-29 13:42	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\WinZip
2012-10-29 13:42 . 2012-10-29 13:42	--------	d-----w-	c:\program files\WinZip
2012-10-29 11:25 . 2012-10-29 12:19	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-10-29 11:17 . 2012-10-29 12:24	--------	d-----w-	c:\program files\HiJackThis
2012-10-29 08:12 . 2012-10-29 08:12	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-29 08:12 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-28 10:06 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files\iPod
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files\iTunes
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files (x86)\iTunes
2012-10-28 10:05 . 2012-10-28 10:05	--------	d-----w-	c:\program files\Bonjour
2012-10-28 10:05 . 2012-10-28 10:05	--------	d-----w-	c:\program files (x86)\Bonjour
2012-10-28 09:54 . 2012-08-21 12:01	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-10-28 09:54 . 2012-08-21 12:01	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files (x86)\QuickTime
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Apple
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files\Common Files\Apple
2012-10-28 09:53 . 2012-10-28 10:06	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2012-10-26 19:43 . 2012-10-26 19:43	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2012-10-26 18:38 . 2012-10-26 18:38	--------	d-----w-	c:\program files (x86)\Norza
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\pdfforge
2012-10-26 07:19 . 2012-10-12 05:34	100864	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-26 07:19 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-10-26 07:19 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-10-26 07:19 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-10-26 07:19 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Programs
2012-10-26 05:45 . 2012-10-26 05:45	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\DesktopIconForAmazon
2012-10-26 05:45 . 2012-10-26 05:45	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\OCS
2012-10-23 12:48 . 2011-04-18 13:43	85504	----a-w-	c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-23 12:23 . 2012-04-20 15:45	223232	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2012-10-23 12:23 . 2012-04-20 15:45	422400	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2012-10-23 12:22 . 2012-10-23 12:22	--------	d-----w-	c:\program files (x86)\Sierra Wireless Inc
2012-10-22 14:12 . 2012-10-22 14:12	--------	d-----w-	c:\program files (x86)\Vodafone
2012-10-22 12:31 . 2012-10-22 06:41	28672	----a-w-	c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-22 12:31 . 2012-10-22 06:41	212992	----a-w-	c:\windows\system32\drivers\ew_juwwanecm.sys
2012-10-22 12:31 . 2012-10-22 06:41	13952	----a-w-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-22 12:31 . 2012-10-22 06:41	1001472	----a-w-	c:\windows\system32\drivers\mod7700.sys
2012-10-22 12:31 . 2012-10-22 06:41	98816	----a-w-	c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-22 12:31 . 2012-10-22 06:41	69632	----a-w-	c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-22 12:31 . 2012-10-22 06:41	421376	----a-w-	c:\windows\system32\drivers\ewusbwwan.sys
2012-10-22 12:31 . 2012-10-22 06:41	32768	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2012-10-22 12:31 . 2012-10-22 06:41	22016	----a-w-	c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-22 12:31 . 2012-10-22 06:41	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-22 11:56 . 2012-10-22 11:56	--------	d-----w-	c:\program files\CCleaner
2012-10-22 06:34 . 2012-10-22 06:41	1490656	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-22 06:34 . 2012-10-22 06:34	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\T-Mobile
2012-10-22 06:34 . 2012-10-22 06:33	724608	----a-w-	c:\windows\SysWow64\bmutil.dll
2012-10-22 06:33 . 2012-10-22 06:33	--------	d-----w-	c:\program files (x86)\T-Mobile
2012-10-21 20:25 . 2012-10-21 20:25	--------	d-----w-	C:\DRIVERS
2012-10-21 19:33 . 2012-10-22 12:17	39592	----a-w-	c:\windows\system32\drivers\tcpipBM.sys
2012-10-21 19:33 . 2012-10-22 12:17	16552	----a-w-	c:\windows\system32\drivers\BMLoad.sys
2012-10-21 06:02 . 2012-10-21 06:02	--------	d-----w-	c:\program files (x86)\Microsoft WSE
2012-10-21 06:02 . 2012-10-21 06:02	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\PackageAware
2012-10-21 05:53 . 2012-10-21 05:53	--------	d-----w-	c:\program files\Deutsche Telekom
2012-10-21 05:53 . 2011-07-14 10:27	456848	----a-w-	c:\windows\system32\MDS_Uninstall.exe
2012-10-21 05:53 . 2012-10-21 05:53	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\mquadr.at
2012-10-19 21:38 . 2012-10-19 21:38	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Winamp Toolbar
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp Toolbar
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Common Files\Software Update Utility
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp Detect
2012-10-19 19:44 . 2012-10-23 10:43	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Winamp
2012-10-19 18:37 . 2012-10-19 18:37	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-19 18:37 . 2012-10-19 18:37	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-19 13:24 . 2012-10-19 13:24	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Avira
2012-10-19 13:19 . 2012-10-19 13:11	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-19 13:19 . 2012-10-19 13:11	129576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-19 13:19 . 2012-10-19 13:11	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-19 13:19 . 2012-10-19 13:19	--------	d-----w-	c:\program files (x86)\Avira
2012-10-19 12:32 . 2012-10-19 12:32	--------	d-----w-	C:\Setup-10.3.204.39000
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\zteusbvoice.sys
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-10-19 10:57 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2012-10-19 10:33 . 2012-10-19 10:33	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\{EBB94E3B-3BF9-4353-8238-02E9637A682C}
2012-10-18 11:04 . 2012-10-18 11:04	--------	d-----w-	c:\program files (x86)\EA SPORTS
2012-10-18 11:02 . 2012-10-18 11:03	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-18 11:02 . 2012-10-18 11:04	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\DAEMON Tools Lite
2012-10-18 11:02 . 2012-10-18 11:02	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-10-18 10:02 . 2012-10-18 10:02	--------	d-----w-	c:\windows\uninstall
2012-10-18 02:14 . 2012-10-18 02:14	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Malwarebytes
2012-10-17 19:32 . 2012-10-17 19:32	--------	d-----w-	c:\program files (x86)\Softonic
2012-10-17 18:29 . 2012-10-19 19:12	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\vlc
2012-10-17 18:28 . 2012-10-17 18:28	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-10-15 20:40 . 2012-10-15 20:40	--------	d-----w-	c:\program files (x86)\Elaborate Bytes
2012-10-15 09:42 . 2012-10-15 09:42	--------	d-----w-	C:\MF110_WCDMA_USB_Modem_XP_Vista_7-x86_x64
2012-10-15 09:16 . 2012-10-22 06:41	1490656	----a-w-	c:\windows\system32\wdfcoinstaller01007.dll
2012-10-15 09:16 . 2012-04-20 15:45	158720	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys
2012-10-14 08:22 . 2012-10-14 08:22	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Macromedia
2012-10-13 07:05 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp
2012-10-11 12:43 . 2012-05-31 10:25	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-10-11 07:09 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-11 07:09 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-11 07:09 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-11 07:09 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-11 07:09 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-11 07:09 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-11 07:09 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-11 07:09 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-11 07:09 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-11 07:09 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-11 07:09 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-11 07:09 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-06 14:29 . 2012-10-29 11:52	--------	d-----w-	C:\ProgramData
2012-10-01 11:26 . 2012-10-01 11:26	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2012-10-01 11:26 . 2012-10-01 11:26	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-10-01 11:26 . 2012-10-01 11:26	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 11:59 . 2011-10-22 06:39	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-08-24 11:15 . 2012-09-27 01:03	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-27 01:03	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-27 01:03	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-27 01:03	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-27 01:03	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-27 01:03	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-27 01:03	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-27 01:03	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-27 01:03	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-27 01:03	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-27 01:03	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-27 01:03	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-27 01:03	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-27 01:03	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-27 01:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-27 01:03	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-27 01:03	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-27 01:03	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-27 01:03	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-27 01:03	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-27 01:03	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-27 01:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-26 17:50	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-26 17:50	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-26 17:50	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-26 17:50	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 17:44	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-11 07:20	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-26 17:50	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-26 17:50	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-03-15 13:57	242384	----a-w-	c:\program files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-30 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-10-19 386336]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2012-10-22 224096]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Torsten Weidner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-10-26 40960]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 250808]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-10-22 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-22 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-10-22 421376]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-04-20 422400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-10-22 98816]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-08-18 11776]
R3 mr8980;Digital Wireless Camera;c:\windows\system32\DRIVERS\mr8980x64.sys [2010-06-16 113920]
R3 netr28ux;Belkin Wireless Adapter Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-07-27 1631808]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-18 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2012-04-20 158720]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2012-04-20 123264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-10-22 16552]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-10-19 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-18 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-31 203776]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-10-19 369952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-19 84256]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-10-19 554784]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MSSQL$LEXWARE;SQL Server (LEXWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [2011-04-25 451936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-06-24 317296]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-31 8281600]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-31 292864]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 31088]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 85504]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-12-17 12256512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 18:37]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 11:01]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 11:01]
.
2012-10-25 c:\windows\Tasks\HPCeeScheduleForTorsten Weidner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-10-29 c:\windows\Tasks\HPCeeScheduleForTORSTENWEIDNER$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Ocs_SM"="c:\users\Torsten Weidner\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-10-26 106496]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Torsten Weidner\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Torsten Weidner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_USERS\S-1-5-21-1511923294-3779207433-3340345899-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,c4,53,3a,3c,7c,95,da,9c,f2,f3,08,92,74,79,36,5e,70,ba,a8,70,
   5e,ff,a7,69,c3,22,ef,5c,ff,4c,9a,07,36,72,11,c7,88,f2,1c,93,ba,eb,25,dc,d5,\
"rkeysecu"=hex:b6,02,34,0f,1c,49,35,c7,fd,cc,7a,cb,ba,76,16,6e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\programdata\Internet Manager\OnlineUpdate\ouc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-29  17:14:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-29 16:14
.
Vor Suchlauf: 15 Verzeichnis(se), 411.609.628.672 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 412.217.778.176 Bytes frei
.
- - End Of File - - 0F91631801F0DC9A09710A19EA49B369

--- --- ---

tweidner · 29.10.2012, 17:24

Hier die ComboFix.txt:Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-29.03 - Torsten Weidner 29.10.2012  16:56:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4044.2082 [GMT 1:00]
ausgeführt von:: c:\users\Torsten Weidner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Torsten Weidner\AppData\Roaming\1&1
c:\users\Torsten Weidner\AppData\Roaming\Microsoft\Windows\Cookies\WUQE6WFD.txt
c:\windows\logboot_12.10.2012.tureg.log
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\tmp1479.tmp
c:\windows\SysWow64\tmp923C.tmp
c:\windows\SysWow64\tmp926B.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-28 bis 2012-10-29  ))))))))))))))))))))))))))))))
.
.
2012-10-29 16:03 . 2012-10-29 16:03	--------	d-----w-	c:\users\Ich\AppData\Local\temp
2012-10-29 16:03 . 2012-10-29 16:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-29 13:42 . 2012-10-29 13:42	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\WinZip
2012-10-29 13:42 . 2012-10-29 13:42	--------	d-----w-	c:\program files\WinZip
2012-10-29 11:25 . 2012-10-29 12:19	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-10-29 11:17 . 2012-10-29 12:24	--------	d-----w-	c:\program files\HiJackThis
2012-10-29 08:12 . 2012-10-29 08:12	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-29 08:12 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-28 10:06 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files\iPod
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files\iTunes
2012-10-28 10:06 . 2012-10-28 10:06	--------	d-----w-	c:\program files (x86)\iTunes
2012-10-28 10:05 . 2012-10-28 10:05	--------	d-----w-	c:\program files\Bonjour
2012-10-28 10:05 . 2012-10-28 10:05	--------	d-----w-	c:\program files (x86)\Bonjour
2012-10-28 09:54 . 2012-08-21 12:01	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-10-28 09:54 . 2012-08-21 12:01	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-28 09:53 . 2012-10-28 09:53	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files (x86)\QuickTime
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Apple
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-10-28 09:53 . 2012-10-28 09:53	--------	d-----w-	c:\program files\Common Files\Apple
2012-10-28 09:53 . 2012-10-28 10:06	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2012-10-26 19:43 . 2012-10-26 19:43	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2012-10-26 18:38 . 2012-10-26 18:38	--------	d-----w-	c:\program files (x86)\Norza
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\pdfforge
2012-10-26 07:19 . 2012-10-12 05:34	100864	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-26 07:19 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-10-26 07:19 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-10-26 07:19 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-10-26 07:19 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-10-26 07:19 . 2012-10-26 07:19	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Programs
2012-10-26 05:45 . 2012-10-26 05:45	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\DesktopIconForAmazon
2012-10-26 05:45 . 2012-10-26 05:45	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\OCS
2012-10-23 12:48 . 2011-04-18 13:43	85504	----a-w-	c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-23 12:23 . 2012-04-20 15:45	223232	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2012-10-23 12:23 . 2012-04-20 15:45	422400	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2012-10-23 12:22 . 2012-10-23 12:22	--------	d-----w-	c:\program files (x86)\Sierra Wireless Inc
2012-10-22 14:12 . 2012-10-22 14:12	--------	d-----w-	c:\program files (x86)\Vodafone
2012-10-22 12:31 . 2012-10-22 06:41	28672	----a-w-	c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-22 12:31 . 2012-10-22 06:41	212992	----a-w-	c:\windows\system32\drivers\ew_juwwanecm.sys
2012-10-22 12:31 . 2012-10-22 06:41	13952	----a-w-	c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-22 12:31 . 2012-10-22 06:41	1001472	----a-w-	c:\windows\system32\drivers\mod7700.sys
2012-10-22 12:31 . 2012-10-22 06:41	98816	----a-w-	c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-22 12:31 . 2012-10-22 06:41	69632	----a-w-	c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-22 12:31 . 2012-10-22 06:41	421376	----a-w-	c:\windows\system32\drivers\ewusbwwan.sys
2012-10-22 12:31 . 2012-10-22 06:41	32768	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2012-10-22 12:31 . 2012-10-22 06:41	22016	----a-w-	c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-22 12:31 . 2012-10-22 06:41	117248	----a-w-	c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-22 11:56 . 2012-10-22 11:56	--------	d-----w-	c:\program files\CCleaner
2012-10-22 06:34 . 2012-10-22 06:41	1490656	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-22 06:34 . 2012-10-22 06:34	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\T-Mobile
2012-10-22 06:34 . 2012-10-22 06:33	724608	----a-w-	c:\windows\SysWow64\bmutil.dll
2012-10-22 06:33 . 2012-10-22 06:33	--------	d-----w-	c:\program files (x86)\T-Mobile
2012-10-21 20:25 . 2012-10-21 20:25	--------	d-----w-	C:\DRIVERS
2012-10-21 19:33 . 2012-10-22 12:17	39592	----a-w-	c:\windows\system32\drivers\tcpipBM.sys
2012-10-21 19:33 . 2012-10-22 12:17	16552	----a-w-	c:\windows\system32\drivers\BMLoad.sys
2012-10-21 06:02 . 2012-10-21 06:02	--------	d-----w-	c:\program files (x86)\Microsoft WSE
2012-10-21 06:02 . 2012-10-21 06:02	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\PackageAware
2012-10-21 05:53 . 2012-10-21 05:53	--------	d-----w-	c:\program files\Deutsche Telekom
2012-10-21 05:53 . 2011-07-14 10:27	456848	----a-w-	c:\windows\system32\MDS_Uninstall.exe
2012-10-21 05:53 . 2012-10-21 05:53	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\mquadr.at
2012-10-19 21:38 . 2012-10-19 21:38	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Winamp Toolbar
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp Toolbar
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Common Files\Software Update Utility
2012-10-19 19:45 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp Detect
2012-10-19 19:44 . 2012-10-23 10:43	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Winamp
2012-10-19 18:37 . 2012-10-19 18:37	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-19 18:37 . 2012-10-19 18:37	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-19 13:24 . 2012-10-19 13:24	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Avira
2012-10-19 13:19 . 2012-10-19 13:11	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-19 13:19 . 2012-10-19 13:11	129576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-19 13:19 . 2012-10-19 13:11	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-19 13:19 . 2012-10-19 13:19	--------	d-----w-	c:\program files (x86)\Avira
2012-10-19 12:32 . 2012-10-19 12:32	--------	d-----w-	C:\Setup-10.3.204.39000
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\zteusbvoice.sys
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys
2012-10-19 10:58 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys
2012-10-19 10:57 . 2012-04-20 15:45	123264	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys
2012-10-19 10:33 . 2012-10-19 10:33	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\{EBB94E3B-3BF9-4353-8238-02E9637A682C}
2012-10-18 11:04 . 2012-10-18 11:04	--------	d-----w-	c:\program files (x86)\EA SPORTS
2012-10-18 11:02 . 2012-10-18 11:03	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-18 11:02 . 2012-10-18 11:04	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\DAEMON Tools Lite
2012-10-18 11:02 . 2012-10-18 11:02	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-10-18 10:02 . 2012-10-18 10:02	--------	d-----w-	c:\windows\uninstall
2012-10-18 02:14 . 2012-10-18 02:14	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\Malwarebytes
2012-10-17 19:32 . 2012-10-17 19:32	--------	d-----w-	c:\program files (x86)\Softonic
2012-10-17 18:29 . 2012-10-19 19:12	--------	d-----w-	c:\users\Torsten Weidner\AppData\Roaming\vlc
2012-10-17 18:28 . 2012-10-17 18:28	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-10-15 20:40 . 2012-10-15 20:40	--------	d-----w-	c:\program files (x86)\Elaborate Bytes
2012-10-15 09:42 . 2012-10-15 09:42	--------	d-----w-	C:\MF110_WCDMA_USB_Modem_XP_Vista_7-x86_x64
2012-10-15 09:16 . 2012-10-22 06:41	1490656	----a-w-	c:\windows\system32\wdfcoinstaller01007.dll
2012-10-15 09:16 . 2012-04-20 15:45	158720	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys
2012-10-14 08:22 . 2012-10-14 08:22	--------	d-----w-	c:\users\Torsten Weidner\AppData\Local\Macromedia
2012-10-13 07:05 . 2012-10-19 19:45	--------	d-----w-	c:\program files (x86)\Winamp
2012-10-11 12:43 . 2012-05-31 10:25	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-10-11 07:09 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-11 07:09 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-11 07:09 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-11 07:09 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-11 07:09 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-11 07:09 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-11 07:09 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-11 07:09 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-11 07:09 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-11 07:09 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-11 07:09 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-11 07:09 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-06 14:29 . 2012-10-29 11:52	--------	d-----w-	C:\ProgramData
2012-10-01 11:26 . 2012-10-01 11:26	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2012-10-01 11:26 . 2012-10-01 11:26	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-10-01 11:26 . 2012-10-01 11:26	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 11:59 . 2011-10-22 06:39	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-08-24 11:15 . 2012-09-27 01:03	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-27 01:03	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-27 01:03	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-27 01:03	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-27 01:03	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-27 01:03	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-27 01:03	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-27 01:03	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-27 01:03	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-27 01:03	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-27 01:03	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-27 01:03	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-27 01:03	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-27 01:03	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-27 01:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-27 01:03	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-27 01:03	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-27 01:03	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-27 01:03	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-27 01:03	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-27 01:03	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-27 01:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-26 17:50	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-26 17:50	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-26 17:50	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-26 17:50	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 17:44	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-11 07:20	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-26 17:50	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-26 17:50	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-03-15 13:57	242384	----a-w-	c:\program files (x86)\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-30 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-10-19 386336]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2012-10-22 224096]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Torsten Weidner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2012-10-26 40960]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 250808]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-10-22 117248]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-22 13952]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-10-22 421376]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-04-20 422400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-10-22 98816]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-08-18 11776]
R3 mr8980;Digital Wireless Camera;c:\windows\system32\DRIVERS\mr8980x64.sys [2010-06-16 113920]
R3 netr28ux;Belkin Wireless Adapter Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-07-27 1631808]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-18 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2012-04-20 158720]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2012-04-20 123264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-10-22 16552]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-10-19 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-18 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-31 203776]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-10-19 369952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-19 84256]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-10-19 554784]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MSSQL$LEXWARE;SQL Server (LEXWARE);c:\program files (x86)\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [2011-04-25 451936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2011-06-24 317296]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S2 VmbService;Vodafone-Mobile-Broadband-Dienst;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-12-31 8281600]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-12-31 292864]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 31088]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 85504]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-12-17 12256512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-19 406632]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 18:37]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 11:01]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 11:01]
.
2012-10-25 c:\windows\Tasks\HPCeeScheduleForTorsten Weidner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-10-29 c:\windows\Tasks\HPCeeScheduleForTORSTENWEIDNER$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32	2240000	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Ocs_SM"="c:\users\Torsten Weidner\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-10-26 106496]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Torsten Weidner\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Torsten Weidner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.eps"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.gif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.iff"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.pcd"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.png"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tga"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tif"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MAGIXviewer.tiff"
.
[HKEY_USERS\S-1-5-21-1511923294-3779207433-3340345899-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,c4,53,3a,3c,7c,95,da,9c,f2,f3,08,92,74,79,36,5e,70,ba,a8,70,
   5e,ff,a7,69,c3,22,ef,5c,ff,4c,9a,07,36,72,11,c7,88,f2,1c,93,ba,eb,25,dc,d5,\
"rkeysecu"=hex:b6,02,34,0f,1c,49,35,c7,fd,cc,7a,cb,ba,76,16,6e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\programdata\Internet Manager\OnlineUpdate\ouc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-29  17:14:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-29 16:14
.
Vor Suchlauf: 15 Verzeichnis(se), 411.609.628.672 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 412.217.778.176 Bytes frei
.
- - End Of File - - 0F91631801F0DC9A09710A19EA49B369

--- --- ---

markusg · 29.10.2012, 18:42

download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

tweidner · 29.10.2012, 19:04

Hier der REPORT:

Zitat:

18:59:28.0874 5156 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:59:30.0153 5156 ============================================================
18:59:30.0153 5156 Current date / time: 2012/10/29 18:59:30.0153
18:59:30.0153 5156 SystemInfo:
18:59:30.0153 5156
18:59:30.0153 5156 OS Version: 6.1.7601 ServicePack: 1.0
18:59:30.0153 5156 Product type: Workstation
18:59:30.0153 5156 ComputerName: ICH
18:59:30.0153 5156 UserName: Torsten Weidner
18:59:30.0153 5156 Windows directory: C:\Windows
18:59:30.0153 5156 System windows directory: C:\Windows
18:59:30.0153 5156 Running under WOW64
18:59:30.0153 5156 Processor architecture: Intel x64
18:59:30.0153 5156 Number of processors: 4
18:59:30.0153 5156 Page size: 0x1000
18:59:30.0153 5156 Boot type: Normal boot
18:59:30.0153 5156 ============================================================
18:59:30.0948 5156 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:59:30.0964 5156 ============================================================
18:59:30.0964 5156 \Device\Harddisk0\DR0:
18:59:30.0964 5156 MBR partitions:
18:59:30.0964 5156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:59:30.0964 5156 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x384CD000
18:59:30.0964 5156 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38531000, BlocksNum 0x1E21000
18:59:30.0964 5156 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
18:59:30.0964 5156 ============================================================
18:59:30.0980 5156 C: <-> \Device\Harddisk0\DR0\Partition2
18:59:31.0073 5156 D: <-> \Device\Harddisk0\DR0\Partition3
18:59:31.0073 5156 ============================================================
18:59:31.0073 5156 Initialize success
18:59:31.0073 5156 ============================================================
19:00:03.0022 4208 ============================================================
19:00:03.0022 4208 Scan started
19:00:03.0022 4208 Mode: Manual; SigCheck; TDLFS;
19:00:03.0022 4208 ============================================================
19:00:03.0209 4208 ================ Scan system memory ========================
19:00:03.0209 4208 System memory - ok
19:00:03.0209 4208 ================ Scan services =============================
19:00:03.0334 4208 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:00:03.0428 4208 1394ohci - ok
19:00:03.0459 4208 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
19:00:03.0490 4208 Accelerometer - ok
19:00:03.0521 4208 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:00:03.0537 4208 ACPI - ok
19:00:03.0568 4208 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:00:03.0599 4208 AcpiPmi - ok
19:00:03.0708 4208 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:00:03.0724 4208 AdobeFlashPlayerUpdateSvc - ok
19:00:03.0755 4208 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:00:03.0786 4208 adp94xx - ok
19:00:03.0802 4208 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:00:03.0833 4208 adpahci - ok
19:00:03.0864 4208 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:00:03.0880 4208 adpu320 - ok
19:00:03.0896 4208 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:00:03.0958 4208 AeLookupSvc - ok
19:00:04.0020 4208 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
19:00:04.0052 4208 AESTFilters - ok
19:00:04.0083 4208 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:00:04.0130 4208 AFD - ok
19:00:04.0176 4208 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:00:04.0192 4208 agp440 - ok
19:00:04.0208 4208 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:00:04.0270 4208 ALG - ok
19:00:04.0286 4208 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:00:04.0301 4208 aliide - ok
19:00:04.0332 4208 [ 263570714AC4CF41208E647C77BD2A63 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:00:04.0348 4208 AMD External Events Utility - ok
19:00:04.0364 4208 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:00:04.0379 4208 amdide - ok
19:00:04.0410 4208 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:00:04.0442 4208 AmdK8 - ok
19:00:04.0582 4208 [ 0EEAFB005D334910BB0AEE1941351B1E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:00:04.0878 4208 amdkmdag - ok
19:00:04.0894 4208 [ 65F58CFB0BFDCEBEAE0164BB037545A8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:00:04.0956 4208 amdkmdap - ok
19:00:04.0972 4208 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:00:05.0019 4208 AmdPPM - ok
19:00:05.0050 4208 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:00:05.0066 4208 amdsata - ok
19:00:05.0112 4208 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:00:05.0128 4208 amdsbs - ok
19:00:05.0144 4208 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:00:05.0144 4208 amdxata - ok
19:00:05.0222 4208 [ 3BCAC0D02139BD3B4A04DFF0CCD85452 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
19:00:05.0237 4208 AntiVirMailService - ok
19:00:05.0268 4208 [ 7B0CB3B7AA7638A3057CF5A2E86BD565 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:00:05.0268 4208 AntiVirSchedulerService - ok
19:00:05.0284 4208 [ DE7C88712F961E828BEF15FCBB840F9F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:00:05.0284 4208 AntiVirService - ok
19:00:05.0315 4208 [ D77DF1FAEBDC438ED5A50FF69CC1E53B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:00:05.0346 4208 AntiVirWebService - ok
19:00:05.0362 4208 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:00:05.0424 4208 AppID - ok
19:00:05.0440 4208 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:00:05.0518 4208 AppIDSvc - ok
19:00:05.0549 4208 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:00:05.0580 4208 Appinfo - ok
19:00:05.0705 4208 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:00:05.0721 4208 Apple Mobile Device - ok
19:00:05.0768 4208 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:00:05.0783 4208 arc - ok
19:00:05.0799 4208 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:00:05.0814 4208 arcsas - ok
19:00:05.0830 4208 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:00:05.0892 4208 AsyncMac - ok
19:00:05.0908 4208 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:00:05.0924 4208 atapi - ok
19:00:05.0939 4208 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:00:05.0955 4208 atksgt - ok
19:00:06.0002 4208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:00:06.0048 4208 AudioEndpointBuilder - ok
19:00:06.0064 4208 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:00:06.0111 4208 AudioSrv - ok
19:00:06.0142 4208 [ 25B63A3C24A5E0223A35DE2F0D9E0FAF ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:00:06.0142 4208 avgntflt - ok
19:00:06.0158 4208 [ A83691240C1568E6A3EAA5C86D9F8AE3 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:00:06.0173 4208 avipbb - ok
19:00:06.0189 4208 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:00:06.0204 4208 avkmgr - ok
19:00:06.0220 4208 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:00:06.0282 4208 AxInstSV - ok
19:00:06.0314 4208 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:00:06.0376 4208 b06bdrv - ok
19:00:06.0407 4208 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:00:06.0438 4208 b57nd60a - ok
19:00:06.0532 4208 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:00:06.0610 4208 BCM43XX - ok
19:00:06.0641 4208 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:00:06.0688 4208 BDESVC - ok
19:00:06.0688 4208 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:00:06.0766 4208 Beep - ok
19:00:06.0797 4208 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:00:06.0844 4208 BFE - ok
19:00:06.0891 4208 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:00:06.0969 4208 BITS - ok
19:00:06.0984 4208 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:00:07.0016 4208 blbdrive - ok
19:00:07.0047 4208 [ E10EC5AE51B38C84894CEBF4B4308A14 ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
19:00:07.0062 4208 BMLoad - ok
19:00:07.0109 4208 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:00:07.0125 4208 Bonjour Service - ok
19:00:07.0156 4208 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:00:07.0172 4208 bowser - ok
19:00:07.0187 4208 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:00:07.0218 4208 BrFiltLo - ok
19:00:07.0250 4208 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:00:07.0281 4208 BrFiltUp - ok
19:00:07.0296 4208 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:00:07.0343 4208 BridgeMP - ok
19:00:07.0374 4208 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:00:07.0421 4208 Browser - ok
19:00:07.0452 4208 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:00:07.0499 4208 Brserid - ok
19:00:07.0515 4208 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:00:07.0530 4208 BrSerWdm - ok
19:00:07.0562 4208 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:00:07.0593 4208 BrUsbMdm - ok
19:00:07.0608 4208 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:00:07.0624 4208 BrUsbSer - ok
19:00:07.0640 4208 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:00:07.0671 4208 BTHMODEM - ok
19:00:07.0686 4208 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:00:07.0749 4208 bthserv - ok
19:00:07.0749 4208 catchme - ok
19:00:07.0780 4208 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:00:07.0827 4208 cdfs - ok
19:00:07.0858 4208 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:00:07.0889 4208 cdrom - ok
19:00:07.0920 4208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:00:07.0952 4208 CertPropSvc - ok
19:00:07.0983 4208 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:00:08.0014 4208 circlass - ok
19:00:08.0076 4208 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:00:08.0092 4208 CLFS - ok
19:00:08.0139 4208 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:00:08.0154 4208 clr_optimization_v2.0.50727_32 - ok
19:00:08.0201 4208 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:00:08.0217 4208 clr_optimization_v2.0.50727_64 - ok
19:00:08.0264 4208 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:00:08.0264 4208 clr_optimization_v4.0.30319_32 - ok
19:00:08.0295 4208 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:00:08.0310 4208 clr_optimization_v4.0.30319_64 - ok
19:00:08.0326 4208 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
19:00:08.0342 4208 clwvd - ok
19:00:08.0357 4208 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:00:08.0373 4208 CmBatt - ok
19:00:08.0388 4208 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:00:08.0404 4208 cmdide - ok
19:00:08.0420 4208 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:00:08.0466 4208 CNG - ok
19:00:08.0482 4208 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:00:08.0498 4208 Compbatt - ok
19:00:08.0513 4208 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:00:08.0560 4208 CompositeBus - ok
19:00:08.0560 4208 COMSysApp - ok
19:00:08.0591 4208 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:00:08.0607 4208 crcdisk - ok
19:00:08.0638 4208 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:00:08.0700 4208 CryptSvc - ok
19:00:08.0763 4208 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:00:08.0778 4208 cvhsvc - ok
19:00:08.0810 4208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:00:08.0872 4208 DcomLaunch - ok
19:00:08.0903 4208 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:00:08.0966 4208 defragsvc - ok
19:00:08.0997 4208 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:00:09.0044 4208 DfsC - ok
19:00:09.0075 4208 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:00:09.0122 4208 Dhcp - ok
19:00:09.0153 4208 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:00:09.0200 4208 discache - ok
19:00:09.0215 4208 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:00:09.0231 4208 Disk - ok
19:00:09.0262 4208 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:00:09.0293 4208 Dnscache - ok
19:00:09.0324 4208 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:00:09.0387 4208 dot3svc - ok
19:00:09.0402 4208 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:00:09.0449 4208 DPS - ok
19:00:09.0465 4208 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:00:09.0496 4208 drmkaud - ok
19:00:09.0543 4208 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:00:09.0558 4208 dtsoftbus01 - ok
19:00:09.0590 4208 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:00:09.0652 4208 DXGKrnl - ok
19:00:09.0668 4208 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:00:09.0714 4208 EapHost - ok
19:00:09.0777 4208 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:00:09.0917 4208 ebdrv - ok
19:00:09.0948 4208 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:00:10.0011 4208 EFS - ok
19:00:10.0073 4208 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:00:10.0120 4208 ehRecvr - ok
19:00:10.0136 4208 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:00:10.0167 4208 ehSched - ok
19:00:10.0182 4208 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:00:10.0229 4208 elxstor - ok
19:00:10.0260 4208 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:00:10.0276 4208 ErrDev - ok
19:00:10.0307 4208 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:00:10.0354 4208 EventSystem - ok
19:00:10.0416 4208 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
19:00:10.0448 4208 ewusbmbb - ok
19:00:10.0479 4208 [ 85F16803E3DE04520CCBB8CD1ED6660E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
19:00:10.0510 4208 ewusbnet - ok
19:00:10.0572 4208 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:00:10.0604 4208 ew_hwusbdev - ok
19:00:10.0619 4208 [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
19:00:10.0635 4208 ew_usbenumfilter - ok
19:00:10.0666 4208 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:00:10.0713 4208 exfat - ok
19:00:10.0728 4208 ezSharedSvc - ok
19:00:10.0744 4208 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:00:10.0806 4208 fastfat - ok
19:00:10.0853 4208 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:00:10.0931 4208 Fax - ok
19:00:10.0962 4208 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:00:10.0978 4208 fdc - ok
19:00:11.0009 4208 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:00:11.0040 4208 fdPHost - ok
19:00:11.0056 4208 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:00:11.0103 4208 FDResPub - ok
19:00:11.0118 4208 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:00:11.0134 4208 FileInfo - ok
19:00:11.0134 4208 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:00:11.0181 4208 Filetrace - ok
19:00:11.0212 4208 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:00:11.0228 4208 FLEXnet Licensing Service - ok
19:00:11.0259 4208 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:00:11.0290 4208 flpydisk - ok
19:00:11.0306 4208 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:00:11.0321 4208 FltMgr - ok
19:00:11.0368 4208 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:00:11.0430 4208 FontCache - ok
19:00:11.0477 4208 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:00:11.0477 4208 FontCache3.0.0.0 - ok
19:00:11.0524 4208 [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
19:00:11.0540 4208 FPLService - ok
19:00:11.0555 4208 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:00:11.0571 4208 FsDepends - ok
19:00:11.0602 4208 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:00:11.0618 4208 Fs_Rec - ok
19:00:11.0649 4208 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:00:11.0664 4208 fvevol - ok
19:00:11.0680 4208 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:00:11.0696 4208 gagp30kx - ok
19:00:11.0742 4208 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:00:11.0758 4208 GEARAspiWDM - ok
19:00:11.0789 4208 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:00:11.0852 4208 gpsvc - ok
19:00:11.0898 4208 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:00:11.0914 4208 gupdate - ok
19:00:11.0930 4208 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:00:11.0930 4208 gupdatem - ok
19:00:11.0945 4208 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:00:12.0008 4208 hcw85cir - ok
19:00:12.0023 4208 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:00:12.0086 4208 HdAudAddService - ok
19:00:12.0101 4208 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:00:12.0132 4208 HDAudBus - ok
19:00:12.0148 4208 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:00:12.0179 4208 HidBatt - ok
19:00:12.0210 4208 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:00:12.0226 4208 HidBth - ok
19:00:12.0242 4208 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:00:12.0273 4208 HidIr - ok
19:00:12.0304 4208 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:00:12.0366 4208 hidserv - ok
19:00:12.0382 4208 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:00:12.0413 4208 HidUsb - ok
19:00:12.0429 4208 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:00:12.0491 4208 hkmsvc - ok
19:00:12.0522 4208 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:00:12.0585 4208 HomeGroupListener - ok
19:00:12.0600 4208 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:00:12.0632 4208 HomeGroupProvider - ok
19:00:12.0694 4208 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:00:12.0694 4208 HP Support Assistant Service - ok
19:00:12.0741 4208 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
19:00:12.0756 4208 HP Wireless Assistant Service - ok
19:00:12.0788 4208 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:00:12.0788 4208 HPClientSvc - ok
19:00:12.0834 4208 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:00:12.0834 4208 HPDrvMntSvc.exe - ok
19:00:12.0866 4208 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
19:00:12.0881 4208 hpdskflt - ok
19:00:12.0897 4208 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:00:12.0928 4208 hpqwmiex - ok
19:00:12.0944 4208 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:00:12.0975 4208 HpSAMD - ok
19:00:12.0990 4208 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
19:00:13.0006 4208 hpsrv - ok
19:00:13.0037 4208 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:00:13.0053 4208 HPWMISVC - ok
19:00:13.0084 4208 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:00:13.0146 4208 HTTP - ok
19:00:13.0178 4208 [ 4DBBFCE863FE1B64C770EB53A3BA5860 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
19:00:13.0209 4208 huawei_cdcacm - ok
19:00:13.0240 4208 [ BAFE6B0B92BE69144D59907550A07678 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:00:13.0256 4208 huawei_enumerator - ok
19:00:13.0302 4208 [ CE93B8AF848FE2AA44455A4769C1BC8A ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:00:13.0365 4208 hwdatacard - ok
19:00:13.0443 4208 [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
19:00:13.0458 4208 HWDeviceService64.exe - ok
19:00:13.0474 4208 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:00:13.0490 4208 hwpolicy - ok
19:00:13.0490 4208 hwusbfake - ok
19:00:13.0521 4208 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:00:13.0536 4208 i8042prt - ok
19:00:13.0568 4208 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:00:13.0583 4208 iaStor - ok
19:00:13.0630 4208 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:00:13.0646 4208 IAStorDataMgrSvc - ok
19:00:13.0661 4208 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:00:13.0692 4208 iaStorV - ok
19:00:13.0755 4208 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:00:13.0786 4208 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:00:13.0786 4208 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:00:13.0848 4208 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:00:13.0864 4208 idsvc - ok
19:00:14.0098 4208 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:00:14.0457 4208 igfx - ok
19:00:14.0488 4208 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:00:14.0504 4208 iirsp - ok
19:00:14.0550 4208 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:00:14.0613 4208 IKEEXT - ok
19:00:14.0628 4208 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:00:14.0675 4208 IntcDAud - ok
19:00:14.0722 4208 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:00:14.0738 4208 intelide - ok
19:00:14.0940 4208 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
19:00:15.0268 4208 intelkmd - ok
19:00:15.0284 4208 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:00:15.0315 4208 intelppm - ok
19:00:15.0393 4208 [ 837B6D439C16DB39C30FB8EEBC806A57 ] Internet Manager. RunOuc C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
19:00:15.0408 4208 Internet Manager. RunOuc - ok
19:00:15.0424 4208 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:00:15.0471 4208 IPBusEnum - ok
19:00:15.0502 4208 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:00:15.0549 4208 IpFilterDriver - ok
19:00:15.0580 4208 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:00:15.0674 4208 iphlpsvc - ok
19:00:15.0705 4208 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:00:15.0720 4208 IPMIDRV - ok
19:00:15.0752 4208 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:00:15.0798 4208 IPNAT - ok
19:00:15.0845 4208 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:00:15.0892 4208 iPod Service - ok
19:00:15.0892 4208 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:00:15.0939 4208 IRENUM - ok
19:00:15.0954 4208 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:00:15.0970 4208 isapnp - ok
19:00:16.0001 4208 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:00:16.0032 4208 iScsiPrt - ok
19:00:16.0048 4208 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:00:16.0064 4208 kbdclass - ok
19:00:16.0079 4208 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:00:16.0095 4208 kbdhid - ok
19:00:16.0110 4208 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:00:16.0126 4208 KeyIso - ok
19:00:16.0142 4208 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:00:16.0157 4208 KSecDD - ok
19:00:16.0157 4208 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:00:16.0173 4208 KSecPkg - ok
19:00:16.0188 4208 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:00:16.0235 4208 ksthunk - ok
19:00:16.0266 4208 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:00:16.0329 4208 KtmRm - ok
19:00:16.0360 4208 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:00:16.0407 4208 LanmanServer - ok
19:00:16.0422 4208 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:00:16.0485 4208 LanmanWorkstation - ok
19:00:16.0516 4208 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
19:00:16.0532 4208 lirsgt - ok
19:00:16.0547 4208 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:00:16.0594 4208 lltdio - ok
19:00:16.0625 4208 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:00:16.0672 4208 lltdsvc - ok
19:00:16.0688 4208 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:00:16.0734 4208 lmhosts - ok
19:00:16.0750 4208 [ C463A25F01C6237295917417C5E9E344 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:00:16.0766 4208 LMS - ok
19:00:16.0797 4208 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:00:16.0812 4208 LSI_FC - ok
19:00:16.0844 4208 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:00:16.0859 4208 LSI_SAS - ok
19:00:16.0890 4208 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:00:16.0906 4208 LSI_SAS2 - ok
19:00:16.0922 4208 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:00:16.0937 4208 LSI_SCSI - ok
19:00:16.0953 4208 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:00:17.0000 4208 luafv - ok
19:00:17.0015 4208 [ 7AEAC0B5B185CB5601673A0462C7EC36 ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
19:00:17.0031 4208 massfilter - ok
19:00:17.0078 4208 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:00:17.0078 4208 MBAMProtector - ok
19:00:17.0109 4208 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:00:17.0124 4208 MBAMScheduler - ok
19:00:17.0156 4208 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:00:17.0187 4208 MBAMService - ok
19:00:17.0202 4208 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:00:17.0234 4208 Mcx2Svc - ok
19:00:17.0265 4208 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:00:17.0280 4208 megasas - ok
19:00:17.0312 4208 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:00:17.0327 4208 MegaSR - ok
19:00:17.0358 4208 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:00:17.0374 4208 MEIx64 - ok
19:00:17.0390 4208 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:00:17.0452 4208 MMCSS - ok
19:00:17.0483 4208 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:00:17.0514 4208 Modem - ok
19:00:17.0530 4208 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:00:17.0561 4208 monitor - ok
19:00:17.0577 4208 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:00:17.0592 4208 mouclass - ok
19:00:17.0624 4208 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:00:17.0639 4208 mouhid - ok
19:00:17.0655 4208 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:00:17.0670 4208 mountmgr - ok
19:00:17.0686 4208 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:00:17.0717 4208 mpio - ok
19:00:17.0733 4208 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:00:17.0764 4208 mpsdrv - ok
19:00:17.0795 4208 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:00:17.0873 4208 MpsSvc - ok
19:00:17.0889 4208 [ EAADB6D9AB5E8622A3F6E478CCFBED18 ] mr8980 C:\Windows\system32\DRIVERS\mr8980x64.sys
19:00:17.0920 4208 mr8980 - ok
19:00:17.0951 4208 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:00:17.0998 4208 MRxDAV - ok
19:00:18.0014 4208 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:00:18.0045 4208 mrxsmb - ok
19:00:18.0076 4208 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:00:18.0107 4208 mrxsmb10 - ok
19:00:18.0138 4208 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:00:18.0154 4208 mrxsmb20 - ok
19:00:18.0170 4208 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:00:18.0185 4208 msahci - ok
19:00:18.0216 4208 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:00:18.0232 4208 msdsm - ok
19:00:18.0248 4208 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:00:18.0279 4208 MSDTC - ok
19:00:18.0294 4208 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:00:18.0326 4208 Msfs - ok
19:00:18.0341 4208 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:00:18.0388 4208 mshidkmdf - ok
19:00:18.0404 4208 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:00:18.0404 4208 msisadrv - ok
19:00:18.0435 4208 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:00:18.0482 4208 MSiSCSI - ok
19:00:18.0497 4208 msiserver - ok
19:00:18.0497 4208 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:00:18.0544 4208 MSKSSRV - ok
19:00:18.0575 4208 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:00:18.0653 4208 MSPCLOCK - ok
19:00:18.0669 4208 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:00:18.0716 4208 MSPQM - ok
19:00:18.0747 4208 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:00:18.0762 4208 MsRPC - ok
19:00:18.0778 4208 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:00:18.0794 4208 mssmbios - ok
19:00:18.0840 4208 MSSQL$JTLWAWI - ok
19:00:18.0887 4208 MSSQL$LEXWARE - ok
19:00:18.0918 4208 MSSQL$SQLEXPRESS - ok
19:00:18.0950 4208 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:00:18.0965 4208 MSSQLServerADHelper - ok
19:00:18.0981 4208 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:00:19.0028 4208 MSTEE - ok
19:00:19.0043 4208 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:00:19.0074 4208 MTConfig - ok
19:00:19.0090 4208 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:00:19.0106 4208 Mup - ok
19:00:19.0121 4208 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:00:19.0184 4208 napagent - ok
19:00:19.0199 4208 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:00:19.0230 4208 NativeWifiP - ok
19:00:19.0277 4208 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:00:19.0308 4208 NDIS - ok
19:00:19.0340 4208 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:00:19.0386 4208 NdisCap - ok
19:00:19.0402 4208 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:00:19.0433 4208 NdisTapi - ok
19:00:19.0464 4208 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:00:19.0511 4208 Ndisuio - ok
19:00:19.0527 4208 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:00:19.0589 4208 NdisWan - ok
19:00:19.0605 4208 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:00:19.0667 4208 NDProxy - ok
19:00:19.0698 4208 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:00:19.0745 4208 NetBIOS - ok
19:00:19.0761 4208 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:00:19.0808 4208 NetBT - ok
19:00:19.0823 4208 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:00:19.0839 4208 Netlogon - ok
19:00:19.0870 4208 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:00:19.0917 4208 Netman - ok
19:00:19.0932 4208 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:00:19.0995 4208 netprofm - ok
19:00:20.0042 4208 [ F17EB887B80D3B96475F4558F4B0CB84 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
19:00:20.0104 4208 netr28ux - ok
19:00:20.0135 4208 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:00:20.0135 4208 NetTcpPortSharing - ok
19:00:20.0260 4208 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:00:20.0432 4208 netw5v64 - ok
19:00:20.0463 4208 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:00:20.0478 4208 nfrd960 - ok
19:00:20.0494 4208 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:00:20.0556 4208 NlaSvc - ok
19:00:20.0572 4208 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:00:20.0603 4208 Npfs - ok
19:00:20.0619 4208 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:00:20.0666 4208 nsi - ok
19:00:20.0697 4208 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:00:20.0744 4208 nsiproxy - ok
19:00:20.0790 4208 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:00:20.0853 4208 Ntfs - ok
19:00:20.0853 4208 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:00:20.0900 4208 Null - ok
19:00:20.0915 4208 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:00:20.0962 4208 nusb3hub - ok
19:00:20.0993 4208 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:00:21.0009 4208 nusb3xhc - ok
19:00:21.0024 4208 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:00:21.0040 4208 nvraid - ok
19:00:21.0071 4208 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:00:21.0087 4208 nvstor - ok
19:00:21.0102 4208 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:00:21.0118 4208 nv_agp - ok
19:00:21.0134 4208 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:00:21.0149 4208 ohci1394 - ok
19:00:21.0180 4208 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:00:21.0196 4208 ose - ok
19:00:21.0305 4208 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:00:21.0399 4208 osppsvc - ok
19:00:21.0414 4208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:00:21.0461 4208 p2pimsvc - ok
19:00:21.0492 4208 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:00:21.0524 4208 p2psvc - ok
19:00:21.0539 4208 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:00:21.0570 4208 Parport - ok
19:00:21.0586 4208 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:00:21.0602 4208 partmgr - ok
19:00:21.0617 4208 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:00:21.0648 4208 PcaSvc - ok
19:00:21.0664 4208 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:00:21.0680 4208 pci - ok
19:00:21.0711 4208 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:00:21.0711 4208 pciide - ok
19:00:21.0742 4208 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:00:21.0773 4208 pcmcia - ok
19:00:21.0789 4208 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:00:21.0804 4208 pcw - ok
19:00:21.0836 4208 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:00:21.0914 4208 PEAUTH - ok
19:00:21.0992 4208 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:00:22.0023 4208 PerfHost - ok
19:00:22.0085 4208 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:00:22.0194 4208 pla - ok
19:00:22.0226 4208 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:00:22.0257 4208 PlugPlay - ok
19:00:22.0272 4208 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:00:22.0304 4208 PNRPAutoReg - ok
19:00:22.0335 4208 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:00:22.0350 4208 PNRPsvc - ok
19:00:22.0366 4208 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:00:22.0428 4208 PolicyAgent - ok
19:00:22.0460 4208 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:00:22.0506 4208 Power - ok
19:00:22.0522 4208 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:00:22.0569 4208 PptpMiniport - ok
19:00:22.0584 4208 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:00:22.0616 4208 Processor - ok
19:00:22.0631 4208 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:00:22.0694 4208 ProfSvc - ok
19:00:22.0709 4208 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:00:22.0709 4208 ProtectedStorage - ok
19:00:22.0740 4208 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:00:22.0787 4208 Psched - ok
19:00:22.0818 4208 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:00:22.0818 4208 PxHlpa64 - ok
19:00:22.0865 4208 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:00:22.0959 4208 ql2300 - ok
19:00:22.0974 4208 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:00:22.0990 4208 ql40xx - ok
19:00:23.0021 4208 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:00:23.0052 4208 QWAVE - ok
19:00:23.0068 4208 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:00:23.0115 4208 QWAVEdrv - ok
19:00:23.0193 4208 [ 3FC8252625F2574036777D2981F839EE ] RalinkRegistryWriter C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
19:00:23.0193 4208 RalinkRegistryWriter - ok
19:00:23.0208 4208 [ 3A6F58A249DF7466F9844F70499627F7 ] RalinkRegistryWriter64 C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
19:00:23.0224 4208 RalinkRegistryWriter64 - ok
19:00:23.0240 4208 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:00:23.0286 4208 RasAcd - ok
19:00:23.0318 4208 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:00:23.0364 4208 RasAgileVpn - ok
19:00:23.0396 4208 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:00:23.0458 4208 RasAuto - ok
19:00:23.0489 4208 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:00:23.0536 4208 Rasl2tp - ok
19:00:23.0567 4208 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:00:23.0614 4208 RasMan - ok
19:00:23.0645 4208 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:00:23.0692 4208 RasPppoe - ok
19:00:23.0723 4208 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:00:23.0770 4208 RasSstp - ok
19:00:23.0786 4208 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:00:23.0848 4208 rdbss - ok
19:00:23.0864 4208 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:00:23.0879 4208 rdpbus - ok
19:00:23.0895 4208 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:00:23.0942 4208 RDPCDD - ok
19:00:23.0957 4208 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:00:24.0004 4208 RDPENCDD - ok
19:00:24.0020 4208 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:00:24.0051 4208 RDPREFMP - ok
19:00:24.0082 4208 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:00:24.0144 4208 RDPWD - ok
19:00:24.0160 4208 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:00:24.0176 4208 rdyboost - ok
19:00:24.0222 4208 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:00:24.0285 4208 RemoteAccess - ok
19:00:24.0316 4208 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:00:24.0363 4208 RemoteRegistry - ok
19:00:24.0378 4208 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:00:24.0441 4208 RpcEptMapper - ok
19:00:24.0472 4208 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:00:24.0488 4208 RpcLocator - ok
19:00:24.0519 4208 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:00:24.0550 4208 RpcSs - ok
19:00:24.0581 4208 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
19:00:24.0597 4208 RSPCIESTOR - ok
19:00:24.0628 4208 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:00:24.0690 4208 rspndr - ok
19:00:24.0737 4208 [ 5D6A444BD37B52FF846387C87DCDF98A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:00:24.0753 4208 RTL8167 - ok
19:00:24.0768 4208 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:00:24.0784 4208 SamSs - ok
19:00:24.0800 4208 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:00:24.0815 4208 sbp2port - ok
19:00:24.0909 4208 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:00:24.0924 4208 SBSDWSCService - ok
19:00:24.0956 4208 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:00:25.0018 4208 SCardSvr - ok
19:00:25.0049 4208 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:00:25.0096 4208 scfilter - ok
19:00:25.0143 4208 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:00:25.0221 4208 Schedule - ok
19:00:25.0252 4208 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:00:25.0299 4208 SCPolicySvc - ok
19:00:25.0330 4208 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:00:25.0361 4208 sdbus - ok
19:00:25.0408 4208 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:00:25.0439 4208 SDRSVC - ok
19:00:25.0548 4208 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Torsten Weidner\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
19:00:25.0580 4208 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
19:00:25.0580 4208 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
19:00:25.0611 4208 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:00:25.0658 4208 secdrv - ok
19:00:25.0673 4208 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:00:25.0736 4208 seclogon - ok
19:00:25.0767 4208 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
19:00:25.0798 4208 seehcri ( UnsignedFile.Multi.Generic ) - warning
19:00:25.0798 4208 seehcri - detected UnsignedFile.Multi.Generic (1)
19:00:25.0829 4208 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:00:25.0892 4208 SENS - ok
19:00:25.0923 4208 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:00:25.0954 4208 SensrSvc - ok
19:00:25.0985 4208 [ 749502A6C51116A6229CF7536181907F ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
19:00:26.0001 4208 Ser2pl - ok
19:00:26.0032 4208 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:00:26.0048 4208 Serenum - ok
19:00:26.0063 4208 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:00:26.0079 4208 Serial - ok
19:00:26.0110 4208 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:00:26.0141 4208 sermouse - ok
19:00:26.0188 4208 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:00:26.0250 4208 SessionEnv - ok
19:00:26.0266 4208 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:00:26.0313 4208 sffdisk - ok
19:00:26.0328 4208 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:00:26.0344 4208 sffp_mmc - ok
19:00:26.0360 4208 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:00:26.0391 4208 sffp_sd - ok
19:00:26.0406 4208 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:00:26.0453 4208 sfloppy - ok
19:00:26.0484 4208 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:00:26.0531 4208 Sftfs - ok
19:00:26.0578 4208 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:00:26.0594 4208 sftlist - ok
19:00:26.0640 4208 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:00:26.0672 4208 Sftplay - ok
19:00:26.0672 4208 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:00:26.0687 4208 Sftredir - ok
19:00:26.0703 4208 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:00:26.0718 4208 Sftvol - ok
19:00:26.0734 4208 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:00:26.0750 4208 sftvsa - ok
19:00:26.0796 4208 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:00:26.0828 4208 SharedAccess - ok
19:00:26.0874 4208 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:00:26.0921 4208 ShellHWDetection - ok
19:00:26.0952 4208 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:00:26.0968 4208 SiSRaid2 - ok
19:00:26.0984 4208 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:00:26.0999 4208 SiSRaid4 - ok
19:00:27.0030 4208 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:00:27.0108 4208 Smb - ok
19:00:27.0140 4208 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:00:27.0171 4208 SNMPTRAP - ok
19:00:27.0186 4208 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:00:27.0202 4208 spldr - ok
19:00:27.0233 4208 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:00:27.0296 4208 Spooler - ok
19:00:27.0374 4208 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:00:27.0483 4208 sppsvc - ok
19:00:27.0514 4208 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:00:27.0561 4208 sppuinotify - ok
19:00:27.0623 4208 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:00:27.0639 4208 SQLBrowser - ok
19:00:27.0670 4208 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:00:27.0670 4208 SQLWriter - ok
19:00:27.0701 4208 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:00:27.0732 4208 srv - ok
19:00:27.0764 4208 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:00:27.0795 4208 srv2 - ok
19:00:27.0826 4208 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:00:27.0857 4208 SrvHsfHDA - ok
19:00:27.0904 4208 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:00:27.0998 4208 SrvHsfV92 - ok
19:00:28.0029 4208 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:00:28.0091 4208 SrvHsfWinac - ok
19:00:28.0107 4208 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:00:28.0138 4208 srvnet - ok
19:00:28.0185 4208 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:00:28.0232 4208 SSDPSRV - ok
19:00:28.0263 4208 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:00:28.0294 4208 SstpSvc - ok
19:00:28.0356 4208 [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
19:00:28.0372 4208 STacSV - ok
19:00:28.0403 4208 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:00:28.0419 4208 stexstor - ok
19:00:28.0450 4208 [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:00:28.0481 4208 STHDA - ok
19:00:28.0497 4208 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:00:28.0528 4208 StillCam - ok
19:00:28.0559 4208 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:00:28.0622 4208 stisvc - ok
19:00:28.0637 4208 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:00:28.0653 4208 swenum - ok
19:00:28.0746 4208 [ 78ED7E7D9720BB425645CAC0BD8EF8F6 ] SwiCardDetectSvc C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
19:00:28.0746 4208 SwiCardDetectSvc - ok
19:00:28.0793 4208 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:00:28.0856 4208 swprv - ok
19:00:28.0887 4208 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:00:28.0902 4208 SynTP - ok
19:00:28.0965 4208 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:00:29.0027 4208 SysMain - ok
19:00:29.0058 4208 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:00:29.0090 4208 TabletInputService - ok
19:00:29.0105 4208 [ BCD6A90D6FD757CE9C29DDC850F7F231 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:00:29.0121 4208 tap0901 ( UnsignedFile.Multi.Generic ) - warning
19:00:29.0121 4208 tap0901 - detected UnsignedFile.Multi.Generic (1)
19:00:29.0152 4208 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:00:29.0199 4208 TapiSrv - ok
19:00:29.0214 4208 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:00:29.0261 4208 TBS - ok
19:00:29.0324 4208 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:00:29.0402 4208 Tcpip - ok
19:00:29.0433 4208 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:00:29.0480 4208 TCPIP6 - ok
19:00:29.0558 4208 [ FA5B20182028C06756CF273AAAD608D5 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
19:00:29.0573 4208 tcpipBM - ok
19:00:29.0589 4208 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:00:29.0651 4208 tcpipreg - ok
19:00:29.0682 4208 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:00:29.0714 4208 TDPIPE - ok
19:00:29.0729 4208 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:00:29.0760 4208 TDTCP - ok
19:00:29.0776 4208 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:00:29.0838 4208 tdx - ok
19:00:29.0854 4208 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:00:29.0870 4208 TermDD - ok
19:00:29.0901 4208 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:00:29.0963 4208 TermService - ok
19:00:29.0994 4208 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:00:30.0026 4208 Themes - ok
19:00:30.0057 4208 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:00:30.0088 4208 THREADORDER - ok
19:00:30.0119 4208 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:00:30.0166 4208 TrkWks - ok
19:00:30.0213 4208 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:00:30.0260 4208 TrustedInstaller - ok
19:00:30.0291 4208 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:00:30.0322 4208 tssecsrv - ok
19:00:30.0353 4208 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:00:30.0384 4208 TsUsbFlt - ok
19:00:30.0416 4208 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:00:30.0462 4208 tunnel - ok
19:00:30.0494 4208 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:00:30.0509 4208 uagp35 - ok
19:00:30.0525 4208 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:00:30.0587 4208 udfs - ok
19:00:30.0634 4208 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:00:30.0650 4208 UI0Detect - ok
19:00:30.0665 4208 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:00:30.0681 4208 uliagpkx - ok
19:00:30.0712 4208 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:00:30.0728 4208 umbus - ok
19:00:30.0759 4208 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:00:30.0790 4208 UmPass - ok
19:00:30.0884 4208 [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:00:30.0930 4208 UNS - ok
19:00:30.0946 4208 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:00:31.0008 4208 upnphost - ok
19:00:31.0055 4208 [ D4531B9B73B990DC53B4A765E3BD070A ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
19:00:31.0055 4208 UPnPService ( UnsignedFile.Multi.Generic ) - warning
19:00:31.0055 4208 UPnPService - detected UnsignedFile.Multi.Generic (1)
19:00:31.0102 4208 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:00:31.0133 4208 USBAAPL64 - ok
19:00:31.0164 4208 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:00:31.0211 4208 usbaudio - ok
19:00:31.0242 4208 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:00:31.0274 4208 usbccgp - ok
19:00:31.0305 4208 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:00:31.0336 4208 usbcir - ok
19:00:31.0352 4208 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:00:31.0367 4208 usbehci - ok
19:00:31.0398 4208 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:00:31.0430 4208 usbhub - ok
19:00:31.0445 4208 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:00:31.0476 4208 usbohci - ok
19:00:31.0492 4208 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:00:31.0523 4208 usbprint - ok
19:00:31.0539 4208 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:00:31.0554 4208 usbscan - ok
19:00:31.0570 4208 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:00:31.0617 4208 USBSTOR - ok
19:00:31.0632 4208 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:00:31.0648 4208 usbuhci - ok
19:00:31.0664 4208 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:00:31.0695 4208 usbvideo - ok
19:00:31.0710 4208 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:00:31.0757 4208 usb_rndisx - ok
19:00:31.0788 4208 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:00:31.0835 4208 UxSms - ok
19:00:31.0851 4208 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:00:31.0866 4208 VaultSvc - ok
19:00:31.0898 4208 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:00:31.0929 4208 VClone - ok
19:00:31.0944 4208 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:00:31.0960 4208 vdrvroot - ok
19:00:31.0991 4208 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:00:32.0069 4208 vds - ok
19:00:32.0100 4208 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:00:32.0116 4208 vga - ok
19:00:32.0132 4208 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:00:32.0178 4208 VgaSave - ok
19:00:32.0210 4208 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:00:32.0225 4208 vhdmp - ok
19:00:32.0241 4208 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:00:32.0256 4208 viaide - ok
19:00:32.0334 4208 [ 59E6D1CC4EA1A19D07570AA0657ED966 ] VmbService C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
19:00:32.0350 4208 VmbService ( UnsignedFile.Multi.Generic ) - warning
19:00:32.0350 4208 VmbService - detected UnsignedFile.Multi.Generic (1)
19:00:32.0397 4208 [ 1E4D31FEC921300C5F262C52F5FCC666 ] vodafone_K3805-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
19:00:32.0428 4208 vodafone_K3805-z_dc_enum - ok
19:00:32.0444 4208 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:00:32.0459 4208 volmgr - ok
19:00:32.0490 4208 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:00:32.0506 4208 volmgrx - ok
19:00:32.0522 4208 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:00:32.0537 4208 volsnap - ok
19:00:32.0568 4208 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:00:32.0584 4208 vsmraid - ok
19:00:32.0646 4208 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:00:32.0740 4208 VSS - ok
19:00:32.0756 4208 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:00:32.0787 4208 vwifibus - ok
19:00:32.0802 4208 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:00:32.0834 4208 vwififlt - ok
19:00:32.0849 4208 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:00:32.0880 4208 vwifimp - ok
19:00:32.0896 4208 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:00:32.0943 4208 W32Time - ok
19:00:32.0974 4208 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:00:32.0990 4208 WacomPen - ok
19:00:33.0021 4208 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:00:33.0052 4208 WANARP - ok
19:00:33.0068 4208 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:00:33.0099 4208 Wanarpv6 - ok
19:00:33.0146 4208 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:00:33.0224 4208 WatAdminSvc - ok
19:00:33.0270 4208 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:00:33.0333 4208 wbengine - ok
19:00:33.0364 4208 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:00:33.0380 4208 WbioSrvc - ok
19:00:33.0411 4208 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:00:33.0458 4208 wcncsvc - ok
19:00:33.0458 4208 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:00:33.0489 4208 WcsPlugInService - ok
19:00:33.0520 4208 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:00:33.0536 4208 Wd - ok
19:00:33.0567 4208 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:00:33.0582 4208 Wdf01000 - ok
19:00:33.0598 4208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:00:33.0707 4208 WdiServiceHost - ok
19:00:33.0723 4208 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:00:33.0738 4208 WdiSystemHost - ok
19:00:33.0770 4208 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:00:33.0801 4208 WebClient - ok
19:00:33.0816 4208 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:00:33.0879 4208 Wecsvc - ok
19:00:33.0910 4208 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:00:33.0988 4208 wercplsupport - ok
19:00:34.0004 4208 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:00:34.0066 4208 WerSvc - ok
19:00:34.0082 4208 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:00:34.0113 4208 WfpLwf - ok
19:00:34.0144 4208 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:00:34.0160 4208 WIMMount - ok
19:00:34.0175 4208 WinDefend - ok
19:00:34.0191 4208 WinHttpAutoProxySvc - ok
19:00:34.0238 4208 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:00:34.0284 4208 Winmgmt - ok
19:00:34.0331 4208 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:00:34.0472 4208 WinRM - ok
19:00:34.0503 4208 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
19:00:34.0550 4208 WinUsb - ok
19:00:34.0581 4208 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:00:34.0628 4208 Wlansvc - ok
19:00:34.0659 4208 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:00:34.0674 4208 wlcrasvc - ok
19:00:34.0768 4208 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:00:34.0846 4208 wlidsvc - ok
19:00:34.0862 4208 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:00:34.0862 4208 WmiAcpi - ok
19:00:34.0908 4208 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:00:34.0924 4208 wmiApSrv - ok
19:00:34.0955 4208 WMPNetworkSvc - ok
19:00:34.0971 4208 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:00:35.0002 4208 WPCSvc - ok
19:00:35.0018 4208 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:00:35.0064 4208 WPDBusEnum - ok
19:00:35.0080 4208 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:00:35.0127 4208 ws2ifsl - ok
19:00:35.0142 4208 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:00:35.0174 4208 wscsvc - ok
19:00:35.0189 4208 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:00:35.0220 4208 WSDPrintDevice - ok
19:00:35.0236 4208 WSearch - ok
19:00:35.0298 4208 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:00:35.0376 4208 wuauserv - ok
19:00:35.0408 4208 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:00:35.0454 4208 WudfPf - ok
19:00:35.0470 4208 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:00:35.0517 4208 WUDFRd - ok
19:00:35.0532 4208 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:00:35.0579 4208 wudfsvc - ok
19:00:35.0595 4208 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:00:35.0642 4208 WwanSvc - ok
19:00:35.0657 4208 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:00:35.0688 4208 yukonw7 - ok
19:00:35.0720 4208 [ 40826B3282E5D17A32695ABC7F55B129 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:00:35.0751 4208 ZTEusbmdm6k - ok
19:00:35.0782 4208 [ 2027F0FB014474FA494C3A28D87BD836 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
19:00:35.0813 4208 ZTEusbnet - ok
19:00:35.0844 4208 [ 40826B3282E5D17A32695ABC7F55B129 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
19:00:35.0860 4208 ZTEusbnmea - ok
19:00:35.0876 4208 [ 40826B3282E5D17A32695ABC7F55B129 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
19:00:35.0891 4208 ZTEusbser6k - ok
19:00:35.0907 4208 [ 40826B3282E5D17A32695ABC7F55B129 ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
19:00:35.0922 4208 ZTEusbvoice - ok
19:00:35.0969 4208 ================ Scan global ===============================
19:00:36.0016 4208 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:00:36.0032 4208 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:00:36.0047 4208 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:00:36.0063 4208 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:00:36.0094 4208 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:00:36.0094 4208 [Global] - ok
19:00:36.0094 4208 ================ Scan MBR ==================================
19:00:36.0110 4208 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:00:36.0406 4208 \Device\Harddisk0\DR0 - ok
19:00:36.0406 4208 ================ Scan VBR ==================================
19:00:36.0406 4208 [ C8780D61E7D0E34682AFD77AD8ED1CD4 ] \Device\Harddisk0\DR0\Partition1
19:00:36.0406 4208 \Device\Harddisk0\DR0\Partition1 - ok
19:00:36.0453 4208 [ 6BE9B26FD8FEE04AFC2D37DF30339A0A ] \Device\Harddisk0\DR0\Partition2
19:00:36.0453 4208 \Device\Harddisk0\DR0\Partition2 - ok
19:00:36.0484 4208 [ 9C77D8028BD242D7753E82566BD3131E ] \Device\Harddisk0\DR0\Partition3
19:00:36.0484 4208 \Device\Harddisk0\DR0\Partition3 - ok
19:00:36.0500 4208 [ CACAB462D8391D871AE4257157620F57 ] \Device\Harddisk0\DR0\Partition4
19:00:36.0500 4208 \Device\Harddisk0\DR0\Partition4 - ok
19:00:36.0500 4208 ============================================================
19:00:36.0500 4208 Scan finished
19:00:36.0500 4208 ============================================================
19:00:36.0500 6408 Detected object count: 6
19:00:36.0500 6408 Actual detected object count: 6
19:00:50.0899 6408 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:50.0899 6408 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:50.0899 6408 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:50.0899 6408 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:50.0899 6408 seehcri ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:50.0899 6408 seehcri ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:50.0899 6408 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:50.0899 6408 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:50.0899 6408 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:50.0899 6408 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:50.0899 6408 VmbService ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:50.0899 6408 VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 29.10.2012, 19:41

hi
öffne avira, verwaltung, quarantäne, poste alle fundmeldungen mit pfadangabe als text
öffne malwarebytes, berichte, falls vorhanden, poste logs mit funden

tweidner · 29.10.2012, 20:06

Von AVIRA:

Zitat:

Typ: Datei
Quelle: C:\Users\Torsten Weidner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G8O4KKNV\thinkvantage-access-connections[1].exe
Status: Infiziert
Quarantäne-Objekt: 5981c977.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.187
Virendefinitionsdatei: 7.11.46.248
Meldung: ADWARE/InstallCore.Gen
Datum/Uhrzeit: 21.10.2012, 22:22

Malwarebytes hat nichts gefunden!!!

markusg · 29.10.2012, 21:41

das waren alle avira funde?
tritt das problem momentan noch auf?
gibt es weitere probleme?

tweidner · 30.10.2012, 07:13

Guten Morgen,

das waren wirklich alle Funde bei AVIRA. Das Problem tritt definitiv weiter auf, so langsam war mein Rechner noch nie und so eine schlechte Verbindung ins Internet hatte ich auch noch nie.

Wenn ich wüsste, dass es erfolgreich ist, würde ich das Notebook nochmal neu aufsetzen, auch wenn es sehr Zeitintensiv ist. Externe Festplatte und Sticks sind genügend vorhanden.

Aber vielleicht noch jemand ne andere Idee?

markusg · 31.10.2012, 19:34

dann setzen wir neu auf, und sichern ihn danach richtig ab.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Mehrfach iexplorer.exe in den Prozessen

Plagegeister aller Art und deren Bekämpfung: Mehrfach iexplorer.exe in den Prozessen