Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.11.2012, 04:11   #1
Ludel
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



Ein herzliches Hallo zusammen,
mein Problem ist folgendes.
Habe einen PC (Windows 7 32bit) beim dem man wenn man auf Google zB. Aldi eingibt dann beim anklicken der Suchergebnisse entweder auf Porno-seiten oder Verkaufs-seiten kommt. Kaspersky und Malewarebytest haben nichts gefunden.
Dazu ist auch noch der Windows Sicherheitscenter deaktiviert.
Ich habe den Dienst schon auf "Starten" gesetzt gehabt aber kurz danach ist er wieder deaktiviert.

Hier erstmal CCleaner Logfile
Code:
ATTFilter
ABACUS	Arag IT GmbH	02.11.2012		
Adobe AIR	Adobe Systems Incorporated	02.11.2012		3.2.0.2070
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	02.11.2012	6,00MB	11.4.402.287
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	02.11.2012	6,00MB	11.4.402.287
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	16.08.2012	124MB	10.1.4
AIDA64 Extreme Edition v1.20	FinalWire Ltd.	09.02.2011	20,1MB	1.20
Angebots Msi	Canada Life Assurance (Irl) Ltd	13.09.2011	133MB	14.0.00
AOWin2010		02.11.2012		
AOWin2010		09.02.2011		
Apple Application Support	Apple Inc.	17.09.2012	64,4MB	2.2.2
Apple Mobile Device Support	Apple Inc.	17.09.2012	23,1MB	6.0.0.59
Apple Software Update	Apple Inc.	21.07.2011	2,38MB	2.1.3.127
AquaSoft PhotoKalender 3	AquaSoft	02.11.2012		3.6.03
ASC Easy 3.9.3	ASC GmbH	03.08.2011	207MB	
ASC Easy Update auf Version 4.5.0	ASC Assekuranz Service Center GmbH	09.10.2012	70,6MB	
AXA Beratungstechnologie	AXA Konzern AG	04.07.2012	196MB	12.1.0
BB-Euro-Tarifrechner		02.11.2012		1.0
Beratungsprogramme W&W-Konzern		02.11.2012		
Bonjour	Apple Inc.	12.10.2011	1,04MB	3.0.0.10
Brother P-touch Address Book 1.1	Brother Industries, Ltd.	05.06.2012	11,7MB	1.1.100
Brother P-touch Editor 5.0	Brother Industries, Ltd.	05.06.2012	22,3MB	5.0.110
CardMinder	PFU	20.07.2011		V4.1L10
CCleaner	Piriform	24.10.2012		3.24
CleverPrint	Abelssoft GmbH	27.07.2011		2.00
CodedColor FotoStudio 2010, 6.1.2	1STEIN	02.12.2011	76,0MB	
CONDOR Angebotssystem	Condor Versicherungsgruppe	02.11.2012		09/2012
Data Access Objects (DAO) 3.5		02.11.2012		
DB_Firebird 1.5.0.4306		02.11.2012		
DHTML Editing Component	Microsoft Corporation	01.04.2011	554KB	6.02.0001
Dialog Tarifprogramm	Dialog Lebensversicherungs-AG	06.12.2011	216MB	1.26.0008
Dir-It!	Wirth New Media Sarl	31.03.2011	630KB	4.00.0000
Direkt Foto System 3.x		04.11.2011	270MB	
ELBE SL	SLP	02.11.2012		1.22.0.357 13.06.2012
ElektrALight	DKV ein Unternehmen der ERGO Versicherungsgruppe	06.09.2012	32,5MB	12.10
Firebird SQL Server - MAGIX Edition	MAGIX AG	23.01.2012	10,1MB	2.1.27.0
FUJIFILM MyFinePix Studio 2.0		15.08.2011		
Fujitsu NetCOBOL Free Run-time	FUJITSU LIMITED	05.09.2012	7,71MB	9.0.0020.0000
Garmin Communicator Plugin	Garmin Ltd or its subsidiaries	25.09.2012	14,6MB	4.0.3
Geldgeschenke DruckShop		02.11.2012		
Generali Versicherungen Beratungssoftware		02.11.2012		
GEWA KV-Rational		02.11.2012		
GEWA KVRATIO		02.11.2012		
Google Chrome	Google Inc.	06.07.2012		22.0.1229.94
Google Earth	Google	21.11.2011	92,7MB	6.1.0.5001
Gothaer Softwarepaket, komplette Deinstallation		02.11.2012		
HanseMerkur ISA Makler	HanseMerkur Krankenversicherung AG	02.11.2012		1.5.0
HanseMerkur ISA Service Extensions	Hanse Merkur	14.05.2012	7,28MB	1.1.4
HanseMerkur-Tarife		02.11.2012		
Hardcopy (C:\Program Files\Hardcopy)	www.hardcopy.de	02.11.2012		2011.07.02
Helvetia Porta	Helvetia Versicherungen Deutschland	02.11.2012		
HP Product Detection	Hewlett-Packard Company	20.07.2011	1,90MB	10.7.9.0
iCloud	Apple Inc.	08.10.2012	47,4MB	2.0.2.187
InterRisk WinRisk 4.9.0	InterRisk Versicherungs-AG Vienna Insurance Group, InterRisk Lebensversicherungs-AG Vienna Insurance Group	28.10.2011	406MB	4.9.246.0
IrfanView (remove only)	Irfan Skiljan	02.11.2012	1,50MB	4.30
iTunes	Apple Inc.	17.09.2012	180MB	10.7.0.21
Janitos Offline-Tarifrechner 3.2.4.0	Fairware24	23.12.2011		
Java 2 Runtime Environment, SE v1.4.2_10	Sun Microsystems, Inc.	11.08.2011	131MB	1.4.2_10
Java 7 Update 9	Oracle	31.08.2012	128MB	7.0.90
Kaspersky Anti-Virus 2013	Kaspersky Lab	02.11.2012		13.0.1.4190
klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2010	telegate MEDIA AG	09.02.2011		1.00.0000
klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011	telegate MEDIA AG	29.07.2011		1.00.0000
KS-Win 2008	Kraftfahrerschutz e.V.	02.11.2012		1.4.42
KUBUS light ERGO	ITERGO	05.04.2012	2,27GB	12.10
LAN-Fax Dienstprogramme		02.11.2012		
MAGIX 3D Maker (embedded MSI)	MAGIX AG	23.01.2012	19,8MB	6.0.0.8
MAGIX Foto Premium 9	MAGIX AG	02.11.2012		9.0.3.2
MAGIX Online Druck Service	MAGIX AG	23.01.2012	10,2MB	3.4.3.0
MAGIX Screenshare	MAGIX AG	23.01.2012	1,43MB	4.3.6.1987
MAGIX Speed 2 (MSI)	MAGIX AG	23.01.2012	57,9MB	6.0.1.4
MAGIX Xtreme Grafik Designer 5	MAGIX AG	02.11.2012		5.1.2.10977
MailStore Home 5.0.1.6919	deepinvent Software GmbH	24.01.2012	24,1MB	5.0.1.6919
Maitre	Swiss Life Partner	02.11.2012		1.14.0.180
MEAG-Angebotssoftware	MEAG	05.04.2012	22,5MB	1.79.4
Microsoft .NET Framework 1.1		02.11.2012		
Microsoft .NET Framework 1.1 German Language Pack		02.11.2012		
Microsoft .NET Framework 4 Client Profile		09.02.2011	220MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	02.11.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack		09.02.2011		
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	02.11.2012	2,93MB	4.0.30319
Microsoft .NET Framework 4 Extended		09.02.2011	94,8MB	
Microsoft .NET Framework 4 Extended	Microsoft Corporation	02.11.2012	51,9MB	4.0.30319
Microsoft Access 2000 SR-1 Runtime	Microsoft Corporation	03.08.2011	44,8MB	9.00.3821
Microsoft Dynamics CRM 2011 für Microsoft Office Outlook	Microsoft Corporation	02.11.2012		5.0.9690.2243
Microsoft IntelliType Pro 8.2	Microsoft Corporation	02.11.2012		8.20.469.0
Microsoft LifeCam	Microsoft Corporation	09.02.2011	49,9MB	3.22.270.0
Microsoft Office File Validation Add-In	Microsoft Corporation	16.09.2011	7,95MB	14.0.5130.5003
Microsoft Office Live Add-in 1.5	Microsoft Corporation	02.05.2012	508KB	2.0.4024.1
Microsoft Office Outlook Connector	Microsoft Corporation	01.09.2011	3,36MB	14.0.5118.5000
Microsoft Office Professional Plus 2007	Microsoft Corporation	02.11.2012		12.0.6612.1000
Microsoft Online Services-Anmeldeassistent	Microsoft Corporation	30.05.2012	3,63MB	7.250.4287.0
Microsoft ReportViewer 2010 Redistributable	Microsoft Corporation	29.05.2012	12,4MB	10.0.30319
Microsoft Silverlight	Microsoft Corporation	15.05.2012	142MB	5.1.10411.0
Microsoft SQL Server 2005	Microsoft Corporation	02.11.2012		
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	01.09.2011	1,69MB	3.1.0000
Microsoft SQL Server 2008	Microsoft Corporation	02.11.2012		
Microsoft SQL Server 2008 Browser	Microsoft Corporation	31.10.2012	8,03MB	10.3.5500.0
Microsoft SQL Server 2008 Native Client	Microsoft Corporation	31.10.2012	3,27MB	10.3.5500.0
Microsoft SQL Server Compact 3.5 SP2 DEU	Microsoft Corporation	29.05.2012	3,69MB	3.5.8082.0
Microsoft SQL Server Native Client	Microsoft Corporation	10.04.2012	2,60MB	9.00.5000.00
Microsoft SQL Server Setup Support Files (English)	Microsoft Corporation	10.04.2012	24,5MB	9.00.5000.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	31.10.2012	2,18MB	10.3.5500.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	17.06.2011	252KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	12.07.2011	300KB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	28.10.2011	234KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	27.09.2011	238KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	31.05.2011	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	12.07.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	31.10.2012	11,0MB	10.0.30319
Microsoft Windows Media Video 9 VCM		02.11.2012		
Microsoft Works 6-9 Converter	Microsoft Corporation	13.04.2012	4,56MB	14.0.6120.5002
Microsoft XML Parser	 	19.07.2011	66,0KB	1.00.0000
MKVWin 12-1		10.10.2011		MKVWin 12-1
MobileMe Control Panel	Apple Inc.	24.10.2011	12,9MB	3.1.8.0
MotoHelper 2.1.32 Driver 5.4.0	Motorola	02.11.2012		2.1.32
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	20.07.2011	35,0KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	20.07.2011	1,33MB	4.20.9876.0
MV-Makler-und-ADP		02.11.2012		
myphotobook.de	myphotobook GmbH	02.11.2012		1.3.0
MÜNCHENER VEREIN Software-Service		02.11.2012		
Nero Burning ROM 10	Nero AG	13.09.2011	168MB	10.6.10600
Nero BurnRights 10	Nero AG	13.09.2011	6,14MB	4.4.10300.1.100
Outlook Backup Assistant 5 (Vollversion)	Priotecs IT GmbH	31.03.2011	5,93MB	5.0
PhotoCleaner		02.11.2012		
Pixpedia Publisher 3.1.1	1STEIN Corp.	02.12.2011	34,3MB	
POLARIS		02.11.2012		
Power Druckstudio Gold 1		13.09.2012	454MB	
QuickTime	Apple Inc.	21.05.2012	73,2MB	7.72.80.56
RAF	FUJIFILM Corporation	15.08.2011		1.00.0001
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	02.11.2012		6.0.1.5910
RSA SecurID Software Token	RSA, The Security Division of EMC	29.09.2011	19,9MB	4.1.0
RSA Smart Card Middleware 3.5	RSA, The Security Division of EMC	29.09.2011	13,2MB	3.5.3.36
RuntimeInstallieren	SIGNAL IDUNA	20.07.2011	2,28MB	1.20.0001
RV-Win		02.11.2012		
ScanSnap Manager	PFU	20.07.2011		V5.0L21
ScanSnap Organizer	PFU	20.07.2011		V4.1L11
ScanSoft PDF Converter 3.0	ScanSoft, Inc	04.10.2011	78,3MB	3.00.0002
SDK - Angebotsprogramm	Süddeutsche Krankenversicherung a.G.	15.08.2012	583MB	12.07.30
SIGNAL IDUNA Beratungssoftware freie Vertriebe	SIGNAL IDUNA Gruppe	02.11.2012		012.33.0001
Skype™ 5.10	Skype Technologies S.A.	13.09.2012	19,4MB	5.10.116
SQLAnywhere11		02.11.2012		
Swiss Life BeraterBüro	Intelligent Solution Services AG	05.09.2012	191MB	7.45.0271
Swiss Life EVA		02.11.2012		
T-Online 6.0		02.11.2012		
TeamViewer 7	TeamViewer	02.11.2012		7.0.15723
trixiKfz	trixi informationssysteme GmbH	30.05.2011	46,0MB	17.00.0000
Unterstützungsdateien für Microsoft SQL Server 2008-Setup 	Microsoft Corporation	31.10.2012	30,0MB	10.3.5500.0
Vereins-Verwaltung	Dr. Hartmut Braun	02.11.2012		11.6.07.12
VHV Maklerverwaltungsprogramm	VHV Allgemeine Versicherung AG	08.02.2012		1.1.7.0
VHV RECOMAX	VHV Allgemeine Versicherung AG	16.01.2012		7.00
VHV-Tarifprogramm	VHV Allgemeine Versicherung AG	20.09.2012		50.0.37
VIA-P 12.20	ITERGO GmbH	03.07.2012	2,85GB	12.20
VorsorgePLANER	Software für Vorsorge und Finanzplanung GmbH & Co. KG	13.09.2011	123MB	1.0
WebKIS Offline		02.11.2012		
Windows Live Essentials	Microsoft Corporation	01.09.2011		15.4.3538.0513
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	01.09.2011	5,57MB	15.4.5722.2
Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader  (05/17/2005 5.2.3790.2444)	Microsoft	02.11.2012		05/17/2005 5.2.3790.2444
WinRAR 4.11 (32-Bit)	win.rar GmbH	02.11.2012		4.11.0
Zoner Photo Studio 12	ZONER software	02.12.2011	164MB	12.0.1.10
         
------------------------

Hier die OTL Datei
Code:
ATTFilter
OTL logfile created on: 02.11.2012 03:51:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scheuer\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 50,77% Memory free
6,50 Gb Paging File | 4,75 Gb Available in Paging File | 73,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,97 Gb Total Space | 195,77 Gb Free Space | 66,82% Space Free | Partition Type: NTFS
Drive E: | 7,53 Gb Total Space | 1,42 Gb Free Space | 18,85% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 116,20 Gb Free Space | 67,25% Space Free | Partition Type: NTFS
Drive G: | 962,07 Mb Total Space | 484,32 Mb Free Space | 50,34% Space Free | Partition Type: FAT32
 
Computer Name: HAUPT-PC | User Name: Scheuer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Scheuer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWUpdater.exe (BISS GmbH)
PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe ()
PRC - F:\Versicherungen\KOSYMA\update\bserver3.exe (Brainstorm Informatik GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (RSA, The Security Division of EMC.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
PRC - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
PRC - C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
PRC - C:\Windows\System32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
PRC - F:\Versicherungen\WebKIS\Tomcat\bin\tomcat5.exe (Apache Software Foundation)
PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files\Hardcopy\HcDllS.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe ()
MOD - C:\Program Files\Hardcopy\hardcopy_03.dll ()
MOD - C:\Program Files\Hardcopy\HcDLL2_30_Win32.dll ()
MOD - C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll ()
MOD - C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll ()
MOD - C:\Program Files\PFU\ScanSnap\CardMinder\CardPath.dll ()
MOD - C:\Program Files\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll ()
MOD - C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll ()
MOD - C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinRiskXAAppService) -- F:\Versicherungen\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe ()
SRV - (CrmSqlStartupSvc) -- C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (WinRiskXAServiceHandler) -- F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe ()
SRV - (WinRiskXASoftwareUpdate) -- F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWUpdater.exe (BISS GmbH)
SRV - (BserverDienst) -- F:\Versicherungen\KOSYMA\update\bserver3.exe (Brainstorm Informatik GmbH)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Printer Control) -- C:\Windows\System32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (ApacheTomcatKLV) -- F:\Versicherungen\WebKIS\Tomcat\bin\tomcat5.exe (Apache Software Foundation)
SRV - (ARAGHSQL) -- F:\Versicherungen\DB\ABACUS\fp\HsqlService.exe (Multiplan Consultants Limited)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys ()
DRV - (RsFx0105) -- C:\Windows\System32\drivers\RsFx0105.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nachrichten.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\..\SearchScopes,DefaultScope = {0118E0F7-9F49-4502-AA50-52CF776CA330}
IE - HKCU\..\SearchScopes\{0118E0F7-9F49-4502-AA50-52CF776CA330}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Scheuer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Scheuer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.11.02 01:57:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.11.02 01:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.11.02 01:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
 
[2012.11.02 03:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.11.02 02:00:41 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\mozilla firefox\extensions\quickstores@quickstores.de
 
========== Chrome  ==========
 
CHR - homepage: hxxp://nachrichten.t-online.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://nachrichten.t-online.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: SiteRanker = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldkplledicnbnnliodeffobaiaodaf\1.0.0.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Google Mail = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.11.01 10:19:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Converter 3.0\RegistryController.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4 - HKLM..\Run: [RSA Card Conversion Utility] C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (RSA, The Security Division of EMC.)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\RunOnce: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vhv.de ([maxnet] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_10-windows-i586.cab (Java Plug-in 1.4.2_10)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{253A9CB9-9CF4-4CB4-A6C9-48ED5393596E}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADC195FF-FC71-43F2-BE2B-816D64DB9611}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.08.17 09:16:35 | 000,000,107 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.02 03:39:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Scheuer\Desktop\OTL.exe
[2012.11.02 03:35:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.11.02 03:32:36 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012.11.02 03:06:02 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.11.02 03:06:02 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.11.02 03:05:51 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.11.02 03:05:51 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.11.02 03:05:51 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.11.02 03:01:12 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.11.02 03:01:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.11.02 01:49:00 | 000,000,000 | --SD | C] -- C:\Users\Scheuer\AppData\Roaming\Microsoft
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Videos
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Saved Games
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Pictures
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Music
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Links
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Favorites
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Downloads
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Documents
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Desktop
[2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Vorlagen
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\AppData\Local\Verlauf
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\AppData\Local\Temporary Internet Files
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Startmenü
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\SendTo
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Recent
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Netzwerkumgebung
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Lokale Einstellungen
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Documents\Eigene Videos
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Documents\Eigene Musik
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Eigene Dateien
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Documents\Eigene Bilder
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Druckumgebung
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Cookies
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\AppData\Local\Anwendungsdaten
[2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Anwendungsdaten
[2012.11.02 01:49:00 | 000,000,000 | -H-D | C] -- C:\Users\Scheuer\AppData
[2012.11.02 01:49:00 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Local\Temp
[2012.11.02 01:49:00 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Local\Microsoft
[2012.11.02 01:49:00 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\Media Center Programs
[2012.11.02 01:47:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2012.11.02 01:47:45 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.11.02 01:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.11.02 01:45:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2012.11.02 01:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.11.02 01:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.11.02 01:40:20 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.11.02 01:29:31 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012.11.02 01:19:08 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2012.11.01 23:59:29 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.11.01 23:53:44 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Local\VS Revo Group
[2012.11.01 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012.11.01 22:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012.11.01 22:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.01 22:02:04 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\Runscanner.net
[2012.11.01 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\LavasoftStatistics
[2012.11.01 22:00:54 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\Ad-Aware Antivirus
[2012.11.01 21:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012.11.01 21:54:37 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\Documents\Anti-Malware
[2012.11.01 10:04:21 | 004,991,994 | R--- | C] (Swearware) -- C:\Users\Scheuer\Desktop\cofi.exe
[2012.11.01 09:14:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.01 09:14:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.01 09:14:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.01 09:14:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.01 09:13:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.31 14:51:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012.10.31 14:51:11 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012.10.31 14:50:38 | 000,073,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$CRM-sqlctr10.3.5500.0.dll
[2012.10.31 14:50:37 | 000,089,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL
[2012.10.31 13:48:13 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\Malwarebytes
[2012.10.31 13:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.31 13:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.31 13:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.10.31 12:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.10.31 12:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012.10.31 12:32:09 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012.10.31 12:23:15 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.31 12:23:15 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.31 12:23:15 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.25 14:56:44 | 000,000,000 | -H-D | C] -- C:\Windows\$CrmUninstallKB2739504_Mui_1031$
[2012.10.22 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\Documents\RVWin
[2012.10.22 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\RVWIN
[2012.10.19 10:36:55 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\Interessantes
[2012.10.10 16:37:32 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\Desktop\Fotos_Maria_Elsass
[2012.10.08 09:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.10.05 12:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VV Vereinsverwaltung
[2012.01.16 11:55:40 | 001,129,320 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\ClientSetupResources.dll
[2012.01.16 11:55:40 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\SetupClient.exe
[2012.01.16 11:55:40 | 000,354,664 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\ClientSetup.dll
[2010.10.28 04:34:50 | 004,368,744 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\mfc100u.dll
[2010.10.26 19:08:50 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\msvcr100.dll
[2010.10.26 19:08:50 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\msvcp100.dll
[2010.10.26 19:08:50 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\mfcm100u.dll
[2009.12.01 14:40:19 | 001,495,824 | ---- | C] (Hewlett-Packard Development Company, L.P.                   ) -- C:\Users\Scheuer\Lantreiber.exe
[2009.01.15 17:40:18 | 184,521,568 | ---- | C] (T-Online) -- C:\Users\Scheuer\T-Online_6.0.exe
[2009.01.10 11:52:21 | 017,788,641 | ---- | C] (VHV                                                         ) -- C:\Users\Scheuer\VHV_23.4.00.i.exe
[2009.01.10 11:52:21 | 004,849,303 | ---- | C] (SDK) -- C:\Users\Scheuer\slp_kv_setup.exe
[2009.01.10 11:52:19 | 002,633,928 | ---- | C] (Sammsoft                                                    ) -- C:\Users\Scheuer\AROTrial.exe
[2009.01.10 11:52:19 | 000,153,744 | ---- | C] (Symantec Corporation) -- C:\Users\Scheuer\fixkorgo.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.02 03:43:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2099175409-3244923250-3961599458-1000UA.job
[2012.11.02 03:39:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scheuer\Desktop\OTL.exe
[2012.11.02 03:21:57 | 000,826,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.02 03:21:57 | 000,779,848 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.02 03:21:57 | 000,196,370 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.02 03:21:57 | 000,168,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.02 03:20:38 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 03:20:38 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 03:16:01 | 000,004,838 | ---- | M] () -- C:\Windows\gauss.ini
[2012.11.02 03:15:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.02 03:14:33 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\sgugfj.job
[2012.11.02 03:14:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.02 03:14:12 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.02 03:12:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.02 03:10:48 | 000,413,106 | RHS- | M] () -- C:\FTSMQ
[2012.11.02 03:10:48 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2012.11.02 03:00:36 | 000,161,548 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012.11.02 03:00:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.02 02:49:12 | 000,022,140 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012.11.02 02:45:20 | 000,543,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.02 01:46:08 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.11.02 01:45:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.02 01:40:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.11.02 00:20:37 | 000,003,368 | ---- | M] () -- C:\Users\Scheuer\Desktop\Windows-Kompatibilitätsbericht.htm
[2012.11.02 00:16:15 | 000,002,543 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.11.02 00:16:15 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.11.01 10:19:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.01 09:15:44 | 000,002,470 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.11.01 09:11:03 | 004,991,994 | R--- | M] (Swearware) -- C:\Users\Scheuer\Desktop\cofi.exe
[2012.11.01 08:41:05 | 000,001,086 | ---- | M] () -- C:\Users\Scheuer\Documents\cc_20121101_084102.reg
[2012.10.31 17:01:20 | 000,016,974 | ---- | M] () -- C:\Windows\VFRAME32.INI
[2012.10.31 16:55:37 | 000,000,904 | ---- | M] () -- C:\Windows\VPMS.INI
[2012.10.31 15:53:30 | 000,001,572 | ---- | M] () -- C:\Windows\VFORTSCH.INI
[2012.10.31 13:14:31 | 000,587,096 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.10.31 13:14:31 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
[2012.10.31 13:14:31 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
[2012.10.31 12:59:04 | 000,038,858 | ---- | M] () -- C:\Users\Scheuer\Documents\cc_20121031_125859.reg
[2012.10.31 12:53:28 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.31 10:43:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2099175409-3244923250-3961599458-1000Core.job
[2012.10.31 10:14:42 | 000,001,027 | ---- | M] () -- C:\Users\Scheuer\Desktop\KV-Rational neu.lnk
[2012.10.30 17:10:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012.10.30 11:23:22 | 000,000,358 | ---- | M] () -- C:\Windows\ktel.ini
[2012.10.29 17:47:45 | 000,000,697 | ---- | M] () -- C:\Windows\AdrBook.INI
[2012.10.22 17:02:48 | 000,000,185 | ---- | M] () -- C:\Users\Scheuer\AppData\Roaming\CASUpdateSkip.lst
[2012.10.17 14:38:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012.10.15 12:28:07 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.15 12:28:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.15 11:24:12 | 000,001,268 | ---- | M] () -- C:\Windows\NSECOL2.WIN
[2012.10.11 08:41:34 | 000,155,810 | ---- | M] () -- C:\Users\Scheuer\Desktop\MVPExport.CSV
[2012.10.09 10:29:09 | 000,023,214 | ---- | M] () -- C:\Windows\unins000.dat
[2012.10.09 10:28:39 | 000,716,810 | ---- | M] () -- C:\Windows\unins000.exe
[2012.10.05 12:46:25 | 000,000,520 | ---- | M] () -- C:\Users\Public\Desktop\Vereins-Verwaltung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.02 03:10:48 | 000,413,106 | RHS- | C] () -- C:\FTSMQ
[2012.11.02 03:10:48 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2012.11.02 03:08:49 | 000,001,422 | ---- | C] () -- C:\Users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.11.02 03:02:03 | 2616,684,544 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.02 02:49:12 | 000,022,140 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012.11.02 01:47:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.11.02 01:46:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.11.02 01:46:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.02 01:45:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.11.02 01:11:09 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.11.02 00:08:07 | 000,003,368 | ---- | C] () -- C:\Users\Scheuer\Desktop\Windows-Kompatibilitätsbericht.htm
[2012.11.02 00:01:54 | 000,002,543 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.11.02 00:01:54 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.11.01 09:14:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.01 09:14:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.01 09:14:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.01 09:14:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.01 09:14:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.01 08:41:04 | 000,001,086 | ---- | C] () -- C:\Users\Scheuer\Documents\cc_20121101_084102.reg
[2012.10.31 12:59:02 | 000,038,858 | ---- | C] () -- C:\Users\Scheuer\Documents\cc_20121031_125859.reg
[2012.10.30 17:10:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012.10.17 14:38:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012.10.15 11:24:12 | 000,001,268 | ---- | C] () -- C:\Windows\NSECOL2.WIN
[2012.10.09 10:29:03 | 000,716,810 | ---- | C] () -- C:\Windows\unins000.exe
[2012.10.05 12:46:25 | 000,000,520 | ---- | C] () -- C:\Users\Public\Desktop\Vereins-Verwaltung.lnk
[2012.09.03 13:10:18 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\SSShim8.dll
[2012.08.22 15:01:26 | 000,000,094 | ---- | C] () -- C:\Windows\BBU.INI
[2012.08.22 15:01:02 | 000,000,481 | ---- | C] () -- C:\Windows\BTI.INI
[2012.08.22 15:00:49 | 000,100,864 | ---- | C] () -- C:\Windows\WDBUUI32.DLL
[2012.08.22 15:00:49 | 000,065,536 | ---- | C] () -- C:\Windows\WDBUMK32.DLL
[2012.08.22 15:00:48 | 000,320,512 | ---- | C] () -- C:\Windows\System32\W32MKDE.EXE
[2012.08.22 15:00:48 | 000,110,080 | ---- | C] () -- C:\Windows\System32\W32MKRC.DLL
[2012.08.22 15:00:48 | 000,101,888 | ---- | C] () -- C:\Windows\BUTIL.DLL
[2012.08.22 15:00:48 | 000,053,248 | ---- | C] () -- C:\Windows\BUTIL.EXE
[2012.08.22 15:00:48 | 000,041,472 | ---- | C] () -- C:\Windows\System32\r32.exe
[2012.08.22 15:00:48 | 000,012,288 | ---- | C] () -- C:\Windows\System32\REGOCX32.EXE
[2012.08.22 15:00:47 | 000,038,576 | ---- | C] () -- C:\Windows\System32\NWLOCALE.DLL
[2012.08.09 14:18:44 | 000,000,084 | ---- | C] () -- C:\Users\Scheuer\axa-bt.ini
[2012.07.04 12:37:58 | 000,000,064 | ---- | C] () -- C:\Users\Scheuer\btFrame.user
[2012.07.03 17:07:15 | 000,000,426 | ---- | C] () -- C:\Windows\VICTORIA.INI
[2012.06.27 17:10:16 | 000,000,697 | ---- | C] () -- C:\Windows\AdrBook.INI
[2012.05.14 10:25:31 | 000,002,859 | ---- | C] () -- C:\Windows\HME_ISIS32E.INI
[2012.05.09 03:28:25 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2012.04.24 11:55:31 | 000,000,345 | ---- | C] () -- C:\Users\Scheuer\AppData\Roaming\CASDruckstuecke.ini
[2012.04.20 15:17:59 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys
[2012.04.20 15:14:03 | 000,025,600 | ---- | C] () -- C:\Windows\System32\VADE232.DLL
[2012.04.20 15:14:02 | 000,544,256 | ---- | C] () -- C:\Windows\System32\ChangeGraphics.dll
[2012.03.13 14:01:12 | 000,029,567 | ---- | C] () -- C:\Windows\kubus.ini
[2012.02.21 16:07:06 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2012.02.01 11:04:38 | 000,000,065 | ---- | C] () -- C:\Windows\BADENIA.INI
[2012.01.16 17:42:12 | 009,387,008 | ---- | C] () -- C:\Users\Scheuer\Client.msi
[2012.01.16 17:42:12 | 005,029,376 | ---- | C] () -- C:\Users\Scheuer\MUISetup_1031_i386.msi
[2012.01.11 13:06:52 | 000,000,999 | ---- | C] () -- C:\Windows\BECCOLOR.INI
[2012.01.09 13:49:08 | 000,000,343 | ---- | C] () -- C:\Users\Scheuer\SpawnCmd.js
[2012.01.09 13:36:28 | 000,097,120 | ---- | C] () -- C:\Users\Scheuer\EnvironmentDiagnostics.chm
[2012.01.09 13:36:28 | 000,007,452 | ---- | C] () -- C:\Users\Scheuer\Readme.htm
[2011.12.19 13:38:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.11.29 13:39:03 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lbj.ini
[2011.11.22 15:09:53 | 000,000,026 | ---- | C] () -- C:\Windows\AFORTSCH.INI
[2011.11.10 11:03:45 | 000,317,440 | ---- | C] () -- C:\Windows\UninsVHV.exe
[2011.11.10 10:44:21 | 000,016,974 | ---- | C] () -- C:\Windows\VFRAME32.INI
[2011.11.09 10:56:52 | 000,000,103 | ---- | C] () -- C:\Windows\VHV_SicherungRuecksicherung.ini
[2011.11.09 10:50:57 | 000,000,904 | ---- | C] () -- C:\Windows\VPMS.INI
[2011.11.09 10:50:31 | 000,000,000 | ---- | C] () -- C:\Windows\VMAPO.DAT
[2011.10.10 13:31:31 | 000,000,045 | ---- | C] () -- C:\Windows\MVOPT.INI
[2011.10.10 13:31:30 | 000,000,006 | ---- | C] () -- C:\Windows\MV-CD.INI
[2011.10.10 13:29:46 | 000,000,000 | ---- | C] () -- C:\Program Files\Version.ini
[2011.09.29 14:11:03 | 000,104,651 | ---- | C] () -- C:\Users\Scheuer\OS_2001_nachtrag_78586240_20110721_023618.pdf
[2011.09.13 09:41:14 | 000,000,331 | ---- | C] () -- C:\Windows\axabt.ini
[2011.09.13 09:41:14 | 000,000,052 | ---- | C] () -- C:\Windows\axae.ini
[2011.09.13 09:41:12 | 000,005,968 | ---- | C] () -- C:\Windows\alias.ini
[2011.09.13 09:41:07 | 000,005,128 | ---- | C] () -- C:\Windows\vfrx.ini
[2011.08.30 09:41:36 | 000,023,214 | ---- | C] () -- C:\Windows\unins000.dat
[2011.08.25 13:47:30 | 000,255,848 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.08.08 10:04:57 | 000,001,572 | ---- | C] () -- C:\Windows\VFORTSCH.INI
[2011.08.02 10:27:44 | 000,104,614 | ---- | C] () -- C:\Windows\arj.exe
[2011.08.02 10:27:44 | 000,004,838 | ---- | C] () -- C:\Windows\gauss.ini
[2011.07.27 16:12:23 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2011.07.27 16:12:23 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe
[2011.07.27 12:42:31 | 000,000,185 | ---- | C] () -- C:\Users\Scheuer\AppData\Roaming\CASUpdateSkip.lst
[2011.07.27 12:40:55 | 000,000,044 | ---- | C] () -- C:\Windows\VOPTCON.INI
[2011.07.20 10:21:08 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011.07.20 10:19:04 | 000,000,842 | ---- | C] () -- C:\Windows\VPL_Apps.ini
[2011.07.20 10:18:53 | 000,000,395 | ---- | C] () -- C:\Windows\gsall.ini
[2011.07.20 10:03:41 | 000,001,068 | ---- | C] () -- C:\Windows\DOCS.INI
[2011.07.19 15:12:37 | 000,195,072 | ---- | C] () -- C:\Windows\System32\Msodeger.dll
[2011.05.31 11:36:16 | 000,001,603 | ---- | C] () -- C:\Windows\CAF.INI
[2011.05.31 11:36:16 | 000,000,429 | ---- | C] () -- C:\Windows\allianzl.ini
[2011.05.31 11:35:13 | 000,003,213 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.05.31 11:35:13 | 000,002,470 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.31 11:32:40 | 000,012,338 | ---- | C] () -- C:\Windows\Tabaus.ini
[2011.04.12 02:30:05 | 000,826,836 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,196,370 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.04.11 17:32:23 | 000,156,242 | ---- | C] () -- C:\Users\Scheuer\Tamer_Mahmoud.pdf
[2011.02.09 16:24:42 | 000,000,358 | ---- | C] () -- C:\Windows\ktel.ini
[2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.26 19:15:44 | 000,119,751 | ---- | C] () -- C:\Users\Scheuer\MSCRMClientEULA.rtf
[2010.10.26 19:06:24 | 000,000,530 | ---- | C] () -- C:\Users\Scheuer\Default_Client_Config.xml
[2010.09.08 16:52:28 | 000,015,679 | ---- | C] () -- C:\Users\Scheuer\invoice-10110095-o-140410-c-123219-d-20100908.pdf
[2010.08.10 10:01:07 | 000,122,098 | ---- | C] () -- C:\Users\Scheuer\nacktes_päpstle_Seite_1.jpg
[2010.08.10 10:01:07 | 000,113,572 | ---- | C] () -- C:\Users\Scheuer\nacktes_päpstle_Seite_2.jpg
[2010.08.10 10:01:07 | 000,059,154 | ---- | C] () -- C:\Users\Scheuer\nacktes_päpstle_Seite_3.jpg
[2010.08.10 09:50:58 | 000,328,865 | ---- | C] () -- C:\Users\Scheuer\nacktes_päpstle.pdf
[2010.08.05 12:16:24 | 004,233,414 | ---- | C] () -- C:\Users\Scheuer\hp_clj4600_handbuch.pdf
[2010.07.07 14:05:33 | 017,780,906 | ---- | C] () -- C:\Users\Scheuer\BedienungsanleitungWebPortalBedienungsanleitungWebPortal.pdf
[2010.05.31 11:59:31 | 000,103,403 | ---- | C] () -- C:\Users\Scheuer\roter Mohn.jpg
[2010.05.31 11:59:12 | 000,125,985 | ---- | C] () -- C:\Users\Scheuer\Katze.jpg
[2010.05.31 11:58:40 | 000,128,943 | ---- | C] () -- C:\Users\Scheuer\3 Pfingstrosen.jpg
[2010.04.07 13:06:31 | 000,135,116 | ---- | C] () -- C:\Users\Scheuer\Widmann_EDV.pdf
[2010.03.31 10:35:50 | 000,178,127 | ---- | C] () -- C:\Users\Scheuer\Dervisbegovic_Senija.pdf
[2010.01.29 16:36:28 | 000,211,572 | ---- | C] () -- C:\Users\Scheuer\DVD_Label.jpg
[2010.01.13 18:31:48 | 000,019,117 | ---- | C] () -- C:\Users\Scheuer\Intersky.mht
[2010.01.07 12:32:07 | 000,349,313 | ---- | C] () -- C:\Users\Scheuer\Condor_Download_20100107_123157.zip
[2010.01.05 19:03:31 | 000,042,931 | ---- | C] () -- C:\Users\Scheuer\WeiFei09_031.JPG
[2009.11.12 14:39:54 | 000,567,191 | ---- | C] () -- C:\Users\Scheuer\Ausweis_2.jpg
[2009.11.12 14:39:28 | 000,690,307 | ---- | C] () -- C:\Users\Scheuer\ausweis_1.jpg
[2009.11.04 11:46:47 | 000,305,202 | ---- | C] () -- C:\Users\Scheuer\Daten & Gebühren UBS (LUX) KEY SELECTION SICAV - GLOBAL ALLOCATION (EUR) B Fonds  A0B8QJ  LU0197216558.mht
[2009.11.03 18:41:38 | 000,095,376 | ---- | C] () -- C:\Users\Scheuer\Hitparade_2009.pdf
[2009.06.22 13:41:40 | 000,048,226 | ---- | C] () -- C:\Users\Scheuer\PGGZVF_ 061.jpg
[2009.06.09 12:14:41 | 000,052,668 | ---- | C] () -- C:\Users\Scheuer\Rechtsschutzversicherung.htm
[2009.04.24 16:31:07 | 000,016,257 | ---- | C] () -- C:\Users\Scheuer\Adressbuch_2.ldif
[2009.04.03 10:40:29 | 000,027,850 | ---- | C] () -- C:\Users\Scheuer\formular_rtf.rtf
[2009.03.19 15:38:28 | 000,444,942 | ---- | C] () -- C:\Users\Scheuer\Aufnahmefähigkeit 001.jpg
[2009.03.19 15:28:08 | 000,190,987 | ---- | C] () -- C:\Users\Scheuer\Meldebestätigung.jpg
[2009.02.25 11:29:43 | 003,546,098 | ---- | C] () -- C:\Users\Scheuer\siemens_gigaset_c325.pdf
[2009.02.16 12:34:20 | 000,032,893 | ---- | C] () -- C:\Users\Scheuer\iTunes Softwarelizenz.rtf
[2009.02.11 15:27:09 | 015,768,645 | ---- | C] () -- C:\Users\Scheuer\iPhone_Benutzerhandbuch.pdf
[2009.02.10 10:30:59 | 000,234,796 | ---- | C] () -- C:\Users\Scheuer\Google Maps.mht
[2009.01.21 18:18:03 | 000,072,120 | ---- | C] () -- C:\Users\Scheuer\Anfahrtshilfe.jpg
[2009.01.10 11:52:22 | 000,062,855 | ---- | C] () -- C:\Users\Scheuer\Vogelgrippe_Merkblatt_Wassersportler1.pdf
[2009.01.10 11:52:21 | 002,508,528 | ---- | C] () -- C:\Users\Scheuer\SetupProKasse50.EXE
[2009.01.10 11:52:21 | 000,138,192 | ---- | C] () -- C:\Users\Scheuer\SCHNEESCHUHPROFI-Tipps und Infos_pdf.htm
[2009.01.10 11:52:21 | 000,090,933 | ---- | C] () -- C:\Users\Scheuer\Versicherungsbestätigung.pdf
[2009.01.10 11:52:21 | 000,013,020 | ---- | C] () -- C:\Users\Scheuer\Quarta_Antonio_2.jpg
[2009.01.10 11:52:21 | 000,000,604 | ---- | C] () -- C:\Users\Scheuer\privat.p7b
[2009.01.10 11:52:20 | 005,272,954 | ---- | C] () -- C:\Users\Scheuer\neptun_27_Prospekt_neu_pdf.htm
[2009.01.10 11:52:20 | 000,042,676 | ---- | C] () -- C:\Users\Scheuer\kfz_kaufvertrag.pdf
[2009.01.10 11:52:20 | 000,002,304 | ---- | C] () -- C:\Users\Scheuer\LOCKFILE.dat
[2009.01.10 11:52:20 | 000,000,000 | ---- | C] () -- C:\Users\Scheuer\PDVD_MediaDisc.PlayList
[2009.01.10 11:52:19 | 002,768,896 | ---- | C] () -- C:\Users\Scheuer\kddat32_2006-08-07_15-25-18.mde
[2009.01.10 11:52:19 | 001,228,918 | ---- | C] () -- C:\Users\Scheuer\Image.nrg
[2009.01.10 11:52:19 | 000,955,771 | ---- | C] () -- C:\Users\Scheuer\ISO1.nri
[2009.01.10 11:52:19 | 000,376,832 | ---- | C] () -- C:\Users\Scheuer\EVAAntragPatch.exe
[2009.01.10 11:52:19 | 000,194,519 | ---- | C] () -- C:\Users\Scheuer\karte2_Allensbach.gif
[2009.01.10 11:52:19 | 000,174,309 | R--- | C] () -- C:\Users\Scheuer\DSC01198_Föllmer9..JPG
[2009.01.10 11:52:19 | 000,166,743 | ---- | C] () -- C:\Users\Scheuer\IMG_4155.JPG
[2009.01.10 11:52:19 | 000,160,324 | ---- | C] () -- C:\Users\Scheuer\IMG_4156.JPG
[2009.01.10 11:52:19 | 000,062,625 | ---- | C] () -- C:\Users\Scheuer\Geiselmann_2.jpg
[2009.01.10 11:52:19 | 000,053,683 | ---- | C] () -- C:\Users\Scheuer\Bootszulassung1.jpg
[2009.01.10 11:52:19 | 000,012,983 | ---- | C] () -- C:\Users\Scheuer\CVersicherungenCSoftworkVorschlag.pdf
[2009.01.10 11:52:19 | 000,002,693 | ---- | C] () -- C:\Users\Scheuer\Einstel.xml
[2009.01.09 12:49:57 | 000,000,027 | ---- | C] () -- C:\Users\Scheuer\version.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.09.16 15:18:53 | 012,874,752 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.02 02:27:51 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\1&1 Mail & Media GmbH
[2012.11.02 02:27:51 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Ad-Aware Antivirus
[2012.11.02 02:27:51 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\apkv
[2012.11.02 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\AquaSoft
[2011.12.02 15:49:24 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Ashampoo Slideshow Studio Elements
[2011.12.02 14:47:34 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Burn4U
[2012.11.02 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Byngo
[2012.11.02 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\CodedColor
[2012.11.02 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.04.05 16:35:20 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Elektra
[2012.11.02 02:28:33 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Foxit Software
[2012.11.02 02:28:33 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Fujitsu
[2012.11.02 02:28:33 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Garmin
[2012.11.02 02:28:33 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\HanseMerkurISAMA
[2012.11.02 02:28:35 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\HartlauerFotoService3
[2012.11.02 02:28:35 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\IrfanView
[2012.11.02 02:28:35 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\klickTel
[2012.11.02 02:28:36 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\MAGIX
[2012.11.02 02:28:43 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Motorola
[2012.11.02 02:28:44 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Notepad++
[2012.11.02 02:28:44 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\PFU
[2012.11.02 02:28:44 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\PhotoCleaner
[2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Pixpedia Publisher
[2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Runscanner.net
[2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\RVWIN
[2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\SiteRanker
[2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\SQL Anywhere 11
[2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\SwissLife
[2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\T-Online
[2012.11.02 02:29:00 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\TeamViewer
[2012.11.02 02:29:00 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\VHV
[2012.06.25 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Windows Live Writer
[2012.11.02 02:29:01 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 

< End of report >
         
----------------------

Hier der OTL Extras Logfile
Code:
ATTFilter
OTL Extras logfile created on: 02.11.2012 03:51:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scheuer\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 50,77% Memory free
6,50 Gb Paging File | 4,75 Gb Available in Paging File | 73,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,97 Gb Total Space | 195,77 Gb Free Space | 66,82% Space Free | Partition Type: NTFS
Drive E: | 7,53 Gb Total Space | 1,42 Gb Free Space | 18,85% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 116,20 Gb Free Space | 67,25% Space Free | Partition Type: NTFS
Drive G: | 962,07 Mb Total Space | 484,32 Mb Free Space | 50,34% Space Free | Partition Type: FAT32
 
Computer Name: HAUPT-PC | User Name: Scheuer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039F9D0B-1C98-4C64-814C-9D26F7BCA855}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{19A940B6-6851-4B49-AA92-A6EE1507FFF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1FB7D58E-6F2E-4D17-AA48-6327C39237E7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2020BF51-E221-4550-B055-D37CFB4E8673}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{319D0111-F4A7-4618-ACA5-3CFA7544B11C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31D8B164-EDFF-4A29-A8CA-D90389E4466D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{572CFD24-5A5A-495C-A3B6-F68FBFEC2EB5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{7B110DD4-D586-4FE1-AD77-E7CCDA95DD9A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A13AA54C-AF4E-4D7C-AEFB-9D651FF532C2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A8D3BF54-D1DB-4988-8B3A-F709E3D3A6BF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ADA4B0DE-A358-48AC-A217-6658CA6CDF41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF569B48-B5A8-4782-994C-F199808F91FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D407F147-3836-45B4-BF55-B0FBEDC0FCF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E0985840-0281-441A-A499-7B960708AFEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FECCAFED-91D1-41FD-82F6-9D9724BE2925}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010848A9-E178-4B55-AF0F-7C63D4D869AB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{085F3FB5-C6E7-4506-8B67-F471512D2729}" = protocol=6 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\vhvmvpclient.exe | 
"{093649AD-F5FF-411B-ACCD-526E80812041}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{126FE23E-3587-415D-B17A-60748A671428}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{130A7FD7-00C6-4F9F-B3BA-7DAE43EA8D8A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{162643AE-963B-48C7-9A47-67B4443FC7F8}" = protocol=6 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\jre\bin\javaw.exe | 
"{18B3C4CA-6DFC-47B7-A278-4CF38483C194}" = protocol=6 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\jre\bin\java.exe | 
"{1910BC65-2D75-432D-814F-511A1B8D98DD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{22F5C0FD-7210-44EE-BCFE-2486A837C806}" = protocol=6 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\jre\bin\javaw.exe | 
"{2754EE62-A146-4128-9221-88EE6DED84C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A450943-9F79-4EF6-8C47-7E4EDC453894}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31999F69-4932-4E43-B809-E443C00F5E24}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{333E60CB-5104-489B-A8B6-75E97DB64577}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3EE622ED-6482-4E11-B66F-55AF32D9BA56}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{467A8882-A706-4F47-BB76-5C406DFBC8C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49C6A332-BAE0-48CE-83DE-915FDB799034}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{4A41FC8A-CBCF-4903-855A-33809E311816}" = protocol=17 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\jre\bin\java.exe | 
"{4C3105AD-DA4E-4512-B13E-ED7BB179651E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{5468CDA1-F4DC-44D4-88E7-B9DBC60158B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5482D99C-3A4B-448B-BEC2-94858CC2C1FE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{5AB3D55B-26F0-4A9C-B7D6-8C06D83BEBD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5B016F55-5F64-4A87-87BE-8E9B6DA991C5}" = protocol=6 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe | 
"{5D8E4E4D-E985-4BD1-A36C-CDBBC2B47CFD}" = protocol=6 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe | 
"{5FB6C874-9CDE-474F-8C3D-C9B279BE010C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{65A681E1-C556-4A1B-899F-CCDED8F1E9AC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{688FA4B3-F5EC-4C31-9BD7-382B1EB4E88C}" = protocol=6 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\jre\bin\javaw.exe | 
"{71AC7B92-B550-405D-8879-A9C80E8ACDD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7786C7C5-38AF-4DF9-A246-BBB6F426B79B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{78222845-262E-4C4E-8883-5BCA858910EA}" = protocol=6 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\jre\bin\javaw.exe | 
"{7D1638B9-8A32-4F90-BD6D-A91FD282CE01}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{8623013B-8D49-4F3F-88B5-3A8B0B928010}" = protocol=6 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe | 
"{8B4D2771-6CFB-4C97-B6F8-0513E53640D3}" = protocol=17 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\jre\bin\java.exe | 
"{9429C969-E3A8-46F6-B7EB-9B8A7F6B00B3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{9AC63C6E-EF60-406C-8C59-734908370281}" = protocol=17 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe | 
"{9B413351-5600-4079-A8D1-33A6B2ECEEB9}" = protocol=6 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\jre\bin\java.exe | 
"{9E14C388-82EC-40A6-A5AD-B13E4A7E2446}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{9EEA2C8A-E0CF-4B3F-9F3D-33B78FF9EBB6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A03ED4D6-8978-43C5-A232-BF2F6BBFA0DF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{AAB5F187-5556-4E89-BF9B-D803D215CBA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABB0B2C1-7AD4-4A35-AC6F-B7D26103D9CD}" = protocol=17 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe | 
"{ACC34735-C8BC-4FE2-BA71-241E9D341E7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AECF5E17-E285-442C-B5FB-616708034E04}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{B43DEAFD-55E6-4F06-A1AF-F08A16A349CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B78E47E7-4FE4-4B8C-B0B6-DE7561C8D616}" = protocol=17 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\vhvmvpclient.exe | 
"{BB0BC0A2-42B4-4088-8CAE-DCFE4E355471}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB6096C9-21C0-4CCB-AC66-FC80B08D4640}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{BEEDCA98-1C2C-404D-8D27-610DD71A9DB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BF887BAD-F690-4103-8C9E-39902A8435FE}" = protocol=17 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\jre\bin\javaw.exe | 
"{C5B6B44D-2278-46E5-BA87-E372D7CBF4AE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{C601E2E0-1BB2-40AB-B30D-64DEC44EA26D}" = protocol=17 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\jre\bin\javaw.exe | 
"{C6955C60-9537-45EF-B9BE-D275A59D9B6E}" = protocol=6 | dir=out | app=system | 
"{C8424C45-4A52-4B3C-9B2A-4E70BE2B1263}" = protocol=17 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe | 
"{C88C0988-7CED-41F4-A123-B9838467926D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{D24B5DC5-5C13-4775-BBA9-98F468B19F8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D692402A-D835-4E91-BD70-F5FBBD9F0F8B}" = protocol=17 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe | 
"{D7B7F914-1B16-4190-9D34-C85D40EC4060}" = protocol=17 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\jre\bin\javaw.exe | 
"{DA33C63A-8F78-492E-A53B-660E3AF62694}" = protocol=6 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe | 
"{E7654D6F-7A02-44CA-866B-92A7EEB20560}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{E952B21A-92DC-43DE-BB17-07897DD6A358}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{F9B71874-E363-4A82-B48E-5B1C756B85E1}" = protocol=6 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\vhvmvpclient.exe | 
"{FAE19A7D-72FE-4B65-886E-68D2F9ED2E3D}" = protocol=17 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\jre\bin\javaw.exe | 
"{FB5159E6-13A6-4168-87EC-01210AB4DB48}" = protocol=17 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\vhvmvpclient.exe | 
"TCP Query User{A6186E83-E4E4-46D3-ABEF-FAD044E6F516}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C7AF121F-7EAF-4E90-9E32-929AABA9A730}F:\versicherungen\java\arag_jre1.5.0_19\bin\java.exe" = protocol=6 | dir=in | app=f:\versicherungen\java\arag_jre1.5.0_19\bin\java.exe | 
"UDP Query User{8C17FDA2-2F46-4DF6-8558-38854A3C642C}F:\versicherungen\java\arag_jre1.5.0_19\bin\java.exe" = protocol=17 | dir=in | app=f:\versicherungen\java\arag_jre1.5.0_19\bin\java.exe | 
"UDP Query User{F4976A73-6FC9-4999-B3C0-578E45A3AC31}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180407-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime
"{01FE12C6-DEEA-492F-86F9-DD94D8E5DC95}" = MAGIX Foto Premium 9
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02DDD716-E180-4367-9E18-576BD000EEFC}" = Swiss Life BeraterBüro
"{0340FC65-9ED5-42AF-9791-961F5AB154DA}" = CAP GEV Child
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{060c0bc3-df11-4bb3-8815-627c8c243fb0}.sdb" = MV-Makler-und-ADP
"{0712638F-559B-4F49-B8BE-BF3AAEE54A38}" = ScanSnap
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C524D20-0407-0050-8A9E-0C4C490E4E54}" = Microsoft Dynamics CRM 2011 für Microsoft Office Outlook
"{0C524DC1-0407-0050-8121-88490F4D5549}" = Microsoft Dynamics CRM 2011 Language Pack für German
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1269ED0D-BFDB-439D-988C-01AC2125FD10}" = Dialog Tarifprogramm
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{150F9D4D-F555-41BB-AF49-D9DA8F53A82D}" = KUBUS light ERGO
"{159EC8B7-6866-42BE-9CC6-46E7FC2A9A73}" = TransSELEKT
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17E7B2A7-5724-4512-ACAF-C8A8A7B31587}" = MAGIX Speed 2 (MSI)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}" = RSA SecurID Software Token
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{26FA3721-E325-44DE-8318-6FA434F2A064}" = CardMinder V4.0
"{280E91D7-BBA8-42A2-8F45-00FD89E454B0}_is1" = HanseMerkur ISA Service Extensions
"{2A0FC4FF-8818-4648-A4F2-93D16DB3EF29}" = Updateservice GEV
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (KIS)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{383217E3-8F0C-4B85-92B5-6B579A52B0F1}" = AOWin2010
"{383217E3-8F0C-4B85-92B5-6B579A52B0FC}" = AOWin2010
"{39D6D822-4BB4-46D5-90C8-8C1E5837CEBD}" = klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{49C1A51C-7A09-49AE-9447-90D3945FC6A7}" = MAGIX Screenshare
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E266E5D-F9A6-4AF4-9431-679CF35C25AD}" = Moreba GEV
"{4E8026BF-F024-44D4-8299-3F4694636825}" = ScanSoft PDF Converter 3.0
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{53CFF9B1-4ED7-4114-8ECF-ADD13BC8AC57}" = VHV RECOMAX
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{54FA5000-9FF8-47D5-BF65-4A17BE040242}" = klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2010
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE34761-0D70-4E9A-BF4B-BE366D9E0478}" = ElektrALight
"{5F8F65CC-787E-4DD6-95ED-07DF214DBDB3}" = trixiKfz
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}" = Dir-It!
"{61ED7FB5-495E-4BA7-B4EA-D8E0077353FE}_is1" = Power Druckstudio Gold 1
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6474E823-3AB2-FFE2-08B2-D1AF0DA1AAA7}" = myphotobook.de
"{6481496E-555D-4BE5-83F2-55C6C2851A48}" = Beratungsprotokolle
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0
"{6DD40B68-1851-4BBD-AED6-CD82CB884735}" = Moreba
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E5410F7-6FDF-412D-B3D5-9EC985F8FEF4}" = Generali Tarifierungen Gev
"{6E75A7A0-DA88-4F78-8068-2DE42ECBB91E}" = WebKIS Offline
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142100}" = Java 2 Runtime Environment, SE v1.4.2_10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B29AA98-B40C-4D6B-A15B-B6A00D71F133}" = Abgeltungsteuer GEV
"{7EB65C13-CFDC-4312-97B7-92AFBFC2AA18}" = VHV Maklerverwaltungsprogramm
"{832BFF4E-B65C-4AF0-AA0E-52A64705C5F6}" = MAGIX Xtreme Grafik Designer 5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8393592A-B977-489E-8C78-84E19DE9FE21}" = MAGIX 3D Maker (embedded MSI)
"{83B34C33-5337-4EA9-A886-04D63F486861}" = Stufenmodell GEV
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85530EE5-B265-4F84-BD2A-DE2BBBC990B7}" = Beratungsprogramme W&W-Konzern
"{859258F8-3F00-4335-BBD5-318F17369012}" = MAGIX Online Druck Service
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{891F6136-6540-495D-95D9-703DA7EDE3AD}" = SDK - Angebotsprogramm
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}" = Microsoft Online Services-Anmeldeassistent
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8D86B3AE-F744-4F97-ADDD-6B13345C62FF}_is1" = VorsorgePLANER
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EFC9E98-A218-4D83-BFC5-5E67E318767F}" = GEV Excelloesungen
"{A2397CA0-C472-46CC-83CD-EE54CE2A2117}" = Vera Kompas GEV
"{A31AB657-D929-4B80-A2B2-45E03902A3DD}" = InterRisk WinRisk 4.9.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}" = VHV-Tarifprogramm
"{AC2F9FCC-170E-4B0B-84AB-7307A373570F}" = RSA Smart Card Middleware 3.5
"{AC63EF8A-ABE1-79BB-F8B3-06C06BCA8B3C}" = HanseMerkur ISA Makler
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADA12202-A22B-445D-987F-D4CFADA12202}" = VIA-P
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8381511-3832-4449-B33A-763931D2590B}" = BB-Euro-Tarifrechner
"{B8777FFC-165B-4DDE-B60B-AD5533D9EAD3}" = AquaSoft PhotoKalender 3
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BBF0B1C3-EEC1-4AA6-916B-126E895A46D8}" = Fujitsu NetCOBOL Free Run-time
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C821456C-43B2-4A7E-B3E3-BB24DE58705A}" = MEAG-Angebotssoftware
"{C8320AEC-2E97-4C78-81EC-43CF6D248B01}" = Microsoft XML Parser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7D48A0-CB2A-4293-8C41-68A116430BE9}" = AXA Beratungstechnologie
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DE5CF410-90B1-4963-ABC3-C23289E52255}" = Angebots Msi
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A69F09-B3A1-4E4B-AB8F-16B94981A67B}" = Geldgeschenke DruckShop
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{ED7BE5AA-4E2D-4030-95BA-6CCA4BFABB03}" = BEG-Rechner GEV
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFA462DC-DF28-49B4-A82B-D47D2A94AB1E}" = ELBE SL
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA699A-5279-49F2-AC5C-1BA58B3CC613}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDC7BD51-0E41-4743-A843-41055F0BCB61}" = FIT GEV
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF0F7090-18DC-43ED-8A3F-F04DBAEC5600}" = Beraterplatz GEV
"{FF460B05-3F84-4A44-886A-13DA143C7C26}" = ScanSnap Organizer
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Vollversion)
"ABACUS" = ABACUS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.20
"AquaSoft PhotoKalender 3" = AquaSoft PhotoKalender 3
"ASC Easy Updater_is1" = ASC Easy Update auf Version 4.5.0
"ASC Easy_is1" = ASC Easy 3.9.3
"CCleaner" = CCleaner
"CleverPrint_is1" = CleverPrint
"CodedColor_is1" = CodedColor FotoStudio 2010, 6.1.2
"CONDOR Angebotssystem" = CONDOR Angebotssystem
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DB_Firebird 1.5.0.4306" = DB_Firebird 1.5.0.4306
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"E38B2136962D21A7BDE5AAC98CD1C6EA6B6D0687" = Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader  (05/17/2005 5.2.3790.2444)
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0
"Generali Versicherungen Beratungssoftware" = Generali Versicherungen Beratungssoftware
"GEWA KVRATIO" = GEWA KVRATIO
"GEWA KV-Rational" = GEWA KV-Rational
"GSPDEINSTALL" = Gothaer Softwarepaket, komplette Deinstallation
"HanseMerkurISAMA" = HanseMerkur ISA Makler
"HanseMerkur-Tarife" = HanseMerkur-Tarife
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HartlauerFotoService3_is1" = Direkt Foto System 3.x
"Helvetia Porta" = Helvetia Porta
"InstallShield_{150F9D4D-F555-41BB-AF49-D9DA8F53A82D}" = KUBUS light ERGO
"InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"InstallShield_{BBF0B1C3-EEC1-4AA6-916B-126E895A46D8}" = Fujitsu NetCOBOL Free Run-time
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.4.0
"LAN-Fax Dienstprogramme" = LAN-Fax Dienstprogramme
"MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX Foto Premium 9
"MAGIX_MSI_XtremeGrafik5" = MAGIX Xtreme Grafik Designer 5
"MailStore Home_universal1" = MailStore Home 5.0.1.6919
"Maitre" = Maitre
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft CRM Client" = Microsoft Dynamics CRM 2011 für Microsoft Office Outlook
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MKVWin_XX-X_is1" = MKVWin 12-1
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"MUENCHENER VEREIN" = MÜNCHENER VEREIN Software-Service
"PhotoCleaner" = PhotoCleaner
"pixpedia-de_is1" = Pixpedia Publisher 3.1.1
"POLARIS" = POLARIS
"PROPLUS" = Microsoft Office Professional Plus 2007
"R:BASE 76 Runtime for VV" = Vereins-Verwaltung
"RV-Win" = RV-Win
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SQLAnywhere11" = SQLAnywhere11
"Swiss Life EVA" = Swiss Life EVA
"TeamViewer 7" = TeamViewer 7
"VIA-P 12.20" = VIA-P 12.20
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"YTdetect" = Yahoo! Detect
"ZonerPhotoStudio12_DE_is1" = Zoner Photo Studio 12
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"KS-Win 2008" = KS-Win 2008
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 03.08.2012 03:59:02 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 03.08.2012 03:59:02 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 03.08.2012 03:59:02 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 03.08.2012 03:59:02 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 07.08.2012 13:36:17 | Computer Name = Haupt-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 12.0.6661.5003 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1224    Startzeit: 01cd74c228e37cdd    Endzeit: 15    Anwendungspfad:
 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: 53acf146-e0b6-11e1-b540-002215263d69

 
Error - 08.08.2012 04:27:13 | Computer Name = Haupt-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 15b4    Startzeit: 01cd753f43653bdc    Endzeit: 15    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
[ OSession Events ]
Error - 01.06.2011 05:33:16 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.11.2011 12:47:14 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17972
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 08.12.2011 08:54:44 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5452
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22.12.2011 12:11:12 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 426
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 06.06.2012 12:28:28 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1314
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 13.08.2012 05:49:46 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2772
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 07.09.2012 11:19:20 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 30
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.11.2012 22:02:14 | Computer Name = Haupt-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 01.11.2012 22:02:14 | Computer Name = Haupt-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.11.2012 22:03:41 | Computer Name = Haupt-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   KLIM6
 
Error - 01.11.2012 22:08:31 | Computer Name = Haupt-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
 
Error - 01.11.2012 22:14:17 | Computer Name = Haupt-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 01.11.2012 22:14:17 | Computer Name = Haupt-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 01.11.2012 22:15:25 | Computer Name = Haupt-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   KLIM6
 
Error - 01.11.2012 22:34:39 | Computer Name = Haupt-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.11.2012 22:34:44 | Computer Name = Haupt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80080005 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2731847)
 
Error - 01.11.2012 22:34:57 | Computer Name = Haupt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Updaterollup 11 für Microsoft Dynamics CRM 2011
 für Outlook (KB2739504)
 
 
< End of report >
         

Alt 02.11.2012, 17:21   #2
Ludel
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



Leider habe ich keine Bearbeitungsfunktion hier deshalb der Nachtrag hier.

Gmer LOg

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-02 15:06:19
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.CC46
Running: h3vibotv.exe; Driver: C:\Users\Scheuer\AppData\Local\Temp\kwloipoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAdjustPrivilegesToken [0x91DA80C2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcConnectPort [0x91D5BD66]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcCreatePort [0x91D5C0AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcSendWaitReceivePort [0x91D5C4F4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwClose [0x91D4479E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwConnectPort [0x91D5BA40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateEvent [0x91D44D16]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateMutant [0x91D44BFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreatePort [0x91D5BF12]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateSection [0x91DAAF2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateSemaphore [0x91D44E36]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateThread [0x91DAA3C4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateThreadEx [0x91DAA604]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateUserProcess [0x91DAA068]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateWaitablePort [0x91D5BFE0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDebugActiveProcess [0x91DA9F0E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDeviceIoControlFile [0x91D447E2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDuplicateObject [0x91DA8204]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwLoadDriver [0x91DA7E6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwMapViewOfSection [0x91DAAD26]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwNotifyChangeKey [0x91D5A1D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenEvent [0x91D44DAC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenMutant [0x91D44C8C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenProcess [0x91DA9AB6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenSection [0x91DAB1D8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenSemaphore [0x91D44ECC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenThread [0x91DAA120]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueryDirectoryObject [0x91D44F56]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueryObject [0x91D5A3DE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueueApcThread [0x91DAABDA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyPort [0x91D5C2D8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyWaitReceivePort [0x91D5C166]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyWaitReceivePortEx [0x91D5C21C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwRequestWaitReplyPort [0x91D5C348]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwResumeThread [0x91DAA906]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSecureConnectPort [0x91D5BBCE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetContextThread [0x91DAAA62]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetInformationToken [0x91D44FF8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetSystemInformation [0x91DA7F76]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSuspendProcess [0x91DA9C56]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSuspendThread [0x91DAA7AE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSystemDebugControl [0x91D4500A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwTerminateProcess [0x91DA9DB6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwTerminateThread [0x91DAA2C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwUnmapViewOfSection [0x91DAB340]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwWriteVirtualMemory [0x91DAB06A]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackComplete + 1415                                                830539E9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                8308D452 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                   830944AC 4 Bytes  [C2, 80, DA, 91] {RET 0xda80; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                   830944D4 8 Bytes  [66, BD, D5, 91, AE, C0, D5, ...] {MOV BP, 0x91d5; SCASB ; RCL CH, 0x91}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                   83094518 4 Bytes  [F4, C4, D5, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                   83094544 4 Bytes  [9E, 47, D4, 91] {SAHF ; INC EDI; AAM 0x91}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                   83094568 4 Bytes  [40, BA, D5, 91]
.text           ...                                                                                   
.text           C:\Windows\system32\drivers\SSHDRV86.sys                                              section is writeable [0x84354000, 0x26354, 0xE8000020]
.pklstb         C:\Windows\system32\drivers\SSHDRV86.sys                                              entry point in ".pklstb" section [0x84389000]
.relo2          C:\Windows\system32\drivers\SSHDRV86.sys                                              unknown last section [0x843A0000, 0x8E, 0x42000040]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                              section is writeable [0x92A03000, 0x2D5378, 0xE8000020]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                   B944C000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                   B944C123 629 Bytes  [75, 44, B9, FE, 05, 34, 75, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                   B944C399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                   B944C3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                   B944C4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                   

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                               klkbdflt.sys (KLKBDFLT Keyboard Device Filter [fre_wlh_x86]/Kaspersky Lab)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                               klkbdflt.sys (KLKBDFLT Keyboard Device Filter [fre_wlh_x86]/Kaspersky Lab)

Device          \Driver\ACPI_HAL \Device\00000044                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                               kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                               kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \Driver\tdx \Device\RawIp                                                             kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice  \FileSystem\fastfat \Fat                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
__________________


Alt 02.11.2012, 17:44   #3
markusg
/// Malware-holic
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
__________________

Alt 02.11.2012, 18:12   #4
Ludel
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



Der Combofix Log:
Code:
ATTFilter
ComboFix 12-10-31.03 - Scheuer 02.11.2012  18:00:35.3.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3327.1896 [GMT 1:00]
ausgeführt von:: c:\users\Scheuer\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-02 bis 2012-11-02  ))))))))))))))))))))))))))))))
.
.
2012-11-02 17:07 . 2012-11-02 17:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-02 02:33 . 2012-09-14 18:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 02:32 . 2012-08-30 17:06	3972464	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-11-02 02:32 . 2012-08-30 17:06	3917168	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-11-02 02:32 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
2012-11-02 02:06 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-11-02 02:06 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-11-02 02:06 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-11-02 02:06 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-11-02 02:05 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-11-02 02:05 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-11-02 02:05 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-11-02 02:01 . 2012-06-02 14:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-11-02 02:01 . 2012-06-02 14:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-11-02 01:43 . 2012-11-02 01:43	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-11-02 00:49 . 2012-11-02 02:06	--------	d-----w-	c:\users\Scheuer
2012-11-02 00:47 . 2012-11-02 02:21	--------	d-sh--w-	c:\windows\Installer
2012-11-02 00:46 . 2012-11-02 00:46	0	----a-w-	c:\windows\ativpsrm.bin
2012-11-02 00:45 . 2012-11-02 00:45	--------	d-----w-	c:\windows\system32\RTCOM
2012-11-02 00:45 . 2012-11-02 00:45	--------	d-----w-	c:\program files\Realtek
2012-11-02 00:40 . 2012-11-02 02:50	--------	d-----w-	c:\windows\Panther
2012-11-02 00:29 . 2012-11-02 01:52	--------	d-----w-	C:\$WINDOWS.~Q
2012-11-02 00:19 . 2012-11-02 00:24	--------	d-----w-	C:\$INPLACE.~TR
2012-11-01 22:22 . 2012-11-02 02:18	--------	d-----w-	c:\program files\Unlocker
2012-11-01 21:14 . 2012-11-02 01:06	--------	d-----w-	c:\programdata\Sophos
2012-10-31 13:50 . 2011-09-22 16:18	73064	----a-w-	c:\windows\system32\perf-MSSQL$CRM-sqlctr10.3.5500.0.dll
2012-10-31 13:50 . 2011-09-22 16:18	89960	----a-w-	c:\windows\system32\SQSRVRES.DLL
2012-10-31 12:48 . 2012-11-02 01:06	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-31 12:05 . 2012-11-02 01:06	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-10-31 12:05 . 2012-11-02 01:01	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2012-10-31 11:32 . 2012-11-02 01:06	--------	d-----w-	c:\windows\ELAMBKUP
2012-10-31 11:23 . 2012-09-24 22:16	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-10-25 13:56 . 2012-11-02 01:06	--------	d--h--w-	c:\windows\$CrmUninstallKB2739504_Mui_1031$
2012-10-09 09:29 . 2012-10-09 09:28	716810	----a-w-	c:\windows\unins000.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-31 12:14 . 2012-07-25 13:53	25944	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2012-10-31 12:14 . 2012-05-25 18:38	25944	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2012-10-15 11:28 . 2012-03-30 07:05	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-15 11:28 . 2011-07-12 11:12	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 19:25 . 2012-05-10 10:49	421376	----a-w-	c:\windows\system32\W7TRunOnce.exe
2012-09-16 14:21 . 2012-09-16 14:21	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-16 14:20 . 2012-09-16 14:20	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-16 14:20 . 2012-09-16 14:20	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-16 14:20 . 2012-09-16 14:20	1306992	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-16 14:20 . 2012-09-16 14:20	400896	----a-w-	c:\windows\system32\srcore.dll
2012-09-16 14:20 . 2012-09-16 14:20	2354176	----a-w-	c:\windows\system32\win32k.sys
2012-09-16 14:19 . 2012-09-16 14:19	1390080	----a-w-	c:\windows\system32\msxml6.dll
2012-09-16 14:19 . 2012-09-16 14:19	1236480	----a-w-	c:\windows\system32\msxml3.dll
2012-09-16 14:19 . 2012-09-16 14:19	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-16 14:19 . 2012-09-16 14:19	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-16 14:19 . 2012-09-16 14:19	769024	----a-w-	c:\windows\system32\localspl.dll
2012-09-16 14:19 . 2012-09-16 14:19	41984	----a-w-	c:\windows\system32\browcli.dll
2012-09-16 14:19 . 2012-09-16 14:19	102912	----a-w-	c:\windows\system32\browser.dll
2012-09-16 14:19 . 2012-09-16 14:19	805376	----a-w-	c:\windows\system32\cdosys.dll
2012-09-16 14:18 . 2012-09-16 14:18	142336	----a-w-	c:\windows\system32\cryptsvc.dll
2012-09-16 14:18 . 2012-09-16 14:18	1160192	----a-w-	c:\windows\system32\crypt32.dll
2012-09-16 14:18 . 2012-09-16 14:18	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-08-31 13:35 . 2012-08-31 13:35	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-08-31 13:35 . 2011-11-09 09:06	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-23 15:51 . 2012-11-02 08:37	3584	----a-w-	c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2012-08-23 07:15 . 2012-07-11 07:27	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E09D951-A790-49D6-A5ED-13F634A59E6C}\mpengine.dll
2012-08-21 11:01 . 2012-09-17 11:14	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-03-31 19:32	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-08-13 17:24 . 2012-08-13 17:24	75096	----a-w-	c:\windows\system32\drivers\klflt.sys
2012-08-13 15:49 . 2012-08-13 15:49	144344	----a-w-	c:\windows\system32\drivers\kneps.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-17 218880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"PDF3 Registry Controller"="c:\program files\ScanSoft\PDF Converter 3.0\\RegistryController.exe" [2005-04-26 106496]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-06-22 864768]
"RSA Card Conversion Utility"="c:\program files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe" [2010-08-27 3499728]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-7-20 77824]
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2011-7-27 3520000]
In PDF-Datei mit ScanSnap Organizer konvertieren.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-7-20 15360]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-7-20 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AmyuniOptionen.lnk]
backup=c:\windows\pss\AmyuniOptionen.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AmyuniOptionen.lnk
.
[HKLM\~\startupfolder\C:^Users^Scheuer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Password Safe.lnk]
backup=c:\windows\pss\Password Safe.lnk.Startup
backupExtension=.Startup
path=c:\users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
.
[HKLM\~\startupfolder\C:^Users^Scheuer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk]
backup=c:\windows\pss\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk.Startup
backupExtension=.Startup
path=c:\users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISA Service Extensions]
javaw -Xmx30m -jar [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
2012-07-27 20:51	1261512	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
2012-08-29 06:37	802448	----a-w-	f:\program files\FUJIFILM\MyFinePix Studio\dd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-26 09:57	116648	----atw-	c:\users\Scheuer\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41	222128	----a-w-	c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27	119152	----a-w-	c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33	17418928	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray"]
2008-11-12 17:39	4442624	----a-w-	c:\program files\CodedColor\byngo.exe
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 ARAGHSQL;ARAGHSQL;f:\versicherungen\DB\ABACUS\fp\HsqlService.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 WinRiskXAServiceHandler;InterRisk WinRisk Dienststeuerung;f:\versicherungen\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MSSQL$CRM;SQL Server (CRM);c:\program files\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\sqlservr.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRiskXAAppService;InterRisk WinRisk Anwendungsdienst;f:\versicherungen\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$CRM;SQL Server-Agent (CRM);c:\program files\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ApacheTomcatKLV;Apache Tomcat KLV;f:\versicherungen\WebKIS\Tomcat\bin\tomcat5.exe [x]
S2 BserverDienst;BserverDienst;f:\versic~1\KOSYMA\UPDATE\BSERVER3.EXE [x]
S2 CrmSqlStartupSvc;SQL Server (CRM) - Herunterfahren bei Bedarf;c:\program files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 MSSQL$KIS;SQL Server (KIS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 WinRiskXASoftwareUpdate;InterRisk WinRisk Softwareaktualisierung;f:\versicherungen\InterRisk\WinRiskXA\client\bin\BWUpdater.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CDFS
*NewlyCreated* - KWLOIPOC
*Deregistered* - kwloipoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:28]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 15:26]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 15:26]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099175409-3244923250-3961599458-1000Core.job
- c:\users\Scheuer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 09:57]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099175409-3244923250-3961599458-1000UA.job
- c:\users\Scheuer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 09:57]
.
2012-11-02 c:\windows\Tasks\sgugfj.job
- c:\windows\system32\SSShim8.dll [2012-09-03 12:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://nachrichten.t-online.de/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: vhv.de\maxnet
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{253A9CB9-9CF4-4CB4-A6C9-48ED5393596E}: DhcpNameServer = 193.189.244.225 193.189.244.206
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-02  18:09:44
ComboFix-quarantined-files.txt  2012-11-02 17:09
ComboFix2.txt  2012-11-01 09:22
ComboFix3.txt  2012-11-01 08:25
.
Vor Suchlauf: 16 Verzeichnis(se), 209.349.083.136 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 209.427.152.896 Bytes frei
.
- - End Of File - - F115829EB2A0B45E96DADB371546095E
         

Alt 02.11.2012, 18:21   #5
markusg
/// Malware-holic
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2012, 19:38   #6
Ludel
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



Hier nun der gewünschte Logauszug von TDSS

Code:
ATTFilter
19:34:16.0086 4564  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:34:16.0102 4564  ============================================================
19:34:16.0102 4564  Current date / time: 2012/11/02 19:34:16.0102
19:34:16.0102 4564  SystemInfo:
19:34:16.0102 4564  
19:34:16.0102 4564  OS Version: 6.1.7601 ServicePack: 1.0
19:34:16.0102 4564  Product type: Workstation
19:34:16.0102 4564  ComputerName: HAUPT-PC
19:34:16.0102 4564  UserName: Scheuer
19:34:16.0102 4564  Windows directory: C:\Windows
19:34:16.0102 4564  System windows directory: C:\Windows
19:34:16.0102 4564  Processor architecture: Intel x86
19:34:16.0102 4564  Number of processors: 4
19:34:16.0102 4564  Page size: 0x1000
19:34:16.0102 4564  Boot type: Normal boot
19:34:16.0102 4564  ============================================================
19:34:17.0116 4564  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:34:17.0131 4564  Drive \Device\Harddisk5\DR5 - Size: 0x3C3FFE00 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:34:17.0131 4564  ============================================================
19:34:17.0131 4564  \Device\Harddisk0\DR0:
19:34:17.0131 4564  MBR partitions:
19:34:17.0131 4564  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x249F0000
19:34:17.0131 4564  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x15995000
19:34:17.0131 4564  \Device\Harddisk5\DR5:
19:34:17.0131 4564  MBR partitions:
19:34:17.0131 4564  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E1FC0
19:34:17.0131 4564  ============================================================
19:34:17.0131 4564  C: <-> \Device\Harddisk0\DR0\Partition1
19:34:17.0162 4564  F: <-> \Device\Harddisk0\DR0\Partition2
19:34:17.0162 4564  ============================================================
19:34:17.0162 4564  Initialize success
19:34:17.0162 4564  ============================================================
19:34:35.0274 5540  ============================================================
19:34:35.0274 5540  Scan started
19:34:35.0274 5540  Mode: Manual; SigCheck; TDLFS; 
19:34:35.0274 5540  ============================================================
19:34:35.0711 5540  ================ Scan system memory ========================
19:34:35.0711 5540  System memory - ok
19:34:35.0711 5540  ================ Scan services =============================
19:34:35.0851 5540  [ 7620228D6EAB9051DB6ABE642102CDE9 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
19:34:35.0945 5540  1394ohci - ok
19:34:35.0960 5540  [ D5F452175080B23CAAAF9C9ED5AF8FA2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:34:35.0992 5540  ACPI - ok
19:34:36.0007 5540  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:34:36.0038 5540  AcpiPmi - ok
19:34:36.0132 5540  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:34:36.0148 5540  AdobeARMservice - ok
19:34:36.0210 5540  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:34:36.0210 5540  AdobeFlashPlayerUpdateSvc - ok
19:34:36.0241 5540  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:34:36.0257 5540  adp94xx - ok
19:34:36.0288 5540  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:34:36.0319 5540  adpahci - ok
19:34:36.0319 5540  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:34:36.0335 5540  adpu320 - ok
19:34:36.0366 5540  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:34:36.0428 5540  AeLookupSvc - ok
19:34:36.0444 5540  [ 0D65AA891AAB268C5705ED0618B0BF3B ] AFD             C:\Windows\system32\drivers\afd.sys
19:34:36.0506 5540  AFD - ok
19:34:36.0506 5540  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
19:34:36.0522 5540  agp440 - ok
19:34:36.0553 5540  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:34:36.0569 5540  aic78xx - ok
19:34:36.0600 5540  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
19:34:36.0616 5540  ALG - ok
19:34:36.0647 5540  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:34:36.0662 5540  aliide - ok
19:34:36.0678 5540  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:34:36.0709 5540  AMD External Events Utility - ok
19:34:36.0740 5540  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:34:36.0756 5540  amdagp - ok
19:34:36.0756 5540  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:34:36.0772 5540  amdide - ok
19:34:36.0787 5540  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:34:36.0818 5540  AmdK8 - ok
19:34:36.0818 5540  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:34:36.0865 5540  AmdPPM - ok
19:34:36.0865 5540  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:34:36.0881 5540  amdsata - ok
19:34:36.0881 5540  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:34:36.0896 5540  amdsbs - ok
19:34:36.0912 5540  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:34:36.0928 5540  amdxata - ok
19:34:37.0006 5540  ApacheTomcatKLV - ok
19:34:37.0037 5540  [ 980896CA52F356FDAB84B2A2E3765036 ] AppID           C:\Windows\system32\drivers\appid.sys
19:34:37.0084 5540  AppID - ok
19:34:37.0115 5540  [ D9C145E24EDA42885461F6DA3191318B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:34:37.0146 5540  AppIDSvc - ok
19:34:37.0162 5540  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
19:34:37.0193 5540  Appinfo - ok
19:34:37.0271 5540  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:34:37.0286 5540  Apple Mobile Device - ok
19:34:37.0333 5540  [ E40EB79789C91987CB73287205F0944E ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:34:37.0364 5540  AppMgmt - ok
19:34:37.0427 5540  [ C3075617DB699CDC9184A02AFD4D7928 ] ARAGHSQL        F:\Versicherungen\DB\ABACUS\fp\HsqlService.exe
19:34:37.0458 5540  ARAGHSQL ( UnsignedFile.Multi.Generic ) - warning
19:34:37.0458 5540  ARAGHSQL - detected UnsignedFile.Multi.Generic (1)
19:34:37.0489 5540  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\drivers\arc.sys
19:34:37.0505 5540  arc - ok
19:34:37.0520 5540  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:34:37.0536 5540  arcsas - ok
19:34:37.0630 5540  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:34:37.0645 5540  aspnet_state - ok
19:34:37.0661 5540  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:34:37.0708 5540  AsyncMac - ok
19:34:37.0739 5540  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
19:34:37.0739 5540  atapi - ok
19:34:37.0848 5540  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:34:37.0988 5540  atikmdag - ok
19:34:38.0020 5540  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:34:38.0066 5540  AudioEndpointBuilder - ok
19:34:38.0082 5540  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:34:38.0098 5540  Audiosrv - ok
19:34:38.0144 5540  AVP - ok
19:34:38.0160 5540  [ 06C6E8F88E79E01C883043E25B99DB43 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:34:38.0191 5540  AxInstSV - ok
19:34:38.0223 5540  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
19:34:38.0285 5540  b06bdrv - ok
19:34:38.0301 5540  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
19:34:38.0316 5540  b57nd60x - ok
19:34:38.0363 5540  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:34:38.0394 5540  BDESVC - ok
19:34:38.0425 5540  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:34:38.0472 5540  Beep - ok
19:34:38.0503 5540  [ 6344F74CC26745D8FDABAF14ED368F98 ] BFE             C:\Windows\System32\bfe.dll
19:34:38.0550 5540  BFE - ok
19:34:38.0581 5540  [ 12E5FDCF55D50A194CF462E462A609B7 ] BITS            C:\Windows\system32\qmgr.dll
19:34:38.0628 5540  BITS - ok
19:34:38.0644 5540  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:34:38.0659 5540  blbdrive - ok
19:34:38.0706 5540  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:34:38.0722 5540  Bonjour Service - ok
19:34:38.0737 5540  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:34:38.0769 5540  bowser - ok
19:34:38.0784 5540  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:34:38.0815 5540  BrFiltLo - ok
19:34:38.0815 5540  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:34:38.0847 5540  BrFiltUp - ok
19:34:38.0893 5540  [ DF0EDEB9A131E0310FB97F46EF3ED887 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:34:38.0909 5540  BridgeMP - ok
19:34:38.0956 5540  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
19:34:38.0987 5540  Browser - ok
19:34:39.0003 5540  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:34:39.0081 5540  Brserid - ok
19:34:39.0096 5540  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:34:39.0159 5540  BrSerWdm - ok
19:34:39.0174 5540  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:34:39.0205 5540  BrUsbMdm - ok
19:34:39.0205 5540  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:34:39.0268 5540  BrUsbSer - ok
19:34:39.0330 5540  [ 9FB9523B87C4B671D16E24A736E7E491 ] BserverDienst   F:\VERSIC~1\KOSYMA\UPDATE\BSERVER3.EXE
19:34:39.0361 5540  BserverDienst ( UnsignedFile.Multi.Generic ) - warning
19:34:39.0361 5540  BserverDienst - detected UnsignedFile.Multi.Generic (1)
19:34:39.0377 5540  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:34:39.0408 5540  BTHMODEM - ok
19:34:39.0455 5540  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
19:34:39.0502 5540  bthserv - ok
19:34:39.0580 5540  [ 8059475F9CA375BC8191F8FB72D329A6 ] c2wts           C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
19:34:39.0595 5540  c2wts - ok
19:34:39.0689 5540  catchme - ok
19:34:39.0705 5540  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:34:39.0767 5540  cdfs - ok
19:34:39.0798 5540  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:34:39.0814 5540  cdrom - ok
19:34:39.0861 5540  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:34:39.0892 5540  CertPropSvc - ok
19:34:39.0907 5540  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:34:39.0954 5540  circlass - ok
19:34:39.0970 5540  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
19:34:40.0001 5540  CLFS - ok
19:34:40.0048 5540  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:34:40.0063 5540  clr_optimization_v2.0.50727_32 - ok
19:34:40.0079 5540  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:34:40.0095 5540  clr_optimization_v4.0.30319_32 - ok
19:34:40.0110 5540  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:34:40.0141 5540  CmBatt - ok
19:34:40.0141 5540  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:34:40.0157 5540  cmdide - ok
19:34:40.0188 5540  [ 905C054B3F2048585F2BC0F1428F7CC1 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:34:40.0204 5540  CNG - ok
19:34:40.0219 5540  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:34:40.0235 5540  Compbatt - ok
19:34:40.0251 5540  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:34:40.0266 5540  CompositeBus - ok
19:34:40.0297 5540  COMSysApp - ok
19:34:40.0297 5540  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:34:40.0313 5540  crcdisk - ok
19:34:40.0360 5540  [ 02769C8EFF729AFEA7DB14AE04394741 ] CrmSqlStartupSvc C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
19:34:40.0375 5540  CrmSqlStartupSvc - ok
19:34:40.0407 5540  [ 063DD65889D21035311463337BD268E7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:34:40.0438 5540  CryptSvc - ok
19:34:40.0485 5540  [ A940BDC503EC07D1EE38974ECE317848 ] CSC             C:\Windows\system32\drivers\csc.sys
19:34:40.0516 5540  CSC - ok
19:34:40.0531 5540  [ BE704B0D4868DC74EED29B31E4654D62 ] CscService      C:\Windows\System32\cscsvc.dll
19:34:40.0594 5540  CscService - ok
19:34:40.0641 5540  [ 27968DD510E8957FFACC607EFF55E710 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:34:40.0672 5540  DcomLaunch - ok
19:34:40.0719 5540  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:34:40.0750 5540  defragsvc - ok
19:34:40.0765 5540  [ 46E2CC1725A7AC07E4328143150A09CD ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:34:40.0781 5540  DfsC - ok
19:34:40.0812 5540  [ 82FE16FF11F679BF3DEB3C4422553CC1 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:34:40.0843 5540  Dhcp - ok
19:34:40.0890 5540  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
19:34:40.0937 5540  discache - ok
19:34:40.0968 5540  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
19:34:40.0984 5540  Disk - ok
19:34:41.0015 5540  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
19:34:41.0062 5540  dmvsc - ok
19:34:41.0093 5540  [ C941FD3429EA406D14266F671EC5B4A7 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:34:41.0109 5540  Dnscache - ok
19:34:41.0124 5540  [ DCAD2BDC526AE53BEED47BEAD703D144 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:34:41.0155 5540  dot3svc - ok
19:34:41.0155 5540  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
19:34:41.0202 5540  DPS - ok
19:34:41.0233 5540  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:34:41.0265 5540  drmkaud - ok
19:34:41.0296 5540  [ FFA118F8CB32B2A11CE1D174A036A84E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:34:41.0327 5540  DXGKrnl - ok
19:34:41.0327 5540  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
19:34:41.0389 5540  EapHost - ok
19:34:41.0452 5540  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
19:34:41.0545 5540  ebdrv - ok
19:34:41.0561 5540  [ 7ABC23F3D86880AD62ACEDC7479608F8 ] EFS             C:\Windows\System32\lsass.exe
19:34:41.0608 5540  EFS - ok
19:34:41.0655 5540  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:34:41.0686 5540  ehRecvr - ok
19:34:41.0686 5540  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
19:34:41.0701 5540  ehSched - ok
19:34:41.0733 5540  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:34:41.0764 5540  elxstor - ok
19:34:41.0764 5540  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:34:41.0795 5540  ErrDev - ok
19:34:41.0826 5540  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
19:34:41.0873 5540  EventSystem - ok
19:34:41.0873 5540  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
19:34:41.0904 5540  exfat - ok
19:34:41.0935 5540  Fabs - ok
19:34:41.0951 5540  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:34:41.0967 5540  fastfat - ok
19:34:41.0998 5540  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
19:34:42.0029 5540  Fax - ok
19:34:42.0060 5540  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\drivers\fdc.sys
19:34:42.0076 5540  fdc - ok
19:34:42.0107 5540  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
19:34:42.0123 5540  fdPHost - ok
19:34:42.0138 5540  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
19:34:42.0185 5540  FDResPub - ok
19:34:42.0185 5540  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:34:42.0201 5540  FileInfo - ok
19:34:42.0216 5540  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:34:42.0232 5540  Filetrace - ok
19:34:42.0279 5540  FirebirdGuardianDefaultInstance - ok
19:34:42.0294 5540  FirebirdServerDefaultInstance - ok
19:34:42.0357 5540  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:34:42.0466 5540  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:34:42.0466 5540  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:34:42.0481 5540  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:34:42.0528 5540  flpydisk - ok
19:34:42.0544 5540  [ 03ED8FA583B4C1F59B04F10DC83DDC7B ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:34:42.0559 5540  FltMgr - ok
19:34:42.0591 5540  [ 9ABCE4FA55985CB4093C54D57C644CB6 ] FontCache       C:\Windows\system32\FntCache.dll
19:34:42.0622 5540  FontCache - ok
19:34:42.0700 5540  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:34:42.0715 5540  FontCache3.0.0.0 - ok
19:34:42.0715 5540  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:34:42.0731 5540  FsDepends - ok
19:34:42.0762 5540  [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
19:34:42.0778 5540  fssfltr - ok
19:34:42.0871 5540  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:34:42.0918 5540  fsssvc - ok
19:34:42.0934 5540  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:34:42.0949 5540  Fs_Rec - ok
19:34:42.0965 5540  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:34:42.0981 5540  fvevol - ok
19:34:42.0996 5540  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:34:43.0012 5540  gagp30kx - ok
19:34:43.0027 5540  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:34:43.0043 5540  GEARAspiWDM - ok
19:34:43.0074 5540  [ 2A1920E7C5FFF62E91CE4F2243DB7AC8 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:34:43.0105 5540  gpsvc - ok
19:34:43.0152 5540  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:34:43.0168 5540  gupdate - ok
19:34:43.0183 5540  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:34:43.0199 5540  gupdatem - ok
19:34:43.0215 5540  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:34:43.0246 5540  hcw85cir - ok
19:34:43.0293 5540  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:34:43.0324 5540  HdAudAddService - ok
19:34:43.0355 5540  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:34:43.0371 5540  HDAudBus - ok
19:34:43.0386 5540  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:34:43.0417 5540  HidBatt - ok
19:34:43.0417 5540  [ 72B8842C548A9584329690867FCA8B0E ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:34:43.0433 5540  HidBth - ok
19:34:43.0464 5540  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:34:43.0495 5540  HidIr - ok
19:34:43.0527 5540  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
19:34:43.0573 5540  hidserv - ok
19:34:43.0589 5540  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:34:43.0620 5540  HidUsb - ok
19:34:43.0651 5540  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:34:43.0683 5540  hkmsvc - ok
19:34:43.0714 5540  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:34:43.0745 5540  HomeGroupListener - ok
19:34:43.0776 5540  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:34:43.0807 5540  HomeGroupProvider - ok
19:34:43.0807 5540  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:34:43.0823 5540  HpSAMD - ok
19:34:43.0839 5540  [ DFD092DC681FBA85FC682F2D2E56160E ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:34:43.0870 5540  HTTP - ok
19:34:43.0901 5540  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:34:43.0917 5540  hwpolicy - ok
19:34:43.0948 5540  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:34:43.0995 5540  i8042prt - ok
19:34:43.0995 5540  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:34:44.0026 5540  iaStorV - ok
19:34:44.0073 5540  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:34:44.0104 5540  idsvc - ok
19:34:44.0119 5540  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:34:44.0135 5540  iirsp - ok
19:34:44.0213 5540  [ E3E1031E97C839B1870EF9534CFEB437 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:34:44.0275 5540  IKEEXT - ok
19:34:44.0353 5540  [ 3914EA9111DBEFFAF1C68200817768AD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:34:44.0400 5540  IntcAzAudAddService - ok
19:34:44.0416 5540  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:34:44.0431 5540  intelide - ok
19:34:44.0447 5540  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:34:44.0478 5540  intelppm - ok
19:34:44.0494 5540  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:34:44.0525 5540  IPBusEnum - ok
19:34:44.0541 5540  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:34:44.0572 5540  IpFilterDriver - ok
19:34:44.0587 5540  [ 64C0A43DD93DDC4AAF43E5FAE750C933 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:34:44.0650 5540  iphlpsvc - ok
19:34:44.0650 5540  [ EB4072E6A7A48195DC0169B810B9F33A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:34:44.0665 5540  IPMIDRV - ok
19:34:44.0681 5540  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:34:44.0712 5540  IPNAT - ok
19:34:44.0759 5540  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:34:44.0775 5540  iPod Service - ok
19:34:44.0806 5540  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:34:44.0837 5540  IRENUM - ok
19:34:44.0837 5540  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:34:44.0853 5540  isapnp - ok
19:34:44.0884 5540  [ 50D75CC08023FA6EDE9CFCBD634625FE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:34:44.0899 5540  iScsiPrt - ok
19:34:44.0899 5540  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:34:44.0915 5540  kbdclass - ok
19:34:44.0931 5540  [ B14B8FCC1921AF53A10F06F93AB618B1 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:34:44.0962 5540  kbdhid - ok
19:34:44.0977 5540  [ 7ABC23F3D86880AD62ACEDC7479608F8 ] KeyIso          C:\Windows\system32\lsass.exe
19:34:44.0993 5540  KeyIso - ok
19:34:45.0040 5540  [ EA26CB00F83686856F2C79673C00C686 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
19:34:45.0055 5540  KL1 - ok
19:34:45.0087 5540  [ 654BDF113971B6DFAEA21D5554EBF5F6 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
19:34:45.0102 5540  KLIF - ok
19:34:45.0118 5540  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
19:34:45.0133 5540  KLIM6 - ok
19:34:45.0149 5540  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
19:34:45.0165 5540  klkbdflt - ok
19:34:45.0165 5540  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
19:34:45.0180 5540  klmouflt - ok
19:34:45.0196 5540  [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
19:34:45.0211 5540  kltdi - ok
19:34:45.0227 5540  [ 71A38C123600172511C26BFABD0EF579 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
19:34:45.0243 5540  kneps - ok
19:34:45.0258 5540  [ 4B39E0E306D64BA64FFBB5AB956486E9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:34:45.0274 5540  KSecDD - ok
19:34:45.0289 5540  [ 05D11BAA7B4650045967BE9F426B5531 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:34:45.0305 5540  KSecPkg - ok
19:34:45.0352 5540  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:34:45.0383 5540  KtmRm - ok
19:34:45.0414 5540  [ C3C8CB3F570A109B732858A96C40D1CD ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:34:45.0430 5540  LanmanServer - ok
19:34:45.0461 5540  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:34:45.0492 5540  LanmanWorkstation - ok
19:34:45.0523 5540  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:34:45.0555 5540  lltdio - ok
19:34:45.0586 5540  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:34:45.0617 5540  lltdsvc - ok
19:34:45.0648 5540  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:34:45.0679 5540  lmhosts - ok
19:34:45.0711 5540  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:34:45.0711 5540  LSI_FC - ok
19:34:45.0726 5540  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:34:45.0742 5540  LSI_SAS - ok
19:34:45.0742 5540  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:34:45.0757 5540  LSI_SAS2 - ok
19:34:45.0757 5540  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:34:45.0773 5540  LSI_SCSI - ok
19:34:45.0789 5540  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
19:34:45.0820 5540  luafv - ok
19:34:45.0851 5540  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:34:45.0867 5540  Mcx2Svc - ok
19:34:45.0929 5540  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:34:45.0960 5540  MDM ( UnsignedFile.Multi.Generic ) - warning
19:34:45.0960 5540  MDM - detected UnsignedFile.Multi.Generic (1)
19:34:45.0960 5540  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:34:45.0976 5540  megasas - ok
19:34:45.0976 5540  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:34:45.0991 5540  MegaSR - ok
19:34:46.0023 5540  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
19:34:46.0069 5540  MMCSS - ok
19:34:46.0085 5540  [ C6A81F138F297CC7E653EFC059CCA033 ] Modem           C:\Windows\system32\drivers\modem.sys
19:34:46.0101 5540  Modem - ok
19:34:46.0116 5540  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:34:46.0147 5540  monitor - ok
19:34:46.0210 5540  [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper      C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
19:34:46.0225 5540  MotoHelper - ok
19:34:46.0225 5540  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:34:46.0241 5540  mouclass - ok
19:34:46.0241 5540  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:34:46.0288 5540  mouhid - ok
19:34:46.0288 5540  [ 3B0F90FD9FD067B20E8D3BFDBB6FF912 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:34:46.0303 5540  mountmgr - ok
19:34:46.0303 5540  [ C14576C87486D5BA3ADCF3ECA2E80DB1 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:34:46.0319 5540  mpio - ok
19:34:46.0335 5540  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:34:46.0366 5540  mpsdrv - ok
19:34:46.0397 5540  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:34:46.0444 5540  MpsSvc - ok
19:34:46.0459 5540  [ 77D010F1A510C8E4E9914A86B4C68458 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:34:46.0475 5540  MRxDAV - ok
19:34:46.0475 5540  [ DBD8F643222A629395783B6A3EFD4EAE ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:34:46.0506 5540  mrxsmb - ok
19:34:46.0522 5540  [ 3F7B802290BFD3CDAF7E4B0A18AA008B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:34:46.0537 5540  mrxsmb10 - ok
19:34:46.0537 5540  [ 9DCB1966A6D7E3AD749D0537A3184B14 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:34:46.0569 5540  mrxsmb20 - ok
19:34:46.0569 5540  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
19:34:46.0584 5540  msahci - ok
19:34:46.0615 5540  [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:34:46.0647 5540  MSCamSvc - ok
19:34:46.0647 5540  [ 60B7B332BB86C4F313C7D4CF8D3A830C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:34:46.0662 5540  msdsm - ok
19:34:46.0678 5540  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
19:34:46.0709 5540  MSDTC - ok
19:34:46.0725 5540  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:34:46.0787 5540  Msfs - ok
19:34:46.0803 5540  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:34:46.0849 5540  mshidkmdf - ok
19:34:46.0849 5540  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:34:46.0865 5540  msisadrv - ok
19:34:46.0912 5540  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:34:46.0959 5540  MSiSCSI - ok
19:34:46.0959 5540  msiserver - ok
19:34:46.0974 5540  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:34:47.0021 5540  MSKSSRV - ok
19:34:47.0146 5540  [ 49AAB9D55319DB55A7D36167656D412A ] msoidsvc        C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
19:34:47.0208 5540  msoidsvc - ok
19:34:47.0224 5540  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:34:47.0286 5540  MSPCLOCK - ok
19:34:47.0302 5540  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:34:47.0364 5540  MSPQM - ok
19:34:47.0364 5540  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:34:47.0380 5540  MsRPC - ok
19:34:47.0395 5540  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:34:47.0411 5540  mssmbios - ok
19:34:47.0458 5540  MSSQL$CRM - ok
19:34:47.0489 5540  MSSQL$KIS - ok
19:34:47.0505 5540  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:34:47.0536 5540  MSSQLServerADHelper - ok
19:34:47.0567 5540  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:34:47.0583 5540  MSSQLServerADHelper100 - ok
19:34:47.0614 5540  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:34:47.0645 5540  MSTEE - ok
19:34:47.0661 5540  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:34:47.0676 5540  MTConfig - ok
19:34:47.0676 5540  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:34:47.0692 5540  Mup - ok
19:34:47.0739 5540  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
19:34:47.0801 5540  napagent - ok
19:34:47.0817 5540  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:34:47.0863 5540  NativeWifiP - ok
19:34:47.0895 5540  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:34:47.0926 5540  NDIS - ok
19:34:47.0926 5540  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:34:47.0988 5540  NdisCap - ok
19:34:47.0988 5540  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:34:48.0019 5540  NdisTapi - ok
19:34:48.0035 5540  [ DD00ADE51669B76AC8354C46DC6DC64F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:34:48.0051 5540  Ndisuio - ok
19:34:48.0051 5540  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:34:48.0082 5540  NdisWan - ok
19:34:48.0097 5540  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:34:48.0113 5540  NDProxy - ok
19:34:48.0129 5540  [ FD11D0337C976512D15CD10E409976D6 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:34:48.0144 5540  NetBIOS - ok
19:34:48.0144 5540  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:34:48.0175 5540  NetBT - ok
19:34:48.0191 5540  [ 7ABC23F3D86880AD62ACEDC7479608F8 ] Netlogon        C:\Windows\system32\lsass.exe
19:34:48.0207 5540  Netlogon - ok
19:34:48.0253 5540  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
19:34:48.0285 5540  Netman - ok
19:34:48.0300 5540  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:34:48.0316 5540  NetMsmqActivator - ok
19:34:48.0316 5540  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:34:48.0331 5540  NetPipeActivator - ok
19:34:48.0347 5540  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
19:34:48.0394 5540  netprofm - ok
19:34:48.0409 5540  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:34:48.0425 5540  NetTcpActivator - ok
19:34:48.0425 5540  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:34:48.0441 5540  NetTcpPortSharing - ok
19:34:48.0456 5540  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:34:48.0472 5540  nfrd960 - ok
19:34:48.0487 5540  [ BA635034BD496B0993253528F54BE3AF ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:34:48.0519 5540  NlaSvc - ok
19:34:48.0519 5540  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:34:48.0550 5540  Npfs - ok
19:34:48.0565 5540  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
19:34:48.0597 5540  nsi - ok
19:34:48.0597 5540  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:34:48.0628 5540  nsiproxy - ok
19:34:48.0690 5540  [ E6C295C6F8E639957235FEE1D95077F4 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:34:48.0737 5540  Ntfs - ok
19:34:48.0753 5540  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
19:34:48.0784 5540  Null - ok
19:34:48.0784 5540  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:34:48.0799 5540  nvraid - ok
19:34:48.0815 5540  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:34:48.0831 5540  nvstor - ok
19:34:48.0831 5540  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:34:48.0846 5540  nv_agp - ok
19:34:48.0893 5540  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:34:48.0924 5540  odserv - ok
19:34:48.0924 5540  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:34:48.0955 5540  ohci1394 - ok
19:34:48.0987 5540  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:34:49.0002 5540  ose - ok
19:34:49.0033 5540  [ 38BEA463EF49BC314C1167E5246E48A9 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:34:49.0049 5540  p2pimsvc - ok
19:34:49.0080 5540  [ A664AFCAC636466AFBE7C16F9841A4BA ] p2psvc          C:\Windows\system32\p2psvc.dll
19:34:49.0096 5540  p2psvc - ok
19:34:49.0127 5540  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\drivers\parport.sys
19:34:49.0158 5540  Parport - ok
19:34:49.0158 5540  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:34:49.0174 5540  partmgr - ok
19:34:49.0174 5540  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
19:34:49.0189 5540  Parvdm - ok
19:34:49.0205 5540  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:34:49.0221 5540  PcaSvc - ok
19:34:49.0221 5540  [ DA44648628669E69433DB1D8D56FDAD0 ] pci             C:\Windows\system32\drivers\pci.sys
19:34:49.0236 5540  pci - ok
19:34:49.0252 5540  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
19:34:49.0252 5540  pciide - ok
19:34:49.0267 5540  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:34:49.0283 5540  pcmcia - ok
19:34:49.0283 5540  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
19:34:49.0299 5540  pcw - ok
19:34:49.0314 5540  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:34:49.0392 5540  PEAUTH - ok
19:34:49.0423 5540  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:34:49.0470 5540  PeerDistSvc - ok
19:34:49.0533 5540  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
19:34:49.0611 5540  pla - ok
19:34:49.0657 5540  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:34:49.0673 5540  PlugPlay - ok
19:34:49.0720 5540  [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:34:49.0735 5540  Pml Driver HPZ12 - ok
19:34:49.0735 5540  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:34:49.0782 5540  PNRPAutoReg - ok
19:34:49.0782 5540  [ 38BEA463EF49BC314C1167E5246E48A9 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:34:49.0798 5540  PNRPsvc - ok
19:34:49.0845 5540  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:34:49.0891 5540  PolicyAgent - ok
19:34:49.0891 5540  [ C388D42C7DBC680E1431A7723FC1475A ] Power           C:\Windows\system32\umpo.dll
19:34:49.0907 5540  Power - ok
19:34:49.0954 5540  [ 114878150AE786B29F89E861D99CF2DF ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:34:49.0985 5540  PptpMiniport - ok
19:34:50.0032 5540  [ 0264B15F628C8C7DBF439FD7AB4108F5 ] Printer Control C:\Windows\system32\PrintCtrl.exe
19:34:50.0047 5540  Printer Control ( UnsignedFile.Multi.Generic ) - warning
19:34:50.0047 5540  Printer Control - detected UnsignedFile.Multi.Generic (1)
19:34:50.0079 5540  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\drivers\processr.sys
19:34:50.0094 5540  Processor - ok
19:34:50.0125 5540  [ F74950D2C7297B23D925D90E936DA17F ] ProfSvc         C:\Windows\system32\profsvc.dll
19:34:50.0141 5540  ProfSvc - ok
19:34:50.0172 5540  [ 7ABC23F3D86880AD62ACEDC7479608F8 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:34:50.0188 5540  ProtectedStorage - ok
19:34:50.0203 5540  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:34:50.0266 5540  Psched - ok
19:34:50.0297 5540  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:34:50.0344 5540  ql2300 - ok
19:34:50.0359 5540  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:34:50.0375 5540  ql40xx - ok
19:34:50.0406 5540  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
19:34:50.0437 5540  QWAVE - ok
19:34:50.0437 5540  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:34:50.0453 5540  QWAVEdrv - ok
19:34:50.0469 5540  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:34:50.0500 5540  RasAcd - ok
19:34:50.0531 5540  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:34:50.0562 5540  RasAgileVpn - ok
19:34:50.0562 5540  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
19:34:50.0609 5540  RasAuto - ok
19:34:50.0609 5540  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:34:50.0640 5540  Rasl2tp - ok
19:34:50.0671 5540  [ 836151267FDDA2F251B8E897E6A82B6C ] RasMan          C:\Windows\System32\rasmans.dll
19:34:50.0703 5540  RasMan - ok
19:34:50.0718 5540  [ C4AACCECA39AF598DCDB3D9304067569 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:34:50.0781 5540  RasPppoe - ok
19:34:50.0796 5540  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:34:50.0812 5540  RasSstp - ok
19:34:50.0827 5540  [ 70067A39615441AB248CEBDDA9894F14 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:34:50.0843 5540  rdbss - ok
19:34:50.0859 5540  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:34:50.0874 5540  rdpbus - ok
19:34:50.0874 5540  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:34:50.0905 5540  RDPCDD - ok
19:34:50.0937 5540  [ 7F881C6D3781CAB9C0E15595BB8696BE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:34:50.0952 5540  RDPDR - ok
19:34:50.0968 5540  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:34:51.0015 5540  RDPENCDD - ok
19:34:51.0015 5540  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:34:51.0061 5540  RDPREFMP - ok
19:34:51.0093 5540  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:34:51.0124 5540  RdpVideoMiniport - ok
19:34:51.0124 5540  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:34:51.0155 5540  RDPWD - ok
19:34:51.0186 5540  [ B39424595C95C3A0AA6B5913EB207276 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:34:51.0202 5540  rdyboost - ok
19:34:51.0217 5540  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:34:51.0233 5540  RemoteAccess - ok
19:34:51.0264 5540  [ 2C4D75089532F9E95A4C9A549901DA03 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:34:51.0280 5540  RemoteRegistry - ok
19:34:51.0295 5540  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:34:51.0342 5540  RpcEptMapper - ok
19:34:51.0358 5540  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
19:34:51.0405 5540  RpcLocator - ok
19:34:51.0420 5540  [ 27968DD510E8957FFACC607EFF55E710 ] RpcSs           C:\Windows\system32\rpcss.dll
19:34:51.0436 5540  RpcSs - ok
19:34:51.0467 5540  [ 6A7360E36CBD636972AEEF0DD292A946 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
19:34:51.0483 5540  RsFx0105 - ok
19:34:51.0514 5540  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:34:51.0561 5540  rspndr - ok
19:34:51.0576 5540  [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
19:34:51.0623 5540  RTL8167 - ok
19:34:51.0639 5540  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:34:51.0670 5540  s3cap - ok
19:34:51.0717 5540  [ 7ABC23F3D86880AD62ACEDC7479608F8 ] SamSs           C:\Windows\system32\lsass.exe
19:34:51.0748 5540  SamSs - ok
19:34:51.0763 5540  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:34:51.0779 5540  sbp2port - ok
19:34:51.0795 5540  [ 4E9B73E60D128E2703EC6E7EA066BB32 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:34:51.0841 5540  SCardSvr - ok
19:34:51.0841 5540  [ 12784CF1B1E9C3540CC7C83324965277 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:34:51.0857 5540  scfilter - ok
19:34:51.0888 5540  [ 245FAD6606F86739A30056F65124CC0F ] Schedule        C:\Windows\system32\schedsvc.dll
19:34:51.0935 5540  Schedule - ok
19:34:51.0966 5540  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:34:51.0982 5540  SCPolicySvc - ok
19:34:51.0982 5540  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:34:52.0029 5540  SDRSVC - ok
19:34:52.0044 5540  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:34:52.0075 5540  secdrv - ok
19:34:52.0107 5540  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
19:34:52.0153 5540  seclogon - ok
19:34:52.0169 5540  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
19:34:52.0200 5540  SENS - ok
19:34:52.0231 5540  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:34:52.0263 5540  SensrSvc - ok
19:34:52.0263 5540  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:34:52.0278 5540  Serenum - ok
19:34:52.0294 5540  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
19:34:52.0309 5540  Serial - ok
19:34:52.0325 5540  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:34:52.0356 5540  sermouse - ok
19:34:52.0372 5540  [ 53A7E48B21399EBE73E199298DC7A435 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:34:52.0403 5540  SessionEnv - ok
19:34:52.0403 5540  [ 443DF3806153CBC2D130AEF3D957E65D ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:34:52.0434 5540  sffdisk - ok
19:34:52.0434 5540  [ 9833AC87D04B23A01E00F5FD34F95DC6 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:34:52.0450 5540  sffp_mmc - ok
19:34:52.0450 5540  [ 23F738EE587C23F54AB03992281C66C4 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:34:52.0465 5540  sffp_sd - ok
19:34:52.0481 5540  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:34:52.0497 5540  sfloppy - ok
19:34:52.0528 5540  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:34:52.0575 5540  SharedAccess - ok
19:34:52.0606 5540  [ C99E91D09029514F07586307A75A95A6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:34:52.0637 5540  ShellHWDetection - ok
19:34:52.0653 5540  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:34:52.0653 5540  sisagp - ok
19:34:52.0684 5540  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:34:52.0699 5540  SiSRaid2 - ok
19:34:52.0699 5540  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:34:52.0715 5540  SiSRaid4 - ok
19:34:52.0746 5540  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
19:34:52.0762 5540  SkypeUpdate - ok
19:34:52.0762 5540  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:34:52.0809 5540  Smb - ok
19:34:52.0855 5540  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:34:52.0871 5540  SNMPTRAP - ok
19:34:52.0887 5540  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:34:52.0887 5540  spldr - ok
19:34:52.0918 5540  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
19:34:52.0949 5540  Spooler - ok
19:34:53.0011 5540  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:34:53.0105 5540  sppsvc - ok
19:34:53.0105 5540  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:34:53.0136 5540  sppuinotify - ok
19:34:53.0167 5540  [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$CRM    C:\Program Files\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\SQLAGENT.EXE
19:34:53.0183 5540  SQLAgent$CRM - ok
19:34:53.0214 5540  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:34:53.0230 5540  SQLBrowser - ok
19:34:53.0230 5540  [ 135CDCCC167EF0C250125BBD3ABE18D5 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:34:53.0245 5540  SQLWriter - ok
19:34:53.0277 5540  [ 4680DAC0AC358FB578112074DE80107D ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:34:53.0308 5540  srv - ok
19:34:53.0323 5540  [ E2664B16EB05353AA98DD9566AD3038F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:34:53.0339 5540  srv2 - ok
19:34:53.0355 5540  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:34:53.0370 5540  srvnet - ok
19:34:53.0386 5540  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:34:53.0417 5540  SSDPSRV - ok
19:34:53.0464 5540  [ B9E31F2A3640403B0EA3A867BB73B9F4 ] SSHDRV86        C:\Windows\system32\drivers\SSHDRV86.sys
19:34:53.0479 5540  SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
19:34:53.0479 5540  SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
19:34:53.0495 5540  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:34:53.0526 5540  SstpSvc - ok
19:34:53.0542 5540  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:34:53.0542 5540  stexstor - ok
19:34:53.0573 5540  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
19:34:53.0620 5540  StiSvc - ok
19:34:53.0651 5540  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:34:53.0667 5540  storflt - ok
19:34:53.0682 5540  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:34:53.0698 5540  storvsc - ok
19:34:53.0698 5540  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:34:53.0713 5540  swenum - ok
19:34:53.0729 5540  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
19:34:53.0791 5540  swprv - ok
19:34:53.0823 5540  [ 16E7642DA4BACCCD7696B326CAA84870 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
19:34:53.0838 5540  Synth3dVsc - ok
19:34:53.0854 5540  [ ED3177B14DB39CD26CF7EE7E077BB6A2 ] SysMain         C:\Windows\system32\sysmain.dll
19:34:53.0916 5540  SysMain - ok
19:34:53.0916 5540  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:34:53.0947 5540  TabletInputService - ok
19:34:53.0947 5540  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:34:53.0994 5540  TapiSrv - ok
19:34:54.0010 5540  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
19:34:54.0057 5540  TBS - ok
19:34:54.0088 5540  [ 23790A44D9A6B67F8690C34D4F516446 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:34:54.0150 5540  Tcpip - ok
19:34:54.0181 5540  [ 23790A44D9A6B67F8690C34D4F516446 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:34:54.0213 5540  TCPIP6 - ok
19:34:54.0213 5540  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:34:54.0275 5540  tcpipreg - ok
19:34:54.0275 5540  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:34:54.0322 5540  TDPIPE - ok
19:34:54.0322 5540  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:34:54.0337 5540  TDTCP - ok
19:34:54.0353 5540  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:34:54.0369 5540  tdx - ok
19:34:54.0462 5540  [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:34:54.0509 5540  TeamViewer7 - ok
19:34:54.0509 5540  [ F876F2E430A131C560EFB54868780F76 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:34:54.0525 5540  TermDD - ok
19:34:54.0556 5540  [ E951866BAC5A23403F62A349EDBB6EEB ] terminpt        C:\Windows\system32\drivers\terminpt.sys
19:34:54.0587 5540  terminpt - ok
19:34:54.0618 5540  [ 5EA32D4B3F9D6FE6D8C6F2D64F6F63A2 ] TermService     C:\Windows\System32\termsrv.dll
19:34:54.0649 5540  TermService - ok
19:34:54.0649 5540  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
19:34:54.0696 5540  Themes - ok
19:34:54.0727 5540  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
19:34:54.0759 5540  THREADORDER - ok
19:34:54.0774 5540  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
19:34:54.0805 5540  TrkWks - ok
19:34:54.0852 5540  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:34:54.0915 5540  TrustedInstaller - ok
19:34:54.0946 5540  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:34:55.0008 5540  tssecsrv - ok
19:34:55.0024 5540  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:34:55.0039 5540  TsUsbFlt - ok
19:34:55.0055 5540  [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:34:55.0071 5540  TsUsbGD - ok
19:34:55.0102 5540  [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
19:34:55.0117 5540  tsusbhub - ok
19:34:55.0117 5540  [ 76EC22B5A725EFE8EFF52AE73C432F2D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:34:55.0133 5540  tunnel - ok
19:34:55.0149 5540  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:34:55.0164 5540  uagp35 - ok
19:34:55.0164 5540  [ AD2BD1109F007E77E27EE687DBBA5FF9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:34:55.0180 5540  udfs - ok
19:34:55.0211 5540  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:34:55.0242 5540  UI0Detect - ok
19:34:55.0273 5540  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:34:55.0273 5540  uliagpkx - ok
19:34:55.0289 5540  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:34:55.0320 5540  umbus - ok
19:34:55.0320 5540  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:34:55.0351 5540  UmPass - ok
19:34:55.0383 5540  [ 975E7C6239E6A832CB1CD08146FD5FD0 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:34:55.0429 5540  UmRdpService - ok
19:34:55.0476 5540  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
19:34:55.0523 5540  upnphost - ok
19:34:55.0554 5540  [ 23AA81848A0A9C57D7303C2B71C6A2A9 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
19:34:55.0585 5540  usbccgp - ok
19:34:55.0601 5540  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:34:55.0617 5540  usbcir - ok
19:34:55.0617 5540  [ 1CBB8701CEEE0BA8AC90608763733050 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:34:55.0648 5540  usbehci - ok
19:34:55.0679 5540  [ A770F00F52FA097595C4EBEC664D71EB ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:34:55.0710 5540  usbhub - ok
19:34:55.0710 5540  [ 19DFE9AF0C11CF1077DE112133F3ED20 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:34:55.0726 5540  usbohci - ok
19:34:55.0726 5540  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:34:55.0757 5540  usbprint - ok
19:34:55.0757 5540  [ 24F536FBDDEB63454D4136060AA148FE ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:34:55.0788 5540  USBSTOR - ok
19:34:55.0788 5540  [ 016AA313748044D0FF75D80AAA6A7A45 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:34:55.0804 5540  usbuhci - ok
19:34:55.0835 5540  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
19:34:55.0882 5540  UxSms - ok
19:34:55.0897 5540  [ 7ABC23F3D86880AD62ACEDC7479608F8 ] VaultSvc        C:\Windows\system32\lsass.exe
19:34:55.0913 5540  VaultSvc - ok
19:34:55.0929 5540  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:34:55.0944 5540  vdrvroot - ok
19:34:55.0991 5540  [ BBBC319CFA02DC814EC424F6428AA22C ] vds             C:\Windows\System32\vds.exe
19:34:56.0053 5540  vds - ok
19:34:56.0100 5540  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:34:56.0116 5540  vga - ok
19:34:56.0131 5540  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:34:56.0163 5540  VgaSave - ok
19:34:56.0163 5540  VGPU - ok
19:34:56.0163 5540  [ 83E0DF11DA7628BA6625B7F92E6E0EDA ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:34:56.0178 5540  vhdmp - ok
19:34:56.0194 5540  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:34:56.0209 5540  viaagp - ok
19:34:56.0225 5540  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:34:56.0256 5540  ViaC7 - ok
19:34:56.0256 5540  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
19:34:56.0272 5540  viaide - ok
19:34:56.0303 5540  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:34:56.0319 5540  vmbus - ok
19:34:56.0334 5540  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:34:56.0350 5540  VMBusHID - ok
19:34:56.0350 5540  [ A8FBC5016A0D4894ED3D403C8879B150 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:34:56.0365 5540  volmgr - ok
19:34:56.0365 5540  [ 670B6D02548BC93F54CDE5979560A7B8 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:34:56.0381 5540  volmgrx - ok
19:34:56.0397 5540  [ 4B93EBB74FBAA2A6C16A7E65ABCF1F16 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:34:56.0412 5540  volsnap - ok
19:34:56.0412 5540  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:34:56.0428 5540  vsmraid - ok
19:34:56.0475 5540  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
19:34:56.0521 5540  VSS - ok
19:34:56.0521 5540  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:34:56.0537 5540  vwifibus - ok
19:34:56.0553 5540  [ C5A527C40AD0E5CFE52EAEDDD46ED23F ] W32Time         C:\Windows\system32\w32time.dll
19:34:56.0568 5540  W32Time - ok
19:34:56.0599 5540  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:34:56.0615 5540  WacomPen - ok
19:34:56.0646 5540  [ 1FFE8CA5F775E1C4DA3629F215A322B5 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:34:56.0662 5540  WANARP - ok
19:34:56.0677 5540  [ 1FFE8CA5F775E1C4DA3629F215A322B5 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:34:56.0693 5540  Wanarpv6 - ok
19:34:56.0771 5540  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:34:56.0833 5540  WatAdminSvc - ok
19:34:56.0880 5540  [ E7DA95E73F04EF2D7155171C50C7EA74 ] wbengine        C:\Windows\system32\wbengine.exe
19:34:56.0943 5540  wbengine - ok
19:34:56.0943 5540  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:34:56.0974 5540  WbioSrvc - ok
19:34:56.0974 5540  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:34:57.0005 5540  wcncsvc - ok
19:34:57.0021 5540  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:34:57.0052 5540  WcsPlugInService - ok
19:34:57.0083 5540  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
19:34:57.0099 5540  Wd - ok
19:34:57.0114 5540  [ F6806CC28F33C31204EBF9044A90A385 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:34:57.0130 5540  Wdf01000 - ok
19:34:57.0145 5540  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:34:57.0161 5540  WdiServiceHost - ok
19:34:57.0161 5540  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:34:57.0177 5540  WdiSystemHost - ok
19:34:57.0192 5540  [ 462FDC06F120247232BC15243F0A007B ] WebClient       C:\Windows\System32\webclnt.dll
19:34:57.0223 5540  WebClient - ok
19:34:57.0239 5540  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:34:57.0270 5540  Wecsvc - ok
19:34:57.0286 5540  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:34:57.0317 5540  wercplsupport - ok
19:34:57.0333 5540  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:34:57.0379 5540  WerSvc - ok
19:34:57.0411 5540  [ E8FC2B7A768EDBA47103D7EFD05F60D7 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:34:57.0426 5540  WfpLwf - ok
19:34:57.0442 5540  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:34:57.0457 5540  WIMMount - ok
19:34:57.0520 5540  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:34:57.0567 5540  WinDefend - ok
19:34:57.0582 5540  WinHttpAutoProxySvc - ok
19:34:57.0738 5540  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:34:57.0785 5540  Winmgmt - ok
19:34:57.0879 5540  [ D49D64D819784229A415DB8DD36C5B53 ] WinRiskXAAppService F:\Versicherungen\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe
19:34:57.0879 5540  WinRiskXAAppService ( UnsignedFile.Multi.Generic ) - warning
19:34:57.0879 5540  WinRiskXAAppService - detected UnsignedFile.Multi.Generic (1)
19:34:57.0910 5540  [ 26662A858EA04215BB80FEFBA6BCED5C ] WinRiskXAServiceHandler F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe
19:34:57.0910 5540  WinRiskXAServiceHandler ( UnsignedFile.Multi.Generic ) - warning
19:34:57.0910 5540  WinRiskXAServiceHandler - detected UnsignedFile.Multi.Generic (1)
19:34:57.0925 5540  [ E694974965E268F8224CC37FABB67596 ] WinRiskXASoftwareUpdate F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWUpdater.exe
19:34:57.0925 5540  WinRiskXASoftwareUpdate ( UnsignedFile.Multi.Generic ) - warning
19:34:57.0925 5540  WinRiskXASoftwareUpdate - detected UnsignedFile.Multi.Generic (1)
19:34:57.0988 5540  [ 9A028581B3B025B4DFC1F9C4F54FF166 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:34:58.0035 5540  WinRM - ok
19:34:58.0081 5540  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:34:58.0128 5540  Wlansvc - ok
19:34:58.0191 5540  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:34:58.0206 5540  wlcrasvc - ok
19:34:58.0284 5540  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:34:58.0331 5540  wlidsvc - ok
19:34:58.0362 5540  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:34:58.0378 5540  WmiAcpi - ok
19:34:58.0409 5540  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:34:58.0440 5540  wmiApSrv - ok
19:34:58.0518 5540  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:34:58.0565 5540  WMPNetworkSvc - ok
19:34:58.0596 5540  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:34:58.0627 5540  WPCSvc - ok
19:34:58.0627 5540  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:34:58.0659 5540  WPDBusEnum - ok
19:34:58.0674 5540  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:34:58.0721 5540  ws2ifsl - ok
19:34:58.0737 5540  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
19:34:58.0768 5540  wscsvc - ok
19:34:58.0768 5540  WSearch - ok
19:34:58.0815 5540  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:34:58.0877 5540  wuauserv - ok
19:34:58.0893 5540  [ A272A137AB6C730CBD670ECA147BDF0A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:34:58.0908 5540  WudfPf - ok
19:34:58.0939 5540  [ 5DD9729B4FF060632685F47E55234061 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:34:58.0971 5540  WUDFRd - ok
19:34:59.0002 5540  [ 1F7B335577800462B8A4A1BEC1EA6AA4 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:34:59.0033 5540  wudfsvc - ok
19:34:59.0064 5540  [ A4001E153F8DC234A4C6395E61C84DFE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:34:59.0095 5540  WwanSvc - ok
19:34:59.0095 5540  ================ Scan global ===============================
19:34:59.0127 5540  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:34:59.0142 5540  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
19:34:59.0158 5540  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
19:34:59.0189 5540  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:34:59.0220 5540  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:34:59.0220 5540  [Global] - ok
19:34:59.0220 5540  ================ Scan MBR ==================================
19:34:59.0236 5540  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:34:59.0641 5540  \Device\Harddisk0\DR0 - ok
19:34:59.0657 5540  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR5
19:35:02.0200 5540  \Device\Harddisk5\DR5 - ok
19:35:02.0200 5540  ================ Scan VBR ==================================
19:35:02.0200 5540  [ 40416E8DF6D044EDEF901C5F3047D177 ] \Device\Harddisk0\DR0\Partition1
19:35:02.0200 5540  \Device\Harddisk0\DR0\Partition1 - ok
19:35:02.0231 5540  [ 8AC4358FA53749A57DAAB8B4D7A88F54 ] \Device\Harddisk0\DR0\Partition2
19:35:02.0231 5540  \Device\Harddisk0\DR0\Partition2 - ok
19:35:02.0231 5540  [ CE734FB8587C9027B62E2D7F51BCF0C6 ] \Device\Harddisk5\DR5\Partition1
19:35:02.0231 5540  \Device\Harddisk5\DR5\Partition1 - ok
19:35:02.0231 5540  ============================================================
19:35:02.0231 5540  Scan finished
19:35:02.0231 5540  ============================================================
19:35:02.0262 6024  Detected object count: 9
19:35:02.0262 6024  Actual detected object count: 9
19:35:17.0238 6024  ARAGHSQL ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024  ARAGHSQL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:17.0238 6024  BserverDienst ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024  BserverDienst ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:17.0238 6024  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:17.0238 6024  MDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024  MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:17.0238 6024  Printer Control ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024  Printer Control ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:17.0238 6024  SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024  SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:17.0238 6024  WinRiskXAAppService ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024  WinRiskXAAppService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:17.0238 6024  WinRiskXAServiceHandler ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024  WinRiskXAServiceHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:35:17.0254 6024  WinRiskXASoftwareUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0254 6024  WinRiskXASoftwareUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 02.11.2012, 19:51   #7
markusg
/// Malware-holic
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2012, 08:27   #8
Ludel
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



Leider Null Erfolg

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.02.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Scheuer :: HAUPT-PC [Administrator]

Schutz: Aktiviert

02.11.2012 22:41:07
mbam-log-2012-11-02 (22-41-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 510066
Laufzeit: 1 Stunde(n), 37 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 04.11.2012, 22:08   #9
Ludel
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



GELÖST!!!!

Es war in der OTL Datei die Zeile:
Code:
ATTFilter
[2012.09.03 13:10:18 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\SSShim8.dll
         
Gefunden habe ich es als ich das Programm SUPERAntiSpyware drüber laufen lies.
Ergebnis: Agent/Gen-Graftor
eben in diese SSshim8.dll

Ich möchte mich trotzdem ganz dolle bei markusg bedanken der mir doch sehr iel Geholfen hatte.

Alt 05.11.2012, 19:49   #10
markusg
/// Malware-holic
 
Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Standard

Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um



dazu wollte ich im nächsten schritt kommen, aber ich hab auch nen wochenende.
öffne mal super antispyware und poste fund logs.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um
ad-aware, avp.exe, bho, defender, emsisoft, error, excel, firefox, flash player, google, home, homepage, iexplore.exe, install.exe, karte, kaspersky, nodrives, office 2007, plug-in, problem, registry, rundll, security, server, software, starten, storm, svchost.exe, symantec, taskhost.exe, tastatur, udp, windows




Ähnliche Themen: Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um


  1. WinXP, Google-Suchergebnis wird umgeleitet z.B. zu ihavenet, icwphbko.dll nicht löschbar in system32
    Log-Analyse und Auswertung - 23.08.2013 (9)
  2. Mein Suchergebnis führt zu Google
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (3)
  3. Browser öffnen bei Klick auf Google Suchergebnis Werbung
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (13)
  4. IE öffnet in Google andere Seite aus Suchergebnis, als die gewählte
    Log-Analyse und Auswertung - 24.01.2013 (45)
  5. Google Umleitung bei Klick auf Suchergebnisse
    Log-Analyse und Auswertung - 27.12.2012 (8)
  6. (2x) Umleitung bei Klick auf Google-Suchergebnis
    Mülltonne - 29.11.2012 (1)
  7. Google Suchergebnisse - Umleitung beim Klick auf das Suchergebnis
    Log-Analyse und Auswertung - 26.11.2012 (15)
  8. Google leitet mich beim Anklicken der Ergenislinks auf bösartige Seiten weiter (lt. Avast)
    Log-Analyse und Auswertung - 04.10.2012 (15)
  9. Google öffnet andere Seiten als Suchergebnis
    Log-Analyse und Auswertung - 08.06.2012 (19)
  10. Google Suchergebnis Linksklick funktioniert nicht
    Alles rund um Windows - 03.06.2012 (3)
  11. Browser Hijack: Firefox 9.0.1 leitet Google Suchergebnisse um
    Log-Analyse und Auswertung - 25.01.2012 (3)
  12. google leitet mich beim klick auf Ergebnisse auf andere Seiten um (über thealltimes.com)
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (19)
  13. Google leitet Suchergebnisse auf andere Seiten um und Rechner spielt unverlangt Hintergrundmusik ab
    Plagegeister aller Art und deren Bekämpfung - 03.08.2011 (1)
  14. Google Suchergebnisse leiten beim Klick auf völlig fremde Seiten weiter (meist Werbung)
    Log-Analyse und Auswertung - 20.05.2011 (9)
  15. google Suchergebnisse sind falsch verlinkt, erst beim 3.Versuch wird die richtige Seite geöffnet
    Log-Analyse und Auswertung - 15.04.2011 (54)
  16. Google Suchergebnis unerwünschte Weiterleitung- bis jetzt hat garnichts geklappt
    Plagegeister aller Art und deren Bekämpfung - 24.11.2010 (6)
  17. Google leitet Suchergebnisse um
    Log-Analyse und Auswertung - 16.12.2008 (12)

Zum Thema Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um - Ein herzliches Hallo zusammen, mein Problem ist folgendes. Habe einen PC (Windows 7 32bit) beim dem man wenn man auf Google zB. Aldi eingibt dann beim anklicken der Suchergebnisse entweder - Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um...
Archiv
Du betrachtest: Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.