Claro Search im Firefox

focus_futura · 15.11.2012, 12:18

Hallo,

leider habe ich seit ein paar tagen Claro Search als Startseite meines Firefox Browsers. Könnt Ihr mir helfen und mir sagen, wie ich den wieder los werde.
Anhand vorheriger Foreneinträge habe ich folgende Logdateien für Euch:

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-15 11:43:31
-----------------------------
11:43:31.881    OS Version: Windows x64 6.1.7601 Service Pack 1
11:43:31.881    Number of processors: 4 586 0x2A07
11:43:31.881    ComputerName: LAPTOP  UserName: 
11:43:34.932    Initialize success
11:43:44.871    AVAST engine defs: 12111500
11:43:50.243    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:43:50.243    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
11:43:50.263    Disk 0 MBR read successfully
11:43:50.263    Disk 0 MBR scan
11:43:50.273    Disk 0 Windows 7 default MBR code
11:43:50.283    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         2117 MB offset 2048
11:43:50.293    Disk 0 Partition - 00     0F Extended LBA            474820 MB offset 4339712
11:43:50.323    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        51201 MB offset 4341760
11:43:50.323    Disk 0 Partition - 00     05     Extended            404614 MB offset 109203456
11:43:50.353    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       404613 MB offset 109205504
11:43:50.363    Disk 0 Partition - 00     05     Extended              5001 MB offset 1042716672
11:43:50.403    Disk 0 Partition 4 00     27 Hidden NTFS WinRE NTFS         5000 MB offset 937854976
11:43:50.413    Disk 0 Partition - 00     05     Extended             14001 MB offset 1881610240
11:43:50.443    Disk 0 Partition 5 00     27 Hidden NTFS WinRE NTFS        14000 MB offset 948099072
11:43:50.503    Disk 0 scanning C:\Windows\system32\drivers
11:44:16.826    Service scanning
11:45:17.708    Modules scanning
11:45:17.718    Disk 0 trace - called modules:
11:45:17.758    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys 
11:45:17.768    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006008060]
11:45:17.778    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80036e8040]
11:45:17.788    5 ACPI.sys[fffff88000ef27a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800450c050]
11:45:17.798    Scan finished successfully
11:49:12.842    Disk 0 MBR has been saved successfully to "C:\Users\Alexander\Desktop\MBR.dat"
11:49:12.862    The log file has been saved successfully to "C:\Users\Alexander\Desktop\aswMBR.txt"

TDSSkiller:

Code:

ATTFilter

12:11:52.0344 11140  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:11:52.0684 11140  ============================================================
12:11:52.0684 11140  Current date / time: 2012/11/15 12:11:52.0684
12:11:52.0684 11140  SystemInfo:
12:11:52.0684 11140  
12:11:52.0684 11140  OS Version: 6.1.7601 ServicePack: 1.0
12:11:52.0684 11140  Product type: Workstation
12:11:52.0684 11140  ComputerName: LAPTOP
12:11:52.0684 11140  UserName: Alexander
12:11:52.0684 11140  Windows directory: C:\Windows
12:11:52.0684 11140  System windows directory: C:\Windows
12:11:52.0684 11140  Running under WOW64
12:11:52.0684 11140  Processor architecture: Intel x64
12:11:52.0684 11140  Number of processors: 4
12:11:52.0684 11140  Page size: 0x1000
12:11:52.0684 11140  Boot type: Normal boot
12:11:52.0684 11140  ============================================================
12:11:53.0386 11140  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:11:53.0402 11140  ============================================================
12:11:53.0402 11140  \Device\Harddisk0\DR0:
12:11:53.0402 11140  MBR partitions:
12:11:53.0402 11140  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x424000, BlocksNum 0x6400800
12:11:53.0417 11140  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6825800, BlocksNum 0x31642800
12:11:53.0464 11140  ============================================================
12:11:53.0495 11140  C: <-> \Device\Harddisk0\DR0\Partition1
12:11:53.0526 11140  F: <-> \Device\Harddisk0\DR0\Partition2
12:11:53.0526 11140  ============================================================
12:11:53.0526 11140  Initialize success
12:11:53.0526 11140  ============================================================
12:12:24.0274 7244  ============================================================
12:12:24.0274 7244  Scan started
12:12:24.0274 7244  Mode: Manual; SigCheck; TDLFS; 
12:12:24.0274 7244  ============================================================
12:12:24.0508 7244  ================ Scan system memory ========================
12:12:24.0508 7244  System memory - ok
12:12:24.0508 7244  ================ Scan services =============================
12:12:24.0664 7244  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:12:24.0882 7244  1394ohci - ok
12:12:24.0929 7244  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:12:24.0976 7244  ACPI - ok
12:12:25.0007 7244  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:12:25.0085 7244  AcpiPmi - ok
12:12:25.0194 7244  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:12:25.0225 7244  AdobeARMservice - ok
12:12:25.0381 7244  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:12:25.0412 7244  AdobeFlashPlayerUpdateSvc - ok
12:12:25.0459 7244  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:12:25.0522 7244  adp94xx - ok
12:12:25.0584 7244  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:12:25.0631 7244  adpahci - ok
12:12:25.0662 7244  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:12:25.0709 7244  adpu320 - ok
12:12:25.0740 7244  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:12:25.0943 7244  AeLookupSvc - ok
12:12:26.0005 7244  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:12:26.0099 7244  AFD - ok
12:12:26.0146 7244  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:12:26.0161 7244  agp440 - ok
12:12:26.0224 7244  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:12:26.0286 7244  ALG - ok
12:12:26.0317 7244  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:12:26.0348 7244  aliide - ok
12:12:26.0395 7244  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:12:26.0411 7244  amdide - ok
12:12:26.0458 7244  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:12:26.0504 7244  AmdK8 - ok
12:12:26.0536 7244  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:12:26.0567 7244  AmdPPM - ok
12:12:26.0614 7244  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:12:26.0645 7244  amdsata - ok
12:12:26.0692 7244  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:12:26.0738 7244  amdsbs - ok
12:12:26.0738 7244  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:12:26.0770 7244  amdxata - ok
12:12:26.0841 7244  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:12:26.0881 7244  AntiVirSchedulerService - ok
12:12:26.0901 7244  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:12:26.0931 7244  AntiVirService - ok
12:12:26.0971 7244  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:12:27.0201 7244  AppID - ok
12:12:27.0241 7244  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:12:27.0361 7244  AppIDSvc - ok
12:12:27.0381 7244  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:12:27.0491 7244  Appinfo - ok
12:12:27.0551 7244  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:12:27.0571 7244  Apple Mobile Device - ok
12:12:27.0611 7244  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
12:12:27.0641 7244  arc - ok
12:12:27.0661 7244  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:12:27.0691 7244  arcsas - ok
12:12:27.0771 7244  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:12:27.0801 7244  aspnet_state - ok
12:12:27.0841 7244  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:12:27.0961 7244  AsyncMac - ok
12:12:28.0001 7244  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:12:28.0021 7244  atapi - ok
12:12:28.0091 7244  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
12:12:28.0231 7244  athr - ok
12:12:28.0302 7244  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:12:28.0452 7244  AudioEndpointBuilder - ok
12:12:28.0492 7244  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:12:28.0592 7244  AudioSrv - ok
12:12:28.0642 7244  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:12:28.0722 7244  avgntflt - ok
12:12:28.0762 7244  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:12:28.0792 7244  avipbb - ok
12:12:28.0812 7244  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:12:28.0842 7244  avkmgr - ok
12:12:28.0902 7244  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:12:29.0012 7244  AxInstSV - ok
12:12:29.0092 7244  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:12:29.0172 7244  b06bdrv - ok
12:12:29.0222 7244  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:12:29.0282 7244  b57nd60a - ok
12:12:29.0352 7244  [ 6F29CA4EA1DB1888016EB22ADAE4227D ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
12:12:29.0382 7244  bcbtums - ok
12:12:29.0412 7244  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:12:29.0462 7244  BDESVC - ok
12:12:29.0472 7244  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:12:29.0582 7244  Beep - ok
12:12:29.0652 7244  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:12:29.0802 7244  BFE - ok
12:12:29.0862 7244  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:12:30.0032 7244  BITS - ok
12:12:30.0072 7244  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:12:30.0142 7244  blbdrive - ok
12:12:30.0212 7244  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:12:30.0272 7244  Bonjour Service - ok
12:12:30.0332 7244  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:12:30.0392 7244  bowser - ok
12:12:30.0432 7244  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:12:30.0472 7244  BrFiltLo - ok
12:12:30.0492 7244  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:12:30.0542 7244  BrFiltUp - ok
12:12:30.0582 7244  [ 5C2F352A4E961D72518261257AAE204B ] Bridge          C:\Windows\system32\DRIVERS\bridge.sys
12:12:30.0692 7244  Bridge - ok
12:12:30.0722 7244  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:12:30.0822 7244  BridgeMP - ok
12:12:30.0862 7244  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:12:30.0922 7244  Browser - ok
12:12:30.0982 7244  Browser Manager - ok
12:12:31.0022 7244  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:12:31.0102 7244  Brserid - ok
12:12:31.0142 7244  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:12:31.0202 7244  BrSerWdm - ok
12:12:31.0272 7244  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:12:31.0362 7244  BrUsbMdm - ok
12:12:31.0392 7244  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:12:31.0422 7244  BrUsbSer - ok
12:12:31.0492 7244  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:12:31.0542 7244  BthEnum - ok
12:12:31.0582 7244  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:12:31.0632 7244  BTHMODEM - ok
12:12:31.0682 7244  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:12:31.0732 7244  BthPan - ok
12:12:31.0782 7244  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
12:12:31.0862 7244  BTHPORT - ok
12:12:31.0902 7244  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:12:31.0992 7244  bthserv - ok
12:12:32.0022 7244  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
12:12:32.0082 7244  BTHUSB - ok
12:12:32.0162 7244  [ 72CC5DCC4E67E7927F94801166CFDCDA ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
12:12:32.0202 7244  BTWAMPFL - ok
12:12:32.0252 7244  [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
12:12:32.0272 7244  btwaudio - ok
12:12:32.0322 7244  [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
12:12:32.0352 7244  btwavdt - ok
12:12:32.0462 7244  [ 36E3016BEDC45274E00E2943B591AEEF ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:12:32.0542 7244  btwdins - ok
12:12:32.0592 7244  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
12:12:32.0612 7244  btwl2cap - ok
12:12:32.0662 7244  [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
12:12:32.0682 7244  btwrchid - ok
12:12:32.0742 7244  [ 4604AE79A0F3217EEC476C6BA19A031E ] CBFilterFS      C:\Windows\system32\drivers\cbfltfs.sys
12:12:32.0772 7244  CBFilterFS - ok
12:12:32.0812 7244  [ 713D5DF9D4B113BFDE0EF9D55E4DB216 ] cbfs3           C:\Windows\system32\drivers\cbfs3.sys
12:12:32.0872 7244  cbfs3 - ok
12:12:32.0902 7244  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:12:33.0012 7244  cdfs - ok
12:12:33.0062 7244  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:12:33.0122 7244  cdrom - ok
12:12:33.0172 7244  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:12:33.0312 7244  CertPropSvc - ok
12:12:33.0352 7244  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
12:12:33.0412 7244  circlass - ok
12:12:33.0452 7244  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:12:33.0512 7244  CLFS - ok
12:12:33.0572 7244  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:12:33.0602 7244  clr_optimization_v2.0.50727_32 - ok
12:12:33.0652 7244  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:12:33.0672 7244  clr_optimization_v2.0.50727_64 - ok
12:12:33.0732 7244  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:12:33.0762 7244  clr_optimization_v4.0.30319_32 - ok
12:12:33.0772 7244  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:12:33.0802 7244  clr_optimization_v4.0.30319_64 - ok
12:12:33.0852 7244  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:12:33.0902 7244  CmBatt - ok
12:12:33.0932 7244  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:12:33.0972 7244  cmdide - ok
12:12:34.0012 7244  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:12:34.0122 7244  CNG - ok
12:12:34.0162 7244  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:12:34.0192 7244  Compbatt - ok
12:12:34.0232 7244  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:12:34.0303 7244  CompositeBus - ok
12:12:34.0323 7244  COMSysApp - ok
12:12:34.0353 7244  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:12:34.0383 7244  crcdisk - ok
12:12:34.0423 7244  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:12:34.0503 7244  CryptSvc - ok
12:12:34.0553 7244  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:12:34.0683 7244  DcomLaunch - ok
12:12:34.0723 7244  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:12:34.0833 7244  defragsvc - ok
12:12:34.0873 7244  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:12:34.0993 7244  DfsC - ok
12:12:35.0053 7244  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:12:35.0123 7244  Dhcp - ok
12:12:35.0183 7244  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:12:35.0304 7244  discache - ok
12:12:35.0344 7244  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
12:12:35.0374 7244  Disk - ok
12:12:35.0424 7244  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:12:35.0494 7244  Dnscache - ok
12:12:35.0524 7244  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:12:35.0654 7244  dot3svc - ok
12:12:35.0684 7244  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:12:35.0814 7244  DPS - ok
12:12:35.0854 7244  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:12:35.0904 7244  drmkaud - ok
12:12:36.0014 7244  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:12:36.0094 7244  DXGKrnl - ok
12:12:36.0154 7244  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:12:36.0304 7244  EapHost - ok
12:12:36.0434 7244  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:12:36.0624 7244  ebdrv - ok
12:12:36.0664 7244  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:12:36.0724 7244  EFS - ok
12:12:36.0814 7244  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:12:36.0914 7244  ehRecvr - ok
12:12:36.0934 7244  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:12:36.0974 7244  ehSched - ok
12:12:37.0034 7244  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:12:37.0104 7244  elxstor - ok
12:12:37.0124 7244  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:12:37.0174 7244  ErrDev - ok
12:12:37.0244 7244  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:12:37.0385 7244  EventSystem - ok
12:12:37.0515 7244  [ 7A526761229C10B0D8508B905F0FEE4C ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:12:37.0645 7244  EvtEng - ok
12:12:37.0705 7244  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:12:37.0835 7244  exfat - ok
12:12:37.0875 7244  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:12:37.0995 7244  fastfat - ok
12:12:38.0045 7244  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:12:38.0135 7244  Fax - ok
12:12:38.0165 7244  [ 9955BF48FD2FA8D481848CD3024EDD0B ] FBIOSDRV        C:\Windows\system32\Drivers\FBIOSDRV.sys
12:12:38.0195 7244  FBIOSDRV - ok
12:12:38.0215 7244  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
12:12:38.0255 7244  fdc - ok
12:12:38.0305 7244  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:12:38.0415 7244  fdPHost - ok
12:12:38.0445 7244  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:12:38.0575 7244  FDResPub - ok
12:12:38.0605 7244  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:12:38.0645 7244  FileInfo - ok
12:12:38.0665 7244  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:12:38.0795 7244  Filetrace - ok
12:12:38.0825 7244  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:12:38.0865 7244  flpydisk - ok
12:12:38.0935 7244  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:12:39.0005 7244  FltMgr - ok
12:12:39.0145 7244  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
12:12:39.0265 7244  FontCache - ok
12:12:39.0316 7244  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:12:39.0346 7244  FontCache3.0.0.0 - ok
12:12:39.0366 7244  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:12:39.0396 7244  FsDepends - ok
12:12:39.0426 7244  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:12:39.0456 7244  Fs_Rec - ok
12:12:39.0546 7244  [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1         C:\Windows\system32\DRIVERS\FUJ02B1.sys
12:12:39.0606 7244  FUJ02B1 - ok
12:12:39.0656 7244  [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3         C:\Windows\system32\drivers\FUJ02E3.sys
12:12:39.0716 7244  FUJ02E3 - ok
12:12:39.0816 7244  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:12:39.0866 7244  fvevol - ok
12:12:39.0896 7244  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:12:39.0956 7244  gagp30kx - ok
12:12:40.0006 7244  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:12:40.0036 7244  GEARAspiWDM - ok
12:12:40.0086 7244  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
12:12:40.0116 7244  ggflt - ok
12:12:40.0156 7244  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
12:12:40.0186 7244  ggsemc - ok
12:12:40.0246 7244  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:12:40.0366 7244  gpsvc - ok
12:12:40.0436 7244  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:12:40.0466 7244  gusvc - ok
12:12:40.0506 7244  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:12:40.0566 7244  hcw85cir - ok
12:12:40.0606 7244  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:12:40.0676 7244  HdAudAddService - ok
12:12:40.0726 7244  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:12:40.0766 7244  HDAudBus - ok
12:12:40.0806 7244  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:12:40.0836 7244  HidBatt - ok
12:12:40.0866 7244  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:12:40.0916 7244  HidBth - ok
12:12:40.0956 7244  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:12:40.0996 7244  HidIr - ok
12:12:41.0026 7244  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:12:41.0126 7244  hidserv - ok
12:12:41.0186 7244  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:12:41.0206 7244  HidUsb - ok
12:12:41.0246 7244  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:12:41.0366 7244  hkmsvc - ok
12:12:41.0396 7244  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:12:41.0466 7244  HomeGroupListener - ok
12:12:41.0496 7244  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:12:41.0556 7244  HomeGroupProvider - ok
12:12:41.0586 7244  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:12:41.0616 7244  HpSAMD - ok
12:12:41.0666 7244  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:12:41.0816 7244  HTTP - ok
12:12:41.0896 7244  [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:12:41.0946 7244  hwdatacard - ok
12:12:41.0976 7244  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:12:42.0006 7244  hwpolicy - ok
12:12:42.0066 7244  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:12:42.0096 7244  i8042prt - ok
12:12:42.0156 7244  [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
12:12:42.0186 7244  iaStor - ok
12:12:42.0231 7244  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:12:42.0278 7244  iaStorV - ok
12:12:42.0341 7244  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:12:42.0420 7244  idsvc - ok
12:12:42.0825 7244  [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:12:43.0418 7244  igfx - ok
12:12:43.0449 7244  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:12:43.0480 7244  iirsp - ok
12:12:43.0527 7244  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:12:43.0668 7244  IKEEXT - ok
12:12:43.0714 7244  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
12:12:43.0746 7244  intaud_WaveExtensible - ok
12:12:43.0855 7244  [ D492D3B5A8DDDE1D6621A8C53855EABF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:12:44.0026 7244  IntcAzAudAddService - ok
12:12:44.0089 7244  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:12:44.0151 7244  IntcDAud - ok
12:12:44.0182 7244  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:12:44.0214 7244  intelide - ok
12:12:44.0229 7244  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:12:44.0276 7244  intelppm - ok
12:12:44.0307 7244  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:12:44.0415 7244  IPBusEnum - ok
12:12:44.0475 7244  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:12:44.0585 7244  IpFilterDriver - ok
12:12:44.0615 7244  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:12:44.0755 7244  iphlpsvc - ok
12:12:44.0785 7244  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:12:44.0825 7244  IPMIDRV - ok
12:12:44.0845 7244  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:12:44.0955 7244  IPNAT - ok
12:12:45.0035 7244  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:12:45.0115 7244  iPod Service - ok
12:12:45.0135 7244  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:12:45.0185 7244  IRENUM - ok
12:12:45.0205 7244  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:12:45.0235 7244  isapnp - ok
12:12:45.0275 7244  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:12:45.0315 7244  iScsiPrt - ok
12:12:45.0365 7244  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
12:12:45.0395 7244  iwdbus - ok
12:12:45.0415 7244  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:12:45.0445 7244  kbdclass - ok
12:12:45.0475 7244  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:12:45.0515 7244  kbdhid - ok
12:12:45.0545 7244  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:12:45.0585 7244  KeyIso - ok
12:12:45.0605 7244  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:12:45.0635 7244  KSecDD - ok
12:12:45.0675 7244  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:12:45.0705 7244  KSecPkg - ok
12:12:45.0735 7244  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:12:45.0845 7244  ksthunk - ok
12:12:45.0885 7244  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:12:46.0015 7244  KtmRm - ok
12:12:46.0065 7244  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:12:46.0175 7244  LanmanServer - ok
12:12:46.0205 7244  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:12:46.0305 7244  LanmanWorkstation - ok
12:12:46.0335 7244  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:12:46.0446 7244  lltdio - ok
12:12:46.0478 7244  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:12:46.0602 7244  lltdsvc - ok
12:12:46.0618 7244  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:12:46.0712 7244  lmhosts - ok
12:12:46.0790 7244  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:12:46.0821 7244  LMS - ok
12:12:46.0852 7244  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:12:46.0883 7244  LSI_FC - ok
12:12:46.0914 7244  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:12:46.0946 7244  LSI_SAS - ok
12:12:46.0977 7244  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:12:47.0008 7244  LSI_SAS2 - ok
12:12:47.0024 7244  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:12:47.0055 7244  LSI_SCSI - ok
12:12:47.0086 7244  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:12:47.0195 7244  luafv - ok
12:12:47.0258 7244  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:12:47.0289 7244  MBAMProtector - ok
12:12:47.0351 7244  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:12:47.0382 7244  MBAMScheduler - ok
12:12:47.0444 7244  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:12:47.0514 7244  MBAMService - ok
12:12:47.0584 7244  [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
12:12:47.0614 7244  McComponentHostService - ok
12:12:47.0654 7244  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:12:47.0694 7244  Mcx2Svc - ok
12:12:47.0724 7244  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:12:47.0754 7244  megasas - ok
12:12:47.0794 7244  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:12:47.0834 7244  MegaSR - ok
12:12:47.0874 7244  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:12:47.0894 7244  MEIx64 - ok
12:12:47.0964 7244  Microsoft SharePoint Workspace Audit Service - ok
12:12:48.0004 7244  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:12:48.0124 7244  MMCSS - ok
12:12:48.0154 7244  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:12:48.0264 7244  Modem - ok
12:12:48.0284 7244  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:12:48.0334 7244  monitor - ok
12:12:48.0364 7244  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:12:48.0394 7244  mouclass - ok
12:12:48.0434 7244  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:12:48.0464 7244  mouhid - ok
12:12:48.0514 7244  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:12:48.0544 7244  mountmgr - ok
12:12:48.0614 7244  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:12:48.0644 7244  MozillaMaintenance - ok
12:12:48.0684 7244  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:12:48.0714 7244  mpio - ok
12:12:48.0734 7244  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:12:48.0834 7244  mpsdrv - ok
12:12:48.0894 7244  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:12:49.0044 7244  MpsSvc - ok
12:12:49.0064 7244  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:12:49.0134 7244  MRxDAV - ok
12:12:49.0174 7244  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:12:49.0224 7244  mrxsmb - ok
12:12:49.0254 7244  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:12:49.0294 7244  mrxsmb10 - ok
12:12:49.0324 7244  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:12:49.0384 7244  mrxsmb20 - ok
12:12:49.0414 7244  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:12:49.0435 7244  msahci - ok
12:12:49.0465 7244  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:12:49.0495 7244  msdsm - ok
12:12:49.0525 7244  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:12:49.0575 7244  MSDTC - ok
12:12:49.0625 7244  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:12:49.0725 7244  Msfs - ok
12:12:49.0745 7244  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:12:49.0855 7244  mshidkmdf - ok
12:12:49.0885 7244  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:12:49.0915 7244  msisadrv - ok
12:12:49.0945 7244  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:12:50.0065 7244  MSiSCSI - ok
12:12:50.0065 7244  msiserver - ok
12:12:50.0105 7244  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:12:50.0195 7244  MSKSSRV - ok
12:12:50.0205 7244  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:12:50.0305 7244  MSPCLOCK - ok
12:12:50.0315 7244  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:12:50.0425 7244  MSPQM - ok
12:12:50.0445 7244  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:12:50.0505 7244  MsRPC - ok
12:12:50.0535 7244  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:12:50.0565 7244  mssmbios - ok
12:12:50.0595 7244  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:12:50.0705 7244  MSTEE - ok
12:12:50.0745 7244  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:12:50.0805 7244  MTConfig - ok
12:12:50.0835 7244  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:12:50.0865 7244  Mup - ok
12:12:50.0915 7244  [ 95D193CAE3C4D575D88B6D93DDCD60D3 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:12:50.0955 7244  MyWiFiDHCPDNS - ok
12:12:50.0995 7244  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:12:51.0125 7244  napagent - ok
12:12:51.0185 7244  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:12:51.0255 7244  NativeWifiP - ok
12:12:51.0305 7244  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:12:51.0395 7244  NDIS - ok
12:12:51.0425 7244  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:12:51.0535 7244  NdisCap - ok
12:12:51.0555 7244  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:12:51.0665 7244  NdisTapi - ok
12:12:51.0815 7244  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:12:51.0915 7244  Ndisuio - ok
12:12:51.0965 7244  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:12:52.0075 7244  NdisWan - ok
12:12:52.0125 7244  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:12:52.0235 7244  NDProxy - ok
12:12:52.0255 7244  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:12:52.0365 7244  NetBIOS - ok
12:12:52.0395 7244  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:12:52.0515 7244  NetBT - ok
12:12:52.0535 7244  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:12:52.0565 7244  Netlogon - ok
12:12:52.0625 7244  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:12:52.0755 7244  Netman - ok
12:12:52.0795 7244  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:12:52.0815 7244  NetMsmqActivator - ok
12:12:52.0825 7244  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:12:52.0855 7244  NetPipeActivator - ok
12:12:52.0875 7244  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:12:52.0985 7244  netprofm - ok
12:12:52.0995 7244  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:12:53.0015 7244  NetTcpActivator - ok
12:12:53.0025 7244  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:12:53.0055 7244  NetTcpPortSharing - ok
12:12:53.0325 7244  [ 8ADAA4CC125EC1A1CB66E363DF531CC4 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
12:12:53.0876 7244  NETwNs64 - ok
12:12:53.0906 7244  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:12:53.0936 7244  nfrd960 - ok
12:12:54.0006 7244  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:12:54.0106 7244  NlaSvc - ok
12:12:54.0146 7244  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:12:54.0246 7244  Npfs - ok
12:12:54.0276 7244  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:12:54.0376 7244  nsi - ok
12:12:54.0396 7244  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:12:54.0506 7244  nsiproxy - ok
12:12:54.0576 7244  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:12:54.0696 7244  Ntfs - ok
12:12:54.0716 7244  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:12:54.0816 7244  Null - ok
12:12:54.0836 7244  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:12:54.0866 7244  nvraid - ok
12:12:54.0886 7244  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:12:54.0916 7244  nvstor - ok
12:12:54.0962 7244  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:12:54.0994 7244  nv_agp - ok
12:12:55.0025 7244  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:12:55.0072 7244  ohci1394 - ok
12:12:55.0150 7244  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:12:55.0181 7244  ose - ok
12:12:55.0368 7244  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:12:55.0664 7244  osppsvc - ok
12:12:55.0711 7244  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:12:55.0789 7244  p2pimsvc - ok
12:12:55.0820 7244  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:12:55.0883 7244  p2psvc - ok
12:12:55.0914 7244  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
12:12:55.0961 7244  Parport - ok
12:12:55.0976 7244  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:12:56.0008 7244  partmgr - ok
12:12:56.0023 7244  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:12:56.0086 7244  PcaSvc - ok
12:12:56.0117 7244  [ B26E102E0F54773119B162F56C9DD994 ] pci             C:\Windows\system32\drivers\pci.sys
12:12:56.0148 7244  pci - ok
12:12:56.0179 7244  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:12:56.0195 7244  pciide - ok
12:12:56.0242 7244  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:12:56.0273 7244  pcmcia - ok
12:12:56.0304 7244  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:12:56.0335 7244  pcw - ok
12:12:56.0366 7244  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:12:56.0491 7244  PEAUTH - ok
12:12:56.0585 7244  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:12:56.0632 7244  PerfHost - ok
12:12:56.0710 7244  [ 6CE8BB00A615A4F3FA2F36FDB2EF4EFA ] PFNService      C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
12:12:56.0756 7244  PFNService ( UnsignedFile.Multi.Generic ) - warning
12:12:56.0756 7244  PFNService - detected UnsignedFile.Multi.Generic (1)
12:12:56.0819 7244  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:12:56.0975 7244  pla - ok
12:12:57.0022 7244  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:12:57.0100 7244  PlugPlay - ok
12:12:57.0115 7244  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:12:57.0146 7244  PNRPAutoReg - ok
12:12:57.0178 7244  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:12:57.0224 7244  PNRPsvc - ok
12:12:57.0256 7244  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:12:57.0396 7244  PolicyAgent - ok
12:12:57.0427 7244  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
12:12:57.0490 7244  Power - ok
12:12:57.0552 7244  [ 76FF4836EFA78DBF3F39F612D88CA7E7 ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
12:12:57.0568 7244  PowerSavingUtilityService - ok
12:12:57.0599 7244  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:12:57.0708 7244  PptpMiniport - ok
12:12:57.0739 7244  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
12:12:57.0786 7244  Processor - ok
12:12:57.0827 7244  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:12:57.0877 7244  ProfSvc - ok
12:12:57.0887 7244  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:12:57.0917 7244  ProtectedStorage - ok
12:12:57.0947 7244  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:12:58.0057 7244  Psched - ok
12:12:58.0117 7244  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:12:58.0227 7244  ql2300 - ok
12:12:58.0247 7244  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:12:58.0287 7244  ql40xx - ok
12:12:58.0317 7244  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:12:58.0377 7244  QWAVE - ok
12:12:58.0397 7244  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:12:58.0457 7244  QWAVEdrv - ok
12:12:58.0477 7244  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:12:58.0577 7244  RasAcd - ok
12:12:58.0617 7244  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:12:58.0707 7244  RasAgileVpn - ok
12:12:58.0727 7244  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:12:58.0837 7244  RasAuto - ok
12:12:58.0867 7244  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:12:58.0977 7244  Rasl2tp - ok
12:12:59.0017 7244  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:12:59.0137 7244  RasMan - ok
12:12:59.0167 7244  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:12:59.0267 7244  RasPppoe - ok
12:12:59.0287 7244  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:12:59.0397 7244  RasSstp - ok
12:12:59.0417 7244  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:12:59.0537 7244  rdbss - ok
12:12:59.0567 7244  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:12:59.0617 7244  rdpbus - ok
12:12:59.0657 7244  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:12:59.0757 7244  RDPCDD - ok
12:12:59.0787 7244  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:12:59.0897 7244  RDPENCDD - ok
12:12:59.0923 7244  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:13:00.0016 7244  RDPREFMP - ok
12:13:00.0063 7244  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:13:00.0141 7244  RDPWD - ok
12:13:00.0172 7244  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:13:00.0204 7244  rdyboost - ok
12:13:00.0297 7244  [ 2EC95080FAD2621C5E3034DE4C39A2A3 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:13:00.0375 7244  RegSrvc - ok
12:13:00.0406 7244  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:13:00.0516 7244  RemoteAccess - ok
12:13:00.0562 7244  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:13:00.0672 7244  RemoteRegistry - ok
12:13:00.0734 7244  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:13:00.0781 7244  RFCOMM - ok
12:13:00.0812 7244  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:13:00.0921 7244  RpcEptMapper - ok
12:13:00.0937 7244  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:13:00.0968 7244  RpcLocator - ok
12:13:00.0999 7244  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:13:01.0093 7244  RpcSs - ok
12:13:01.0140 7244  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:13:01.0249 7244  rspndr - ok
12:13:01.0296 7244  [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:13:01.0342 7244  RSUSBSTOR - ok
12:13:01.0389 7244  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:13:01.0436 7244  RTL8167 - ok
12:13:01.0467 7244  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:13:01.0498 7244  SamSs - ok
12:13:01.0514 7244  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:13:01.0545 7244  sbp2port - ok
12:13:01.0576 7244  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:13:01.0701 7244  SCardSvr - ok
12:13:01.0727 7244  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:13:01.0827 7244  scfilter - ok
12:13:01.0877 7244  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:13:02.0017 7244  Schedule - ok
12:13:02.0037 7244  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:13:02.0127 7244  SCPolicySvc - ok
12:13:02.0157 7244  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:13:02.0227 7244  SDRSVC - ok
12:13:02.0257 7244  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:13:02.0367 7244  secdrv - ok
12:13:02.0397 7244  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:13:02.0507 7244  seclogon - ok
12:13:02.0537 7244  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:13:02.0647 7244  SENS - ok
12:13:02.0667 7244  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:13:02.0717 7244  SensrSvc - ok
12:13:02.0747 7244  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:13:02.0787 7244  Serenum - ok
12:13:02.0827 7244  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
12:13:02.0867 7244  Serial - ok
12:13:02.0897 7244  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:13:02.0927 7244  sermouse - ok
12:13:02.0967 7244  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:13:03.0077 7244  SessionEnv - ok
12:13:03.0107 7244  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:13:03.0147 7244  sffdisk - ok
12:13:03.0177 7244  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:13:03.0227 7244  sffp_mmc - ok
12:13:03.0257 7244  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:13:03.0297 7244  sffp_sd - ok
12:13:03.0317 7244  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:13:03.0357 7244  sfloppy - ok
12:13:03.0407 7244  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:13:03.0517 7244  SharedAccess - ok
12:13:03.0567 7244  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:13:03.0697 7244  ShellHWDetection - ok
12:13:03.0717 7244  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:13:03.0747 7244  SiSRaid2 - ok
12:13:03.0787 7244  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:13:03.0817 7244  SiSRaid4 - ok
12:13:03.0847 7244  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:13:03.0957 7244  Smb - ok
12:13:03.0997 7244  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:13:04.0037 7244  SNMPTRAP - ok
12:13:04.0107 7244  [ 9CD1C53490EB5601870A69A8E40F7B12 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
12:13:04.0237 7244  SNP2UVC - ok
12:13:04.0327 7244  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
12:13:04.0357 7244  Sony PC Companion - ok
12:13:04.0377 7244  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:13:04.0397 7244  spldr - ok
12:13:04.0437 7244  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:13:04.0527 7244  Spooler - ok
12:13:04.0648 7244  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:13:04.0888 7244  sppsvc - ok
12:13:04.0918 7244  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:13:05.0028 7244  sppuinotify - ok
12:13:05.0078 7244  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:13:05.0148 7244  srv - ok
12:13:05.0178 7244  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:13:05.0228 7244  srv2 - ok
12:13:05.0248 7244  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:13:05.0298 7244  srvnet - ok
12:13:05.0338 7244  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:13:05.0458 7244  SSDPSRV - ok
12:13:05.0478 7244  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:13:05.0578 7244  SstpSvc - ok
12:13:05.0608 7244  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:13:05.0638 7244  stexstor - ok
12:13:05.0668 7244  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:13:05.0708 7244  StillCam - ok
12:13:05.0758 7244  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:13:05.0858 7244  stisvc - ok
12:13:05.0878 7244  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:13:05.0908 7244  swenum - ok
12:13:05.0948 7244  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:13:06.0078 7244  swprv - ok
12:13:06.0128 7244  [ 3C08FB2829A5304825F974B1631DEDFA ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:13:06.0168 7244  SynTP - ok
12:13:06.0228 7244  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:13:06.0357 7244  SysMain - ok
12:13:06.0373 7244  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:13:06.0419 7244  TabletInputService - ok
12:13:06.0451 7244  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:13:06.0576 7244  TapiSrv - ok
12:13:06.0606 7244  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:13:06.0696 7244  TBS - ok
12:13:06.0786 7244  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:13:06.0916 7244  Tcpip - ok
12:13:06.0996 7244  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:13:07.0096 7244  TCPIP6 - ok
12:13:07.0126 7244  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:13:07.0236 7244  tcpipreg - ok
12:13:07.0256 7244  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:13:07.0316 7244  TDPIPE - ok
12:13:07.0346 7244  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:13:07.0396 7244  TDTCP - ok
12:13:07.0436 7244  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:13:07.0546 7244  tdx - ok
12:13:07.0576 7244  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:13:07.0606 7244  TermDD - ok
12:13:07.0656 7244  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:13:07.0796 7244  TermService - ok
12:13:07.0816 7244  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:13:07.0876 7244  Themes - ok
12:13:07.0896 7244  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:13:07.0996 7244  THREADORDER - ok
12:13:08.0016 7244  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:13:08.0126 7244  TrkWks - ok
12:13:08.0186 7244  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:13:08.0286 7244  TrustedInstaller - ok
12:13:08.0336 7244  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:08.0436 7244  tssecsrv - ok
12:13:08.0456 7244  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:13:08.0516 7244  TsUsbFlt - ok
12:13:08.0546 7244  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:13:08.0587 7244  TsUsbGD - ok
12:13:08.0637 7244  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:13:08.0737 7244  tunnel - ok
12:13:08.0777 7244  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:13:08.0807 7244  uagp35 - ok
12:13:08.0837 7244  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:13:08.0947 7244  udfs - ok
12:13:08.0987 7244  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:13:09.0017 7244  UI0Detect - ok
12:13:09.0047 7244  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:13:09.0077 7244  uliagpkx - ok
12:13:09.0117 7244  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:13:09.0167 7244  umbus - ok
12:13:09.0207 7244  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:13:09.0247 7244  UmPass - ok
12:13:09.0367 7244  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:13:09.0547 7244  UNS - ok
12:13:09.0587 7244  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:13:09.0707 7244  upnphost - ok
12:13:09.0757 7244  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:13:09.0777 7244  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
12:13:09.0777 7244  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
12:13:09.0807 7244  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:13:09.0857 7244  usbccgp - ok
12:13:09.0877 7244  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:13:09.0927 7244  usbcir - ok
12:13:09.0947 7244  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:13:09.0987 7244  usbehci - ok
12:13:10.0017 7244  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:13:10.0077 7244  usbhub - ok
12:13:10.0107 7244  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:13:10.0147 7244  usbohci - ok
12:13:10.0177 7244  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:13:10.0227 7244  usbprint - ok
12:13:10.0277 7244  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:13:10.0327 7244  usbscan - ok
12:13:10.0347 7244  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:13:10.0397 7244  USBSTOR - ok
12:13:10.0427 7244  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:13:10.0457 7244  usbuhci - ok
12:13:10.0507 7244  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:13:10.0567 7244  usbvideo - ok
12:13:10.0587 7244  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:13:10.0697 7244  UxSms - ok
12:13:10.0727 7244  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:13:10.0757 7244  VaultSvc - ok
12:13:10.0797 7244  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:13:10.0827 7244  vdrvroot - ok
12:13:10.0867 7244  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:13:10.0997 7244  vds - ok
12:13:11.0027 7244  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:11.0067 7244  vga - ok
12:13:11.0087 7244  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:13:11.0197 7244  VgaSave - ok
12:13:11.0237 7244  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:13:11.0277 7244  vhdmp - ok
12:13:11.0307 7244  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:13:11.0337 7244  viaide - ok
12:13:11.0357 7244  [ 071E1B172D49154EE1D23A2ACC472EFB ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:13:11.0387 7244  volmgr - ok
12:13:11.0417 7244  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:13:11.0467 7244  volmgrx - ok
12:13:11.0514 7244  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:13:11.0545 7244  volsnap - ok
12:13:11.0561 7244  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:13:11.0608 7244  vsmraid - ok
12:13:11.0670 7244  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:13:11.0842 7244  VSS - ok
12:13:11.0873 7244  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:13:11.0920 7244  vwifibus - ok
12:13:11.0935 7244  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:13:11.0998 7244  vwififlt - ok
12:13:12.0013 7244  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:13:12.0060 7244  vwifimp - ok
12:13:12.0107 7244  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:13:12.0232 7244  W32Time - ok
12:13:12.0278 7244  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:13:12.0325 7244  WacomPen - ok
12:13:12.0356 7244  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:13:12.0466 7244  WANARP - ok
12:13:12.0481 7244  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:13:12.0567 7244  Wanarpv6 - ok
12:13:12.0647 7244  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:13:12.0737 7244  WatAdminSvc - ok
12:13:12.0807 7244  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:13:12.0917 7244  wbengine - ok
12:13:12.0937 7244  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:13:13.0007 7244  WbioSrvc - ok
12:13:13.0027 7244  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:13:13.0107 7244  wcncsvc - ok
12:13:13.0127 7244  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:13:13.0197 7244  WcsPlugInService - ok
12:13:13.0217 7244  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
12:13:13.0247 7244  Wd - ok
12:13:13.0287 7244  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:13:13.0357 7244  Wdf01000 - ok
12:13:13.0397 7244  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:13:13.0527 7244  WdiServiceHost - ok
12:13:13.0537 7244  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:13:13.0587 7244  WdiSystemHost - ok
12:13:13.0617 7244  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:13:13.0667 7244  WebClient - ok
12:13:13.0687 7244  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:13:13.0807 7244  Wecsvc - ok
12:13:13.0827 7244  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:13:13.0937 7244  wercplsupport - ok
12:13:13.0947 7244  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:13:14.0057 7244  WerSvc - ok
12:13:14.0087 7244  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:13:14.0187 7244  WfpLwf - ok
12:13:14.0197 7244  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:13:14.0227 7244  WIMMount - ok
12:13:14.0247 7244  WinDefend - ok
12:13:14.0267 7244  WinHttpAutoProxySvc - ok
12:13:14.0327 7244  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:13:14.0447 7244  Winmgmt - ok
12:13:14.0527 7244  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:13:14.0708 7244  WinRM - ok
12:13:14.0768 7244  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:13:14.0818 7244  WinUsb - ok
12:13:14.0878 7244  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:13:14.0968 7244  Wlansvc - ok
12:13:15.0008 7244  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:13:15.0038 7244  wlcrasvc - ok
12:13:15.0138 7244  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:13:15.0288 7244  wlidsvc - ok
12:13:15.0308 7244  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:13:15.0358 7244  WmiAcpi - ok
12:13:15.0388 7244  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:13:15.0448 7244  wmiApSrv - ok
12:13:15.0468 7244  WMPNetworkSvc - ok
12:13:15.0498 7244  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:13:15.0548 7244  WPCSvc - ok
12:13:15.0568 7244  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:13:15.0628 7244  WPDBusEnum - ok
12:13:15.0668 7244  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:13:15.0768 7244  ws2ifsl - ok
12:13:15.0798 7244  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:13:15.0848 7244  wscsvc - ok
12:13:15.0848 7244  WSearch - ok
12:13:15.0948 7244  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:13:16.0118 7244  wuauserv - ok
12:13:16.0138 7244  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:13:16.0238 7244  WudfPf - ok
12:13:16.0268 7244  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:13:16.0368 7244  WUDFRd - ok
12:13:16.0398 7244  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:13:16.0498 7244  wudfsvc - ok
12:13:16.0518 7244  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:13:16.0578 7244  WwanSvc - ok
12:13:16.0629 7244  ================ Scan global ===============================
12:13:16.0649 7244  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:13:16.0679 7244  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:13:16.0699 7244  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:13:16.0729 7244  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:13:16.0749 7244  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:13:16.0769 7244  [Global] - ok
12:13:16.0779 7244  ================ Scan MBR ==================================
12:13:16.0789 7244  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:13:17.0279 7244  \Device\Harddisk0\DR0 - ok
12:13:17.0279 7244  ================ Scan VBR ==================================
12:13:17.0319 7244  [ 8E6B498A22A6FA5B17553316A45EC25C ] \Device\Harddisk0\DR0\Partition1
12:13:17.0319 7244  \Device\Harddisk0\DR0\Partition1 - ok
12:13:17.0339 7244  [ DEE7D569366BDAE09336D33EA8269608 ] \Device\Harddisk0\DR0\Partition2
12:13:17.0349 7244  \Device\Harddisk0\DR0\Partition2 - ok
12:13:17.0349 7244  ============================================================
12:13:17.0349 7244  Scan finished
12:13:17.0349 7244  ============================================================
12:13:17.0369 10744  Detected object count: 2
12:13:17.0369 10744  Actual detected object count: 2
12:15:01.0598 10744  PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
12:15:01.0598 10744  PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:15:01.0598 10744  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:15:01.0598 10744  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.007 - Datei am 15/11/2012 um 11:52:11 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Alexander - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexander\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\g32d03c2.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\g32d03c2.default\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files (x86)\Claro LTD
Ordner Gefunden : C:\Program Files (x86)\DealPly
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\Users\ALEXAN~1\AppData\Local\Temp\BabylonToolbar
Ordner Gefunden : C:\Users\Alexander\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gefunden : C:\Users\Alexander\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Claro LTD
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\DealPly
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\Claro LTD
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10005’
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=HP_ss&mntrId=9c42c5110000000000003859f9fd8d59
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=HP_ss&mntrId=9c42c5110000000000003859f9fd8d59

-\\ Mozilla Firefox v16.0.2 (en-US)

Profilname : default 
Datei : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\g32d03c2.default\prefs.js

Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=NT_ss&mn[...]
Gefunden : user_pref("browser.search.defaultenginename", "Claro Search");
Gefunden : user_pref("browser.search.order.1", "Claro Search");
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "9c42c5110000000000003859f9fd8d59");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "9c42c5110000000000003859f9fd8d59");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15452");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:40:18");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "9c42c5110000000000003859f9fd8d59");
Gefunden : user_pref("extensions.claro.instlDay", "15656");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:48:27");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=KW_ss&mntrId=9c[...]
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.de/");
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005’");

*************************

AdwCleaner[R1].txt - [12815 octets] - [15/11/2012 11:52:11]

########## EOF - C:\AdwCleaner[R1].txt - [12876 octets] ##########

Würd mich freuen, wenn ihr mir helfen könnt und ich diesen Schrott bald wieder los bin

Grüße
focus_futura

ryder · 15.11.2012, 12:35

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.

Zitat:

Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Bitte arbeite alle Schritte der Reihe nach ab. Gib mir bitte zu jedem Schritt Rückmeldung (Logfile oder Antwort).

Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.

Bitte kein Crossposting (posten in mehreren Foren).

Installiere oder Deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.

Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf oder das Logfile ist zu gross. Erschwert mir nämlich das auswerten.

Mache deinen Namen nur dann unkenntlich, wenn es unbedingt sein muss.

Sollte ich nicht nach 3 Tagen geantwortet haben, dann (und nur dann) schicke mir bitte eine PM.

Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen!

Scan mit Combofix

Zitat:

WARNUNG:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

focus_futura · 15.11.2012, 14:00

Hier die Logdatei von ComboFix:

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-11-14.01 - Alexander 15.11.2012  13:15:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4009.2303 [GMT 1:00]
ausgeführt von:: c:\users\Alexander\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\Roaming
c:\users\Alexander\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BTStackServer.exe  pid: 8368    294: c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
-------\Service_conhost.exe        pid: 1252     24: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_conhost.exe        pid: 6564     24: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_conhost.exe        pid: 9936     24: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_csrss.exe          pid: 432      3C: c:\windows\System32\de-DE\csrss.exe.mui
-------\Service_dwm.exe            pid: 1656     24: c:\windows\System32\de-DE\dwm.exe.mui
-------\Service_explorer.exe       pid: 1748     38: c:\windows\de-DE\explorer.exe.mui
-------\Service_Handle v3.42
-------\Service_lsm.exe            pid: 636     260: c:\windows\System32\de-DE\lsm.exe.mui
-------\Service_PCCompanion.exe    pid: 4196   1084: c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe
-------\Service_rundll32.exe       pid: 8660     58: c:\windows\SysWOW64\de-DE\rundll32.exe.mui
-------\Service_SearchIndexer.exe  pid: 6536     38: c:\windows\System32\de-DE\SearchIndexer.exe.mui
-------\Service_services.exe       pid: 612      48: c:\windows\System32\de-DE\services.exe.mui
-------\Service_spoolsv.exe        pid: 1336     30: c:\windows\System32\de-DE\spoolsv.exe.mui
-------\Service_svchost.exe        pid: 1004     34: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 1112     34: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 124      34: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 1568     34: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 1864     34: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 2304     94: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 2332     94: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 7364    100: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 7656     8C: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 776      8C: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 868     190: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 8968    140: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 944      34: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_svchost.exe        pid: 968      34: c:\windows\System32\de-DE\svchost.exe.mui
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_taskeng.exe        pid: 1352     30: c:\windows\System32\de-DE\TaskEng.exe.mui
-------\Service_taskhost.exe       pid: 1536     30: c:\windows\System32\de-DE\taskhost.exe.mui
-------\Service_wlanext.exe        pid: 1244     44: c:\windows\System32\de-DE\wlanext.exe.mui
-------\Service_wmpnetwk.exe       pid: 8668     3C: c:\program files\Windows Media Player\de-DE\wmpnetwk.exe.mui
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-15 bis 2012-11-15  ))))))))))))))))))))))))))))))
.
.
2012-11-15 12:33 . 2012-11-15 12:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-15 10:43 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-15 10:43 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 10:43 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 10:43 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-15 10:30 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 10:30 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 10:30 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-15 10:30 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-15 10:30 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-15 10:30 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-15 10:30 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-13 12:01 . 2012-11-13 12:01	--------	d-----w-	c:\users\Alexander\AppData\Roaming\Malwarebytes
2012-11-13 12:00 . 2012-11-13 12:00	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-13 12:00 . 2012-11-13 12:00	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-13 12:00 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-13 11:41 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{90CEBCA9-8B24-48C4-B047-A4C1C54AAB6B}\mpengine.dll
2012-11-12 20:48 . 2012-11-12 20:48	--------	d-----w-	c:\users\Alexander\AppData\Roaming\Claro
2012-11-12 20:48 . 2012-11-14 08:09	--------	d-----w-	c:\programdata\~Browser Manager
2012-11-12 20:48 . 2012-11-12 20:48	--------	d-----w-	c:\program files (x86)\Claro LTD
2012-11-12 20:48 . 2012-11-12 20:48	--------	d-----w-	c:\users\Alexander\AppData\Roaming\pdfforge
2012-11-12 20:48 . 2012-10-12 06:34	100864	----a-w-	c:\windows\system32\pdfcmon.dll
2012-11-12 20:48 . 2012-05-05 10:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-11-12 20:48 . 2012-05-05 10:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-11-12 20:48 . 1998-07-06 17:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2012-11-12 20:48 . 1998-07-06 17:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-11-12 20:48 . 1998-07-06 17:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-11-12 20:48 . 2012-05-05 10:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-11-12 20:46 . 2012-11-12 20:46	--------	d-----w-	c:\users\Alexander\AppData\Local\Programs
2012-11-04 20:57 . 2012-11-04 20:57	--------	d-----w-	c:\users\Alexander\AppData\Roaming\Microsoft Corporation
2012-11-04 20:57 . 2012-11-15 12:32	--------	d-----w-	c:\users\Alexander\AppData\Local\assembly
2012-11-04 20:56 . 2012-11-15 12:10	--------	d-----w-	c:\users\Alexander\AppData\Roaming\Cloudfogger
2012-11-04 20:56 . 2012-11-04 20:56	--------	d-----w-	c:\users\Alexander\AppData\Local\CrashRpt
2012-11-04 20:56 . 2012-08-21 06:45	146184	----a-w-	c:\windows\system32\drivers\cbfltfs.sys
2012-11-04 20:56 . 2012-08-15 10:12	141328	----a-w-	c:\windows\system32\CbFsNetRdr3.dll
2012-11-04 20:56 . 2012-08-15 10:12	223760	----a-w-	c:\windows\SysWow64\CbFsNetRdr3.dll
2012-11-04 20:56 . 2012-08-15 10:02	352456	----a-w-	c:\windows\system32\drivers\cbfs3.sys
2012-11-04 20:56 . 2012-11-04 20:56	--------	d-----w-	c:\programdata\Cloudfogger Outlook Addin
2012-11-04 20:56 . 2011-12-12 16:06	829264	----a-w-	c:\windows\system32\MSVCR100.dll
2012-11-04 20:56 . 2012-11-04 20:56	--------	d-----w-	c:\program files\Cloudfogger
2012-11-04 20:56 . 2011-12-12 16:06	608080	----a-w-	c:\windows\system32\MSVCP100.dll
2012-10-19 15:55 . 2012-09-24 21:16	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-18 13:25 . 2012-10-18 13:25	--------	d-----w-	c:\windows\Hewlett-Packard
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 10:30 . 2011-12-21 15:14	66395536	----a-w-	c:\windows\system32\MRT.exe
2012-11-13 08:17 . 2012-04-03 15:57	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-13 08:17 . 2011-12-21 15:12	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:19 . 2012-10-11 17:24	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 17:24	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-02 08:51 . 2012-08-19 08:05	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-02 08:51 . 2012-02-14 20:37	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19 . 2012-10-11 17:25	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-11 17:25	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 17:25	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-11 17:25	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-27 08:59 . 2012-08-27 08:59	27760	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2012-08-27 08:59 . 2012-08-27 08:59	14448	----a-w-	c:\windows\system32\drivers\ggflt.sys
2012-08-24 18:05 . 2012-10-11 17:24	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-11 17:24	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-12 16:37	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 16:37	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:37	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 07:11	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2012-10-02 16:25	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-12-21 15:43	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-12-21 15:43	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-11 17:25	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-11 17:25	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-11 17:25	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-11 17:25	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-11 17:25	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-11 17:25	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-11 17:25	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-11 17:25	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-11 17:25	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-11 17:24	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-11 17:25	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-11 17:25	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-11 17:25	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-11 17:25	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-11 17:25	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-11 17:25	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-11 17:24	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:38 . 2012-10-11 17:25	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2012-08-20 15:38 . 2012-10-11 17:24	2048	----a-w-	c:\windows\SysWow64\user.exe
2012-08-20 15:33 . 2012-10-11 17:25	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 17:25	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 17:25	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-11 17:25	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}]
2012-10-17 15:56	264160	----a-w-	c:\program files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 10:27	1330480	----a-w-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"= "c:\program files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll" [2012-10-17 338400]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\claro.clarodskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Cloudfogger]
@="{6714BE45-C70D-417A-A1EB-F38C7536D7F7}"
[HKEY_CLASSES_ROOT\CLSID\{6714BE45-C70D-417A-A1EB-F38C7536D7F7}]
2012-10-18 10:31	679296	----a-w-	c:\program files\Cloudfogger\CfShellEx_1.2.1874.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1Cloudfogger]
@="{1F53A523-54CF-4DD5-991B-77D8140502D4}"
[HKEY_CLASSES_ROOT\CLSID\{1F53A523-54CF-4DD5-991B-77D8140502D4}]
2012-10-18 10:31	679296	----a-w-	c:\program files\Cloudfogger\CfShellEx_1.2.1874.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2Cloudfogger]
@="{1ADC5A8D-702C-434D-8B9C-F6450979B424}"
[HKEY_CLASSES_ROOT\CLSID\{1ADC5A8D-702C-434D-8B9C-F6450979B424}]
2012-10-18 10:31	679296	----a-w-	c:\program files\Cloudfogger\CfShellEx_1.2.1874.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
"Facebook Update"="c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Cloudfogger"="c:\program files\Cloudfogger\Cloudfogger.exe" [2012-10-18 4978560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-15 1133856]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-3-31 1380464]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2011-4-12 375296]
newreminderdialog.lnk - c:\program files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe [2011-12-20 931096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-27 14448]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-03-30 340240]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-25 1255736]
R4 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-09 27760]
S1 CBFilterFS;CBFilterFS;c:\windows\system32\drivers\cbfltfs.sys [2012-08-21 146184]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-08-15 352456]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2010-10-04 131112]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-09-21 348712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [2006-11-01 7296]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:17]
.
2012-11-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1521551486-3421521676-2040364671-1001Core.job
- c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-20 20:15]
.
2012-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1521551486-3421521676-2040364671-1001UA.job
- c:\users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-20 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Cloudfogger]
@="{6714BE45-C70D-417A-A1EB-F38C7536D7F7}"
[HKEY_CLASSES_ROOT\CLSID\{6714BE45-C70D-417A-A1EB-F38C7536D7F7}]
2012-10-18 10:31	846720	----a-w-	c:\program files\Cloudfogger\CfShellEx64_1.2.1874.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1Cloudfogger]
@="{1F53A523-54CF-4DD5-991B-77D8140502D4}"
[HKEY_CLASSES_ROOT\CLSID\{1F53A523-54CF-4DD5-991B-77D8140502D4}]
2012-10-18 10:31	846720	----a-w-	c:\program files\Cloudfogger\CfShellEx64_1.2.1874.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2Cloudfogger]
@="{1ADC5A8D-702C-434D-8B9C-F6450979B424}"
[HKEY_CLASSES_ROOT\CLSID\{1ADC5A8D-702C-434D-8B9C-F6450979B424}]
2012-10-18 10:31	846720	----a-w-	c:\program files\Cloudfogger\CfShellEx64_1.2.1874.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2011-01-12 200552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-03-30 1935120]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=HP_ss&mntrId=9c42c5110000000000003859f9fd8d59
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\g32d03c2.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=KW_ss&mntrId=9c42c5110000000000003859f9fd8d59&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 9c42c5110000000000003859f9fd8d59
FF - user.js: extensions.BabylonToolbar_i.hardId - 9c42c5110000000000003859f9fd8d59
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15452
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - 9c42c5110000000000003859f9fd8d59
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15656
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1021:48
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe
.
.
"ImagePath"="System32\Drivers\BTHUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTStackServer.exe  pid: 8368    294: C:]
--
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 1252     24: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 6564     24: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 9936     24: C:]
--
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\csrss.exe          pid: 432      3C: C:]
--
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dwm.exe            pid: 1656     24: C:]
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\explorer.exe       pid: 1748     38: C:]
--
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe            pid: 636     260: C:]
--
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCompanion.exe    pid: 4196   1084: C:]
--
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rundll32.exe       pid: 8660     58: C:]
--
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SearchIndexer.exe  pid: 6536     38: C:]
--
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\services.exe       pid: 612      48: C:]
--
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spoolsv.exe        pid: 1336     30: C:]
--
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 1004     34: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 1112     34: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 124      34: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 1568     34: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 1864     34: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 2304     94: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 2332     94: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 7364    100: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 7656     8C: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 776      8C: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 868     190: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 8968    140: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 944      34: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 968      34: C:]
--
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\taskeng.exe        pid: 1352     30: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\taskhost.exe       pid: 1536     30: C:]
--
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlanext.exe        pid: 1244     44: C:]
--
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe       pid: 8668     3C: C:]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-15  13:51:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-15 12:51
.
Vor Suchlauf: 2.240.479.232 Bytes frei
Nach Suchlauf: 6.275.133.440 Bytes frei
.
- - End Of File - - 369F6829FC68496D16960AF5E3C3CA5F
         
 --- --- ---

ryder · 15.11.2012, 14:40

Da war ja ne Menge Zeugs ...

Wir räumen weiter aus ...

Schritt 1:
AdwCleaner: Werbeprogramme suchen und löschen

Downloade Dir bitte AdwCleaner auf deinen Desktop.
Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Löschen.

Bestätige jeweils mit Ok.

Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.

Poste mir den Inhalt mit deiner nächsten Antwort.

Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Starte bitte die OTL.exe.

Stelle folgendes ein:
Haken bei "Alle Benutzer scannen" und "Inklusive 64bit Scans"

Ausgabe: Minimal

Benutze SafeList in jedem Feld.

Haken bei "Benutze Hersteller-Whitelist"

Dateien erstellt und verändert innerhalb Datei-Alter

Haken bei LOP Prüfung und Purity Prüfung

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%PROGRAMFILES(X86)%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /10
%appdata%\*. 
%appdata%\*.* 
%appdata%\*.exe /s
%localappdata%\*. 
%localappdata%\*.*
%localappdata%\*.exe /s
%allusersprofile%\*. 
%allusersprofile%\*.*
%allusersprofile%\*.exe /s
CREATERESTOREPOINT
         
Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Scan Button.

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread (möglichst in CODE-Tags)

focus_futura · 15.11.2012, 17:02

adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.007 - Datei am 15/11/2012 um 16:22:25 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Alexander - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexander\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\g32d03c2.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\g32d03c2.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\Claro LTD
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Alexander\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\Alexander\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Claro LTD
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Claro LTD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10005’ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=HP_ss&mntrId=9c42c5110000000000003859f9fd8d59 --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v16.0.2 (en-US)

Profilname : default 
Datei : C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\g32d03c2.default\prefs.js

C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\g32d03c2.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=NT_ss&mn[...]
Gelöscht : user_pref("browser.search.defaultenginename", "Claro Search");
Gelöscht : user_pref("browser.search.order.1", "Claro Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "9c42c5110000000000003859f9fd8d59");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "9c42c5110000000000003859f9fd8d59");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15452");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:40:18");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "9c42c5110000000000003859f9fd8d59");
Gelöscht : user_pref("extensions.claro.instlDay", "15656");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:48:27");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=116198&tt=4612_4&babsrc=KW_ss&mntrId=9c[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.de/");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005’");

*************************

AdwCleaner[R1].txt - [12938 octets] - [15/11/2012 11:52:11]
AdwCleaner[S1].txt - [12549 octets] - [15/11/2012 16:22:25]

########## EOF - C:\AdwCleaner[S1].txt - [12610 octets] ##########

OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11/15/2012 4:30:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alexander\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.60% Memory free
7.83 Gb Paging File | 5.90 Gb Available in Paging File | 75.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.00 Gb Total Space | 5.90 Gb Free Space | 11.80% Space Free | Partition Type: NTFS
Drive F: | 395.13 Gb Total Space | 324.91 Gb Free Space | 82.23% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alexander\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Cloudfogger\Cloudfogger.exe (Cloudfogger GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Cloudfogger\CfInstall.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files\Cloudfogger\CrashRpt1300.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Program Files\Cloudfogger\imageformats\qico4.dll ()
MOD - C:\Program Files\Cloudfogger\QtGui4.dll ()
MOD - C:\Program Files\Cloudfogger\QtCore4.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (PFNService) -- C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CBFilterFS) -- C:\Windows\SysNative\drivers\cbfltfs.sys (EldoS Corporation)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (FBIOSDRV) -- C:\Windows\SysNative\drivers\FBIOSDRV.sys (FUJITSU LIMITED)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{8A78311A-58C2-4415-95C4-AD3A51F33E31}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{8A78311A-58C2-4415-95C4-AD3A51F33E31}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alexander\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 19:52:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 19:52:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/12/20 15:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2012/11/13 12:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\g32d03c2.default\extensions
[2012/10/06 09:29:29 | 000,002,273 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\mozilla\firefox\profiles\g32d03c2.default\searchplugins\englische-ergebnisse.xml
[2012/10/06 09:29:29 | 000,010,563 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\mozilla\firefox\profiles\g32d03c2.default\searchplugins\gmx-suche.xml
[2012/10/06 09:29:29 | 000,002,432 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\mozilla\firefox\profiles\g32d03c2.default\searchplugins\lastminute.xml
[2012/10/06 09:29:29 | 000,005,545 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\mozilla\firefox\profiles\g32d03c2.default\searchplugins\webde-suche.xml
[2012/10/29 19:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/29 19:52:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/03 17:54:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/28 10:13:01 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001..\Run: [Cloudfogger] C:\Program Files\Cloudfogger\Cloudfogger.exe (Cloudfogger GmbH)
O4 - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001..\Run: [Facebook Update] C:\Users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newreminderdialog.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A5CD797-8E03-455C-8285-60465F535ED4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/15 13:45:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/15 13:12:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/15 13:12:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/15 13:12:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/15 13:08:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/15 13:07:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/15 13:06:24 | 005,001,537 | R--- | C] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
[2012/11/15 12:09:52 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alexander\Desktop\tdsskiller.exe
[2012/11/15 11:43:44 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 11:43:44 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/15 11:36:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/15 11:33:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/15 11:33:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/15 11:33:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/15 11:33:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/15 11:33:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/15 11:33:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/15 11:33:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/15 11:33:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/15 11:33:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/15 11:33:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/15 11:33:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/15 11:33:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/15 11:33:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/15 11:33:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/15 11:33:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/15 11:32:43 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Alexander\Desktop\aswMBR.exe
[2012/11/15 11:30:09 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/15 11:30:08 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/15 11:30:08 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/15 11:30:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/15 10:13:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/15 10:13:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/15 10:13:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/15 10:13:49 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/15 10:13:49 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/15 10:13:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/15 10:13:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/15 10:13:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/15 10:13:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/15 10:13:29 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 10:13:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/13 13:01:08 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2012/11/13 13:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/13 13:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/13 13:00:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/13 13:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/12 21:48:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Claro
[2012/11/12 21:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\~Browser Manager
[2012/11/12 21:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012/11/12 21:48:05 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012/11/12 21:48:05 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012/11/12 21:48:05 | 000,100,864 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012/11/12 21:48:03 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012/11/12 21:48:03 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012/11/12 21:48:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012/11/12 21:48:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012/11/12 21:46:27 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Programs
[2012/11/11 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2012/11/08 21:07:16 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{E77FEF43-5D0A-4935-9BDC-45B748D8EF26}
[2012/11/04 21:58:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Cloudfogger
[2012/11/04 21:57:51 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft Corporation
[2012/11/04 21:57:44 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\assembly
[2012/11/04 21:56:41 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\CrashRpt
[2012/11/04 21:56:41 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Cloudfogger
[2012/11/04 21:56:26 | 000,352,456 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys
[2012/11/04 21:56:26 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll
[2012/11/04 21:56:26 | 000,146,184 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfltfs.sys
[2012/11/04 21:56:26 | 000,141,328 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll
[2012/11/04 21:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudfogger
[2012/11/04 21:56:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\Add-in Express
[2012/11/04 21:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloudfogger Outlook Addin
[2012/11/04 21:56:16 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCR100.dll
[2012/11/04 21:56:11 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVCP100.dll
[2012/11/04 21:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Cloudfogger
[2012/10/29 19:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/18 14:25:38 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/15 16:31:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 16:31:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 16:23:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 16:23:16 | 3152,547,840 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/15 16:20:01 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1521551486-3421521676-2040364671-1001UA.job
[2012/11/15 14:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 13:07:00 | 005,001,537 | R--- | M] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
[2012/11/15 12:24:30 | 000,412,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/15 12:10:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alexander\Desktop\tdsskiller.exe
[2012/11/15 11:51:43 | 000,541,569 | ---- | M] () -- C:\Users\Alexander\Desktop\adwcleaner.exe
[2012/11/15 11:49:12 | 000,000,512 | ---- | M] () -- C:\Users\Alexander\Desktop\MBR.dat
[2012/11/15 11:46:39 | 000,700,418 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/11/15 11:46:39 | 000,655,090 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/15 11:46:39 | 000,149,182 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/11/15 11:46:39 | 000,121,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/15 11:46:38 | 001,643,236 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/15 11:33:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Alexander\Desktop\aswMBR.exe
[2012/11/14 22:20:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1521551486-3421521676-2040364671-1001Core.job
[2012/11/13 13:00:54 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/11/12 21:48:11 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/11/12 21:48:11 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/11/09 19:33:00 | 003,233,730 | ---- | M] () -- C:\Users\Alexander\Desktop\20121105_Stand_Bula_für_LV_Staemmeinfo.pdf
[2012/11/08 22:38:29 | 103,818,401 | ---- | M] () -- C:\Users\Alexander\Desktop\wö.wmv
[2012/11/04 21:56:19 | 000,000,876 | ---- | M] () -- C:\Users\Alexander\Desktop\Cloudfogger.lnk
[2012/11/02 14:30:21 | 000,109,846 | ---- | M] () -- C:\Users\Alexander\Desktop\Bericht Monstertreffen.pdf
[2012/11/01 20:03:49 | 000,073,561 | ---- | M] () -- C:\Users\Alexander\Desktop\Project_JamDK_Stiftung.pdf
[2012/10/30 18:57:54 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
 
========== Files Created - No Company Name ==========
 
[2012/11/15 13:12:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/15 13:12:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/15 13:12:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/15 13:12:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/15 13:12:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/15 11:51:37 | 000,541,569 | ---- | C] () -- C:\Users\Alexander\Desktop\adwcleaner.exe
[2012/11/15 11:49:12 | 000,000,512 | ---- | C] () -- C:\Users\Alexander\Desktop\MBR.dat
[2012/11/15 11:43:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 11:30:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 13:00:54 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/11/12 21:48:11 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012/11/12 21:48:11 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012/11/09 19:33:00 | 003,233,730 | ---- | C] () -- C:\Users\Alexander\Desktop\20121105_Stand_Bula_für_LV_Staemmeinfo.pdf
[2012/11/08 22:36:43 | 103,818,401 | ---- | C] () -- C:\Users\Alexander\Desktop\wö.wmv
[2012/11/04 21:56:19 | 000,000,876 | ---- | C] () -- C:\Users\Alexander\Desktop\Cloudfogger.lnk
[2012/11/02 14:30:31 | 000,109,846 | ---- | C] () -- C:\Users\Alexander\Desktop\Bericht Monstertreffen.pdf
[2012/11/01 20:03:49 | 000,073,561 | ---- | C] () -- C:\Users\Alexander\Desktop\Project_JamDK_Stiftung.pdf
[2012/03/31 15:18:04 | 000,000,670 | ---- | C] () -- C:\Windows\wiso.ini
[2012/01/10 12:54:02 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/12/20 22:25:53 | 000,245,760 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011/12/20 22:25:53 | 000,024,576 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011/12/20 22:25:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/05/03 03:55:47 | 001,641,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 01:21:18 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/02 01:21:15 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/02 01:21:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/05/02 01:21:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/02 01:21:06 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010/11/25 05:43:32 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/03/31 15:18:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Buhl Data Service
[2012/11/12 21:48:35 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Claro
[2012/11/15 16:24:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Cloudfogger
[2012/11/15 16:24:36 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Dropbox
[2012/03/31 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\elsterformular
[2011/05/03 04:31:46 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Fujitsu
[2011/12/20 14:42:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Fujitsu Launch Center
[2012/05/10 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\MyPhoneExplorer
[2011/05/03 04:31:46 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Fujitsu
[2011/05/03 04:31:46 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Fujitsu
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012/11/15 13:45:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/11/15 12:23:50 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/12/20 14:52:35 | 000,000,000 | ---D | M] -- C:\Fujitsu
[2011/05/03 03:39:03 | 000,000,000 | ---D | M] -- C:\Intel
[2011/12/21 14:59:49 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/04/22 14:40:08 | 000,000,000 | ---D | M] -- C:\Program
[2012/11/04 21:56:11 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/11/15 16:22:26 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/11/15 16:22:25 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/11/15 13:52:02 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/11/15 16:34:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/20 14:32:48 | 000,000,000 | R--D | M] -- C:\Users
[2012/11/15 13:45:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012/11/15 11:52:14 | 000,012,938 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/11/15 16:22:31 | 000,012,672 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012/11/15 13:51:58 | 000,040,781 | ---- | M] () -- C:\ComboFix.txt
[2012/03/31 09:40:34 | 000,000,346 | ---- | M] () -- C:\END
[2012/11/15 16:23:16 | 3152,547,840 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/15 16:23:22 | 4203,397,120 | -HS- | M] () -- C:\pagefile.sys
[2012/11/15 12:18:54 | 000,139,754 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_15.11.2012_12.11.52_log.txt
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES(X86)%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /10 >
[2012/11/12 21:48:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{069B290F-5398-4629-A009-85B4BCB4B1B9}
[2012/11/15 11:50:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91140000-0011-0000-0000-0000000FF1CE}
[2012/11/12 21:47:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-1033-F400-7760-000000000005}
 
< %appdata%\*.  >
[2012/01/10 13:36:18 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Adobe
[2011/12/21 20:26:56 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Apple Computer
[2011/12/20 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Avira
[2012/03/31 15:18:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Buhl Data Service
[2012/11/12 21:48:35 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Claro
[2012/11/15 16:24:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Cloudfogger
[2011/12/20 15:25:46 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\CyberLink
[2012/11/15 16:24:36 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Dropbox
[2012/03/31 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\elsterformular
[2011/05/03 04:31:46 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Fujitsu
[2011/12/20 14:42:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Fujitsu Launch Center
[2012/10/18 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\HpUpdate
[2010/11/21 03:51:08 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Identities
[2011/12/20 22:27:51 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Intel
[2011/12/21 16:12:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Macromedia
[2012/11/13 13:01:08 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2012/03/31 09:40:22 | 000,000,000 | --SD | M] -- C:\Users\Alexander\AppData\Roaming\Microsoft
[2012/11/04 21:57:51 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Microsoft Corporation
[2011/12/20 15:13:34 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla
[2012/05/10 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\MyPhoneExplorer
[2012/01/10 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WinRAR
 
< %appdata%\*.*  >
 
< %appdata%\*.exe /s >
[2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012/05/24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012/05/24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %localappdata%\*.  >
[2012/01/02 16:12:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Adobe
[2011/12/20 14:32:51 | 000,000,000 | -HSD | M] -- C:\Users\Alexander\AppData\Local\Anwendungsdaten
[2011/12/21 16:40:55 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Apple
[2011/12/21 16:43:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Apple Computer
[2012/11/15 13:57:47 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\assembly
[2011/12/20 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Broadcom
[2012/03/31 15:18:07 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Buhl
[2012/03/31 15:18:22 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Buhl Data Service
[2012/11/04 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\CrashRpt
[2012/11/08 20:38:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\CUSTPDF Writer
[2011/12/20 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\CyberLink
[2012/04/01 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Diagnostics
[2012/04/20 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Facebook
[2011/12/30 15:27:03 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Google
[2011/12/27 20:13:23 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\HP
[2011/12/21 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Intel WiDi
[2012/06/11 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Macromedia
[2012/03/31 09:40:22 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Microsoft
[2011/12/27 18:18:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Microsoft Games
[2012/10/18 15:02:56 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Microsoft Help
[2011/12/20 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\MigWiz
[2011/12/20 15:13:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Mozilla
[2012/11/12 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Programs
[2012/11/15 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Temp
[2011/12/20 14:32:51 | 000,000,000 | -HSD | M] -- C:\Users\Alexander\AppData\Local\Temporary Internet Files
[2011/12/20 14:32:51 | 000,000,000 | -HSD | M] -- C:\Users\Alexander\AppData\Local\Verlauf
[2011/12/20 14:36:13 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\VirtualStore
[2012/08/03 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\Windows Live
[2011/12/22 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{13010900-EEA3-4035-A134-4BF465495704}
[2011/12/23 19:17:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{2F508D56-04E0-49E8-A105-35B594AE5932}
[2011/12/21 14:40:18 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{7F2FEA6E-0A5C-4850-821D-20E33DF5D69A}
[2011/12/29 00:30:15 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{8F9E1F92-2F9A-4ABA-B239-0F5010A30673}
[2012/08/03 15:35:37 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{A464B7D9-BF92-4A31-BB6A-592912B293E6}
[2011/12/21 16:56:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{B81EC88C-531E-4702-9F50-A79BE4F74536}
[2011/12/29 00:30:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{B9324687-D3F0-48A0-B7A0-256D304BCBD4}
[2012/08/03 16:21:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{BECA3BC2-6D82-4180-A6A5-0795667B6AA8}
[2011/12/21 14:38:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{C6240E1C-2883-4292-8A81-61D7BD7C28BD}
[2011/12/23 19:17:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{CB20CE8E-AB10-4BAD-837C-69BC4C8CBDB6}
[2011/12/21 15:38:51 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{D72826EF-2969-4730-A72E-72700A335BF4}
[2012/11/08 21:07:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{E77FEF43-5D0A-4935-9BDC-45B748D8EF26}
[2011/12/21 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{EE42A8E0-10B1-400E-85CD-A75A3757B606}
[2012/08/03 15:34:16 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Local\{F4854B58-99EF-4C2A-8AF3-4E37D9BF0170}
 
< %localappdata%\*.* >
[2012/11/15 12:26:04 | 000,109,296 | ---- | M] () -- C:\Users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/11/15 16:22:48 | 011,765,109 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2011/12/20 14:41:05 | 000,016,152 | ---- | M] () -- C:\Users\Alexander\AppData\Local\IWDAudHelper.20111220.144044.txt
[2011/12/20 14:40:35 | 000,000,661 | ---- | M] () -- C:\Users\Alexander\AppData\Local\PDLSetup.20111220.144035.txt
[2011/12/20 14:40:38 | 000,001,579 | ---- | M] () -- C:\Users\Alexander\AppData\Local\PDLSetup.20111220.144036.txt
[2011/12/20 14:40:40 | 000,001,227 | ---- | M] () -- C:\Users\Alexander\AppData\Local\PDLSetup.20111220.144039.txt
[2011/12/21 16:48:38 | 000,001,523 | ---- | M] () -- C:\Users\Alexander\AppData\Local\PDLSetup.20111221.164835.txt
 
< %localappdata%\*.exe /s >
[2012/07/12 21:15:21 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Alexander\AppData\Local\Facebook\Update\FacebookUpdate.exe
[2012/07/12 21:15:21 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Alexander\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
[2012/07/12 21:15:21 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Alexander\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
[2012/10/11 23:43:06 | 003,933,584 | ---- | M] (Skype Limited) -- C:\Users\Alexander\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
[2011/12/21 14:38:42 | 001,287,016 | ---- | M] (Microsoft Corporation) -- C:\Users\Alexander\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsetup.exe
 
< %allusersprofile%\*.  >
[2012/10/02 17:25:28 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/13 09:18:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011/12/21 16:40:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2011/12/21 16:42:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/12/20 15:12:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2012/03/31 15:25:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2012/11/04 21:56:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Cloudfogger Outlook Addin
[2011/12/20 15:25:55 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/03/31 15:22:36 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/12/20 14:39:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Fujitsu
[2011/12/27 19:52:42 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2011/12/20 14:40:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel
[2012/11/13 13:00:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012/08/30 16:36:14 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2012/08/30 16:36:20 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee Security Scan
[2011/12/21 19:55:09 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/11/15 11:51:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/05/03 16:20:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2011/12/20 15:09:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton
[2011/05/03 04:02:47 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
[2012/01/10 13:36:53 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/04/02 17:17:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2012/08/27 09:58:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony Ericsson
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2012/02/14 21:37:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2011/12/20 14:39:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/21 16:43:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/11/14 09:09:05 | 000,000,000 | ---D | M] -- C:\ProgramData\~Browser Manager
 
< %allusersprofile%\*.* >
 
< %allusersprofile%\*.exe /s >
[2012/10/11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\~Browser Manager\~2.3.796.11\~{16cdff19-861d-48e3-a751-d99a27784753}\~~browsemngr.exe
[2012/10/11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\~Browser Manager\~2.3.796.11\~{16cdff19-861d-48e3-a751-d99a27784753}\~~uninstall.exe
[2012/08/21 12:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
[2012/08/21 12:01:20 | 000,131,544 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
[2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\32313\AcrobatUpdater.exe
[2012/01/03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\32313\AdobeARM.exe
[2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\32313\AdobeARMHelper.exe
[2012/01/03 08:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\ARM\Reader_10.1.1\32313\ReaderUpdater.exe
[2010/09/21 19:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\10534\AcrobatUpdater.exe
[2010/09/21 19:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\10534\AdobeARM.exe
[2010/09/21 19:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\10534\ReaderUpdater.exe
[2010/09/21 19:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\13354\AcrobatUpdater.exe
[2010/09/21 19:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\13354\AdobeARM.exe
[2010/09/21 19:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\13354\ReaderUpdater.exe
[2010/09/21 19:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\21182\AcrobatUpdater.exe
[2010/09/21 19:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\21182\AdobeARM.exe
[2010/09/21 19:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Reader\9.3\ARM\21182\ReaderUpdater.exe
[2011/09/05 22:51:05 | 001,560,520 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AA1000000001}\setup.exe
[2012/10/02 17:18:51 | 000,073,624 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.7.0.21\SetupAdmin.exe
[2012/11/15 12:51:25 | 000,612,640 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
[2012/05/08 19:28:41 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
[2011/12/15 17:17:44 | 000,132,344 | ---- | M] (Add-in Express Ltd.) -- C:\ProgramData\Cloudfogger Outlook Addin\adxregistrator.exe
[2010/03/31 04:05:53 | 001,100,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
[2010/03/24 01:51:52 | 000,838,536 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\DW20.EXE
[2010/03/24 01:51:58 | 000,519,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\dwtrig20.exe
[2010/03/31 04:06:09 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
[2010/02/28 10:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\Office.exe
[2010/03/31 02:20:14 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2R.exe
[2010/03/31 02:20:14 | 001,629,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\de-de\SetupConsumerC2ROLW.exe
[2010/02/28 10:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\Office.exe
[2010/03/31 00:07:57 | 001,628,560 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2R.exe
[2010/03/31 00:07:57 | 001,628,560 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\en-us\SetupConsumerC2ROLW.exe
[2010/02/28 10:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\es-es\Office.exe
[2010/03/31 02:35:55 | 001,629,144 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\es-es\SetupConsumerC2R.exe
[2010/03/31 02:35:56 | 001,629,144 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\es-es\SetupConsumerC2ROLW.exe
[2010/02/28 10:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\fr-fr\Office.exe
[2010/03/31 02:25:17 | 001,629,112 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\fr-fr\SetupConsumerC2R.exe
[2010/03/31 02:25:17 | 001,629,112 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\fr-fr\SetupConsumerC2ROLW.exe
[2010/02/28 10:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\it-it\Office.exe
[2010/03/31 02:36:53 | 001,629,640 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\it-it\SetupConsumerC2R.exe
[2010/03/31 02:36:53 | 001,629,640 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\it-it\SetupConsumerC2ROLW.exe
[2010/02/28 10:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\nl-nl\Office.exe
[2010/03/31 02:41:18 | 001,629,072 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\nl-nl\SetupConsumerC2R.exe
[2010/03/31 02:41:17 | 001,629,072 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\nl-nl\SetupConsumerC2ROLW.exe
[2012/10/29 21:31:43 | 000,016,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{54D4F955-8294-7100-2F03-B76B730335AB}-plugin-container.exe
[2012/10/29 21:00:10 | 000,917,984 | ---- | M] () -- C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{D0408ADA-C3CD-7EEB-F3C0-66CF6C1963EC}-firefox.exe
[2012/08/27 10:00:19 | 000,183,928 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\ProgramData\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\81\1\.cp\lib\x64\DeviceRemover.exe
[2012/08/27 09:58:44 | 000,191,608 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\ProgramData\Sony Ericsson\Update Engine\configuration\org.eclipse.osgi\bundles\83\1\.cp\lib\x64\DriverInstaller.exe

< End of report >

--- --- ---

[/code]

focus_futura · 15.11.2012, 17:11

Extras.txt

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11/15/2012 4:30:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alexander\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.60% Memory free
7.83 Gb Paging File | 5.90 Gb Available in Paging File | 75.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50.00 Gb Total Space | 5.90 Gb Free Space | 11.80% Space Free | Partition Type: NTFS
Drive F: | 395.13 Gb Total Space | 324.91 Gb Free Space | 82.23% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ABD621D-976E-4C85-9B1B-2AC53641D5E5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{13FE84FE-7383-4975-875B-860679754758}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{1DEE4A5E-7005-4231-A4EB-D845DE300FF3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1E0FA93D-71DB-4A68-9683-27A65652D5B4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{224F1D69-5F8C-4528-9A9D-00E2244A6609}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{22D3E7A4-F0A9-4DEC-B3AB-2DCED53B1A69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2946813D-084C-4DFF-9C7E-BF9BFDE28D18}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2DDB8053-2173-4D8F-8710-EEF2B2433552}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5AE7397D-E21F-4FD1-B25A-B4940CE2BD25}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5EF5825F-B2AC-4A2B-A269-BB73B88DAA1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6ED94725-4E00-47FF-82EA-E8B0C22116D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75B6CCA7-8E56-4E82-AD6F-602C958BD523}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{83E84186-CB39-469A-B1B3-CEC4F2EF3E32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9431C929-904A-4B90-BD0E-1496A49BA319}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9F812B2D-0586-45B3-84C4-4799D0559358}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA6D0658-3053-47D7-BFF1-79251BA8720E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AE682AF0-9FD9-4E05-92C6-0B001133A138}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B4317A8E-3DF0-4D30-A6C6-1684C6ED21BC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B7904601-CD30-4D51-9BD4-8D5EA4D83534}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D1F5F6C7-2A88-4099-8AE9-803CD97A57D9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D5720953-24CE-414D-82A2-AD18F4E2994C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D933BF9C-5DAE-4F07-A8CF-328FFD55240A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E5F2591A-A007-4225-9834-B23891A76AE2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F33AD655-6BF5-47E3-99CC-83F2E60C29E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F46A5E05-F0FC-4DFB-BC6C-2DA4B68BA092}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FA8C7F07-F300-4B74-8ACF-B44717197804}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FD5A8295-0A69-4A47-BB55-EC4C30C77864}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0831D953-8781-4226-B0D7-BF33ABCC6676}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0A63D27E-C09E-4AC7-A958-AF66768AEE49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0BF1DCFD-3688-40C6-96CA-C774A18AB7F3}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{0D1CC76F-C32E-4A40-8C8C-C6D69D0A13DA}" = protocol=6 | dir=in | app=c:\users\alexander\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0DBFE1FB-A3DC-407B-841D-C19368AA1FF8}" = protocol=6 | dir=out | app=system | 
"{11D2ED22-7308-4BC9-9C3D-ABCC660592CD}" = protocol=6 | dir=in | app=c:\users\alexander\appdata\roaming\dropbox\bin\dropbox.exe | 
"{136F7793-C51B-4816-96C2-FACB95C6FE41}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{15D5907C-6524-44B5-8F33-5BD41F3C36E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{222F35A5-BA02-4857-B3EB-6B1D0EB4506E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{2910A882-26C0-4679-B437-6C35F4DE4E12}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2AA0678C-9281-4472-95E7-FF46C5F8498B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{2CB5470B-FF78-47A8-9077-F15AE82F311F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{30598E3D-212E-4198-985E-7420AD85A4D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{32976E31-3F27-4CDA-9832-7B210910A615}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{366F7194-AAF7-4910-8D13-C1BD7E52A8A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C969F88-4D35-4B72-9D2E-4E0756C5FBBD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4859372F-FA49-4B44-8D86-6AF9B076C309}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4C245260-1448-494B-BD90-68A9BFA169B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{512E4A47-ECD2-4F2E-90F6-FDE9D55AC83E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54F1E9D4-CB4F-468E-9547-E7F13E74B4C3}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{7522D5A5-2454-4F84-BFCE-74EFA48FC904}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8B12D1F9-67F0-46F3-9CCB-1B5734FBA056}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8CA8E192-1E9D-43EA-8A8E-A67BE1A017FA}" = dir=in | app=c:\users\alexander\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{8F1F8A90-CE08-4FFD-BE96-F3428E1DD2B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{91EFC1B3-3F59-4193-8FA5-B901D1D4C5D1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{965282B4-8C5E-417A-AB25-2237EE3455F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A6F881FC-9D19-4FC7-8532-3C41F1970C03}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA2881E9-2434-4F7F-AA1E-2A56A1E8A8AF}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{AD2E0AB2-0923-47DD-948B-F0ED0B0FCACF}" = protocol=17 | dir=in | app=c:\users\alexander\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B682F316-E838-48C5-A56E-565765E080AD}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{BE506C29-C265-4381-B021-AD252B29FEC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2DDA09D-6779-4B92-8ADF-557168F50FF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D0D658E4-776D-46F7-8EE1-3117EBEC44C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5EA6EA6-6A80-4B4A-8FE3-EAB88292D246}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D73FEDB5-5D8A-44D7-8C4B-B8583786C528}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{DA51C4F4-EE7D-4251-8971-30462433BACC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DF9B4078-1588-4A00-B169-7E529D9FC069}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E1AD162C-4604-4E6A-8C4B-AAB6758FE169}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E45B5E74-BAFC-423F-8266-AA45A20F90E7}" = protocol=17 | dir=in | app=c:\users\alexander\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E59430BF-CB71-4CFA-934A-436D264E3BB0}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{E7635CD3-9CA3-488C-8D54-D3CBD4AAAFF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F64F15F0-AE1F-4B09-86DD-E273069977FB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{F9006C87-BBD3-4837-B6A8-F42A10ECB3DB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{FE0955CB-07D0-4C98-A58F-295E2B5CD099}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FF9881BB-5EE9-4235-8EA1-7CF68A3FF327}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{2C1AF516-183C-4800-A47E-036F2B8E67CA}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"UDP Query User{DE32D782-8599-47B6-A7F7-893B9D476D0D}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A5FADEAC-B0A9-4C27-A8B5-05381A339F4E}" = Plugfree NETWORK
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B95CFA6A-E0E0-4437-A2F0-BE0948B68946}" = Intel(R) PROSet/Wireless WiFi Software
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E5A0D9A8-3711-4DB2-833C-FF79EF65830D}_is1" = Cloudfogger
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PDF Creator" = PDF Creator
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{069B290F-5398-4629-A009-85B4BCB4B1B9}" = Claro Chrome Toolbar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate 4.11
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"Update Engine" = Sony Ericsson Update Engine
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1521551486-3421521676-2040364671-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/8/2012 2:50:31 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/8/2012 2:50:31 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6285234
 
Error - 9/8/2012 2:50:31 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6285234
 
Error - 9/8/2012 3:36:00 AM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6117.5001,
 Zeitstempel: 0x4f3e2d20  Name des fehlerhaften Moduls: OUTLOOK.EXE, Version: 14.0.6117.5001,
 Zeitstempel: 0x4f3e2d20  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00009afd  ID des fehlerhaften
 Prozesses: 0xd40  Startzeit der fehlerhaften Anwendung: 0x01cd8d8ef8180615  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Berichtskennung:
 d57d1c52-f987-11e1-a24d-3859f9fd8d59
 
Error - 9/8/2012 4:20:09 AM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EvtEng.exe, Version: 14.1.0.7, Zeitstempel:
 0x4d93447f  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7c96e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000df031  ID des fehlerhaften
 Prozesses: 0x7f8  Startzeit der fehlerhaften Anwendung: 0x01cd8d9ab62824b0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Intel\WiFi\bin\EvtEng.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\RPCRT4.dll  Berichtskennung: 00a0150a-f98e-11e1-81a1-3859f9fd8d59
 
Error - 9/8/2012 4:20:47 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 9/8/2012 4:21:54 AM | Computer Name = Laptop | Source = Google Update | ID = 20
Description = 
 
Error - 9/8/2012 4:23:08 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.8:5353   12 8.1.168.192.in-addr.arpa.
 PTR mint.local.
 
Error - 9/8/2012 4:23:08 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   14 8.1.168.192.in-addr.arpa.
 PTR Laptop.local.
 
Error - 9/8/2012 7:49:19 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11/14/2012 6:42:48 AM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 11/14/2012 6:42:48 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 11/14/2012 6:42:48 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 11/14/2012 7:45:07 AM | Computer Name = Laptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 11/15/2012 6:43:29 AM | Computer Name = Laptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 11/15/2012 8:28:33 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11/15/2012 8:32:51 AM | Computer Name = Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 11/15/2012 8:35:32 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11/15/2012 8:43:29 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11/15/2012 8:50:04 AM | Computer Name = Laptop | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

--- --- ---

[/code]

ryder · 15.11.2012, 17:15

Gut soweit. Dann sind wir schon auf der Zielgeraden.

Schritt 1:
Fix mit OTL

Zitat:

Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

Starte bitte die OTL.exe.

Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2012/11/14 09:09:05 | 000,000,000 | ---D | M] -- C:\ProgramData\~Browser Manager


:commands
[Emptytemp]
         
Schliesse bitte nun alle Programme.

Klicke nun bitte auf den Fix Button.

OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.

Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)

Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.

Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTL scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!

Schritt 2:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung

Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.

Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.

Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.

Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3:
ESET Online Scanner

Zitat:

Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten!
Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Bitte hier klicken --->
Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden, installieren und starten.

IE-User müssen das Installieren eines ActiveX Elements erlauben.

Setze den einen Haken bei Yes, i accept the Terms of Use/Ja, ich stimme ... zu und drücke den Button.

Warte bis die Komponenten herunter geladen wurden.

Setze einen Haken bei "Scan archives/Archive prüfen" und entferne den Haken bei Remove Found Threads/Entdeckte Bedrohungen entfernen.

drücken. Die Signaturen werden herunter geladen und der Scan beginnt automatisch und kann sehr lange dauern!

Wenn der Scan beendet wurde
Klicke und dann

Speichere das Logfile als ESET.txt auf dem Desktop.

Klicke Back und Finish

Bitte poste die ESET.txt hier oder teile mir mit, dass nichts gefunden wurde.

Schritt 4:
Java Update (Windows XP, Vista, 7)

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Downloade dir bitte die neueste Java-Version und speichere die jxpiinstall.exe

Schließe alle laufenden Programme. Speziell deinen Browser.

Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 9) herunter laden.

Während der Installation entferne den Haken bei:

Wenn die Installation beendet wurde:
Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.

Nach dem Neustart:
Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.

Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.

Klicke auf Dateien löschen...

Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.

Schritt 5:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck
Speichere es auf dem Desktop.

Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

focus_futura · 15.11.2012, 17:26

Fix mit OTL erledigt:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\ProgramData\~Browser Manager\~2.3.796.11\~{16cdff19-861d-48e3-a751-d99a27784753}\~~traking_settings\~traking_settings folder moved successfully.
C:\ProgramData\~Browser Manager\~2.3.796.11\~{16cdff19-861d-48e3-a751-d99a27784753}\~~traking_settings folder moved successfully.
C:\ProgramData\~Browser Manager\~2.3.796.11\~{16cdff19-861d-48e3-a751-d99a27784753}\~~FirefoxExtension\~~content folder moved successfully.
C:\ProgramData\~Browser Manager\~2.3.796.11\~{16cdff19-861d-48e3-a751-d99a27784753}\~~FirefoxExtension\~~components folder moved successfully.
C:\ProgramData\~Browser Manager\~2.3.796.11\~{16cdff19-861d-48e3-a751-d99a27784753}\~~FirefoxExtension folder moved successfully.
C:\ProgramData\~Browser Manager\~2.3.796.11\~{16cdff19-861d-48e3-a751-d99a27784753} folder moved successfully.
C:\ProgramData\~Browser Manager\~2.3.796.11 folder moved successfully.
C:\ProgramData\~Browser Manager folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: Alexander
->Temp folder emptied: 321414 bytes
->Temporary Internet Files folder emptied: 25608957 bytes
->Java cache emptied: 289746 bytes
->FireFox cache emptied: 63849674 bytes
->Flash cache emptied: 781 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38574 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 14534 bytes
 
Total Files Cleaned = 86.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11152012_172004

Files\Folders moved on Reboot...
C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

weiter zu schritt 2...

Malwarebytes hat nichts gefunden:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: LAPTOP [Administrator]

Schutz: Aktiviert

15.11.2012 17:28:43
mbam-log-2012-11-15 (17-28-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228046
Laufzeit: 4 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

weiter zu schritt 3....

Nichts gefunden nach 6 stündigem durchlaufen von schritt 3

weiter zu Schritt 4....

Java update durchgeführt.

weiter zu Schritt 5...

und das Ergebnis von Schritt 5:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.54  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.65.1.1000  
 Java 7 Update 9  
 Adobe Flash Player 11.5.502.110  
 Adobe Reader X (10.1.4) 
 Mozilla Firefox (16.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

ryder · 16.11.2012, 16:15

Prima!

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.
Hinweis: Solltest du Defogger benutzt haben, kannst du jetzt re-enable drücken.

Schritt 1:
Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Drücke die + R Taste und kopiere den folgenden Text Ausführen-Fenster und klicke OK.
Combofix /Uninstall

Aktiviere die zuvor deaktivierten Programme wieder.

Schritt 2:
Toolbereinigung mit OTL

Starte bitte OTL und klicke auf Bereinigung.

Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben.

Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Schritt 3:
AdwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.

Klicke auf Uninstall.

Bestätige mit Ja.

Schritt 4:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
ATTFilter
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
         

Abschließend noch Tipps zu folgenden Themen:

Systemupdates

Softwareupdates

Sicherheitssoftware

Sicheres Surfen

Zitat:

Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:

Windows Updates
Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates

Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Gehe sicher das die automatischen Updates aktiviert sind.

Zitat:

Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Adobe Reader (Adobe - Adobe Reader herunterladen - Alle Versionen => Kein Haken bei "Ja, McAfee ...")

Flash Plugin (Adobe - Adobe Flash Player installieren => Kein Haken bei "Ja, McAfee ...")

Java (Download der kostenlosen Java-Software -> Kein Haken für die ASK-Toolbar während der Installation)

Dein Browser inklusive aller Add-Ons. Das Trojaner-Board bietet dir auch einen Browser-Check.

Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:
Secunia Online Software

FileHippo-Update-Checker

Zitat:

Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.

Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.

Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).

Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.

Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.

Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor!

Zitat:

Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.

Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.

Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.

Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.

Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.

Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)

Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Firefox, Opera, Chrome, ...

... mehr findest du auf Microsofts eigener Browserauswahlwebseite.

Damit wünsche ich dir noch viel Spaß beim Surfen im Internet

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

focus_futura · 16.11.2012, 18:50

Vielen Dank, hat alles geklappt. Claro search ist für mich nicht mehr sichtbar.

ryder · 16.11.2012, 19:52

Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

16.11.2012, 19:52	#11
ryder /// TB-Ausbilder	Claro Search im Firefox Schön, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

Claro Search im Firefox

Log-Analyse und Auswertung: Claro Search im Firefox