Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: mit ihavenet-Virus infiziert - was nun?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 29.11.2012, 17:25   #1
Kalua_1
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Hallo!


Ich habe ein seeehr großes Problem mit dem ihavenet-Virus! Stundenlange Recherche wie man diesen Virus loswird und viele Scans mit verschiedenen Programmen (Bitdefener, adwcleaner, xoftofspyse usw.) haben leider bisher nicht geholfen! Den incrediBar-Virus bin ich wieder losgeworden, aber ihavenet ist zu hartnäckig für mich... Er leitet mich immer auf andere Internetseiten um, auf denen ich definitiv NICHT surfen möchte. Kann mir von euch jemand helfen? Dafür wäre ich sehr, sehr dankbar!!!

Alt 29.11.2012, 17:54   #2
markusg
/// Malware-holic
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 29.11.2012, 18:24   #3
Kalua_1
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Okay, danke. Bei dem Scan kam folgendes heraus:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.11.2012 18:02:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Äntsch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 57,18% Memory free
7,99 Gb Paging File | 6,18 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 214,77 Gb Free Space | 75,47% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,43% Space Free | Partition Type: NTFS
 
Computer Name: ÄNTSCH-PC | User Name: Äntsch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Äntsch\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Äntsch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Users\Äntsch\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (lxdu_device) -- C:\Windows\SysNative\lxducoms.exe ( )
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SearchAnonymizer) -- C:\Users\Äntsch\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (lxdu_device) -- C:\Windows\SysWOW64\lxducoms.exe ( )
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\drivers\btnetBus.sys ()
DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\drivers\IvtBtBus.sys (IVT Corporation.)
DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\drivers\BtHidBus.sys (IVT Corporation.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{5970C4E2-FE63-4A58-BCAD-492B21182195}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{6F1AC36C-1808-4B40-AAD7-BE7B43DF660C}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{F61C0022-3A6E-4302-9C5A-6A8C00D0A3B0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{5970C4E2-FE63-4A58-BCAD-492B21182195}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6F1AC36C-1808-4B40-AAD7-BE7B43DF660C}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{F61C0022-3A6E-4302-9C5A-6A8C00D0A3B0}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{00079C95-4F3E-4420-8A28-477EC6799009}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{28652E7D-7C08-42D4-AA30-50E76E9151C6}: "URL" = hxxp://search.softonic.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E736F66746F6E69632E636F6D2F4D4F4E313230345436352F74625F76313F713D7B7365617263685465726D737D26536561726368536F757263653D342663633D&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{4F992A7C-8F20-43B7-946F-1935D9C05FCB}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{5970C4E2-FE63-4A58-BCAD-492B21182195}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2665693D7B696E707574456E636F64696E677D2666723D63622D6870303626747970653D696532303038&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{6ED254C0-4823-4A02-8B74-E1A93515FF7C}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6F1AC36C-1808-4B40-AAD7-BE7B43DF660C}: "URL" = hxxp://de.kelkoopartners.net.anonymize-me.de/?anonymto=687474703A2F2F64652E6B656C6B6F6F706172746E6572732E6E65742F63746C2F646F2F7365617263683F7369746553656172636851756572793D7B7365617263685465726D737D2666726F6D666F726D3D7472756526783D7472756526793D7472756526706172746E65723D687026706172746E657249643D3936393133393333&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{784DABE5-9F9F-47D3-B00D-947F5B2BB8D5}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{CA1AA7B0-0DCF-4B44-A075-8A4535CBE93D}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6PQR5GSMVx&i=26
IE - HKCU\..\SearchScopes\{DEF960B7-449B-45D4-8764-40C82E78B7F2}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{F0CA511A-7231-43CA-B8FE-4B6D7727DE8C}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F61C0022-3A6E-4302-9C5A-6A8C00D0A3B0}: "URL" = hxxp://slirsredirect.search.aol.com.anonymize-me.de/?anonymto=687474703A2F2F736C69727372656469726563742E7365617263682E616F6C2E636F6D2F736C6972735F687474702F7372656469723F7372656469723D313134352671756572793D7B7365617263685465726D737D26696E766F636174696F6E547970653D746235306870636E6E626965372D64652D6465&st={searchTerms}&clid=be82668e-27ba-4332-8cd8-5748b2eb7636&pid=freewarede&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 09:09:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.30 09:09:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Äntsch\AppData\Roaming\Mozilla\Firefox\Profiles\vx35ndpc.default\extensions\firejump@firejump.net
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 09:09:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.30 09:09:11 | 000,000,000 | ---D | M]
 
[2010.04.29 19:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Äntsch\AppData\Roaming\mozilla\Extensions
[2012.11.29 16:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Äntsch\AppData\Roaming\mozilla\Firefox\Profiles\vx35ndpc.default\extensions
[2011.07.06 21:38:11 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Äntsch\AppData\Roaming\mozilla\Firefox\Profiles\vx35ndpc.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.11.24 09:41:32 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Äntsch\AppData\Roaming\mozilla\firefox\profiles\vx35ndpc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.22 09:43:40 | 000,001,870 | ---- | M] () -- C:\Users\Äntsch\AppData\Roaming\mozilla\firefox\profiles\vx35ndpc.default\searchplugins\{620E8738-D844-4B39-97A6-14427E582835}.xml
[2012.05.22 09:43:41 | 000,002,188 | ---- | M] () -- C:\Users\Äntsch\AppData\Roaming\mozilla\firefox\profiles\vx35ndpc.default\searchplugins\{63B15554-CEDE-47BD-89D9-8879ABBA5C53}.xml
[2012.05.22 09:43:41 | 000,002,077 | ---- | M] () -- C:\Users\Äntsch\AppData\Roaming\mozilla\firefox\profiles\vx35ndpc.default\searchplugins\{F71F4123-DB54-405B-A2BF-43C84381FC92}.xml
[2012.10.30 09:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.30 09:09:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.19 13:29:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 07:25:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.19 13:29:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.19 13:29:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.19 13:29:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.19 13:29:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Äntsch\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Äntsch\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Äntsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76C27784-719B-4AD6-86AE-B99D716B71B9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.28 19:49:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55d289dd-eb54-11e0-8e9f-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{55d289dd-eb54-11e0-8e9f-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55d289e2-eb54-11e0-8e9f-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{55d289e2-eb54-11e0-8e9f-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55d28a33-eb54-11e0-8e9f-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{55d28a33-eb54-11e0-8e9f-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{55d28a35-eb54-11e0-8e9f-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{55d28a35-eb54-11e0-8e9f-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8292709d-e747-11e0-b535-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{8292709d-e747-11e0-b535-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{829270ac-e747-11e0-b535-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{829270ac-e747-11e0-b535-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cef1efdd-e812-11e0-baa8-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{cef1efdd-e812-11e0-baa8-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{deea4c5d-e68e-11e0-af67-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{deea4c5d-e68e-11e0-af67-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{deea4c6e-e68e-11e0-af67-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{deea4c6e-e68e-11e0-af67-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9f949f0-e87c-11e0-a69c-00269e382f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{e9f949f0-e87c-11e0-a69c-00269e382f4d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^Users^Äntsch^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPCam_Menu - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.29 18:02:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Äntsch\Desktop\OTL.exe
[2012.11.29 17:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2012.11.29 16:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.11.28 20:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012.11.28 20:53:35 | 000,000,000 | ---D | C] -- C:\Users\Äntsch\AppData\Roaming\QuickScan
[2012.11.28 20:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2012.11.28 20:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012.11.28 19:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.11.28 19:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.11.28 17:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.28 17:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.11.28 17:25:07 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012.11.28 17:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.11.28 17:24:43 | 000,000,000 | ---D | C] -- C:\Users\Äntsch\AppData\Local\Programs
[2012.11.28 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Äntsch\AppData\Roaming\Malwarebytes
[2012.11.28 14:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.28 14:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.28 14:06:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.28 14:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.28 13:21:11 | 000,000,000 | ---D | C] -- C:\Users\Äntsch\AppData\Roaming\DVDVideoSoft
[2012.11.28 13:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2012.11.09 17:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012.11.09 17:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.11.09 17:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.11.09 17:28:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.11.09 17:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012.11.09 17:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.11.09 17:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012.11.09 17:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.11.09 17:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012.11.09 17:24:51 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2012.11.09 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\Äntsch\AppData\Local\Microsoft Help
[2012.11.09 17:24:02 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.10.31 21:47:53 | 000,000,000 | ---D | C] -- C:\Users\Äntsch\AppData\Roaming\Nokia Suite
[2012.10.31 21:47:52 | 000,000,000 | ---D | C] -- C:\Users\Äntsch\AppData\Roaming\Nokia
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 17:58:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Äntsch\Desktop\OTL.exe
[2012.11.29 16:58:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 16:58:22 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 16:50:35 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\TYPSPCNOKP.job
[2012.11.29 16:50:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 16:50:21 | 3218,239,488 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 16:41:36 | 000,219,348 | ---- | M] () -- C:\ProgramData\1354203527.bdinstall.bin
[2012.11.29 16:33:58 | 000,002,258 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012.11.29 16:18:26 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.29 16:18:26 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.29 16:18:26 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.29 16:18:26 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.29 16:18:26 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.29 16:16:03 | 000,025,698 | ---- | M] () -- C:\Windows\SysNative\bddel.dat
[2012.11.28 21:45:37 | 000,170,868 | ---- | M] () -- C:\Users\Äntsch\Documents\0107_servietten.pdf
[2012.11.28 20:58:30 | 000,523,536 | ---- | M] () -- C:\ProgramData\1354132298.bdinstall.bin
[2012.11.28 20:57:24 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2012.11.28 19:49:37 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012.11.28 13:25:51 | 000,131,072 | RHS- | M] () -- C:\Windows\SysWow64\wmpmde0.dll
[2012.11.26 17:44:24 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForÄntsch.job
[2012.11.14 12:02:36 | 005,026,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.29 16:41:36 | 000,219,348 | ---- | C] () -- C:\ProgramData\1354203527.bdinstall.bin
[2012.11.29 16:33:58 | 000,002,258 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012.11.29 16:15:20 | 000,025,698 | ---- | C] () -- C:\Windows\SysNative\bddel.dat
[2012.11.28 21:45:37 | 000,170,868 | ---- | C] () -- C:\Users\Äntsch\Documents\0107_servietten.pdf
[2012.11.28 20:58:30 | 000,523,536 | ---- | C] () -- C:\ProgramData\1354132298.bdinstall.bin
[2012.11.28 20:57:24 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2012.11.28 19:49:37 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012.11.28 17:25:16 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.11.28 13:25:51 | 000,131,072 | RHS- | C] () -- C:\Windows\SysWow64\wmpmde0.dll
[2012.11.28 13:25:51 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\TYPSPCNOKP.job
[2012.11.14 10:12:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 10:02:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.31 21:44:25 | 000,004,043 | ---- | C] () -- C:\Users\Äntsch\Documents\DieMaus.mid
[2012.08.14 17:54:44 | 000,001,516 | ---- | C] () -- C:\Users\Äntsch\.recently-used.xbel
[2012.05.22 09:43:35 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.05.21 09:10:42 | 057,738,580 | ---- | C] () -- C:\Users\Äntsch\Hochzeit Gäste.cpr
[2012.01.20 15:52:34 | 000,050,171 | ---- | C] () -- C:\Users\Äntsch\Rede.pdf
[2012.01.04 14:53:18 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.11.13 11:22:54 | 245,233,664 | ---- | C] () -- C:\Users\Äntsch\foto.iso
[2011.08.01 18:10:05 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2011.08.01 18:10:05 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2011.08.01 18:10:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2011.08.01 18:10:05 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2011.08.01 18:10:05 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2011.08.01 18:10:04 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2011.08.01 18:10:04 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2011.08.01 18:10:04 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2011.08.01 18:10:04 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2011.08.01 18:10:04 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2011.08.01 18:10:04 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2011.08.01 18:10:04 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2011.08.01 18:10:04 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2011.08.01 18:10:03 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[2011.07.08 08:57:49 | 000,255,091 | ---- | C] () -- C:\Users\Äntsch\Exegese fertig.pdf
[2011.07.01 16:03:41 | 006,554,427 | ---- | C] () -- C:\Program Files\ShowCreator1.4.2.zip
[2011.03.14 10:35:17 | 000,000,324 | ---- | C] () -- C:\Users\Äntsch\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Äntsch\AppData\Local\{26f61a29-5d47-21e7-802b-8fcc532ec9ab}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.31 18:27:41 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\ACAMPREF
[2011.07.01 15:34:17 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\AquaSoft
[2012.05.20 14:36:57 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.11.13 11:23:43 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\DeepBurner
[2012.05.22 09:43:34 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\DesktopIconForAmazon
[2012.11.28 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\DVDVideoSoft
[2012.01.14 17:24:39 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\elsterformular
[2012.08.14 17:54:44 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\gtk-2.0
[2012.02.13 14:39:44 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\ICQ
[2012.11.10 10:09:01 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\Nokia
[2012.11.10 10:09:01 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\Nokia Suite
[2012.08.22 16:25:05 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\ObviousIdea
[2012.05.22 09:43:33 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\OCS
[2010.04.30 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\OpenOffice.org
[2012.05.22 09:43:41 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\Opera
[2011.11.20 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\PC Suite
[2012.11.28 20:53:35 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\QuickScan
[2011.11.21 14:03:11 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\Samsung
[2012.11.24 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\Spotify
[2011.03.14 10:35:19 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\Template
[2012.01.24 10:43:43 | 000,000,000 | ---D | M] -- C:\Users\Äntsch\AppData\Roaming\Tracker Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.07.07 13:40:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.26 08:50:17 | 000,000,000 | ---D | M] -- C:\a74811529bad20a131b4743972a67455
[2009.08.25 14:43:30 | 000,000,000 | -HSD | M] -- C:\boot
[2012.11.29 16:35:27 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.04.28 21:21:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.01 18:09:10 | 000,000,000 | ---D | M] -- C:\drivers
[2010.04.28 19:20:53 | 000,000,000 | -H-D | M] -- C:\HP
[2012.11.09 17:24:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.28 20:52:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.29 17:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.11.29 17:28:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.04.28 21:21:41 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.04.28 21:23:23 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.06.12 08:40:35 | 000,000,000 | ---D | M] -- C:\SwSetup
[2012.11.29 18:04:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.04.28 21:23:32 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2010.04.28 21:21:53 | 000,000,000 | R--D | M] -- C:\Users
[2010.09.03 09:02:40 | 000,000,000 | -H-D | M] -- C:\VritualRoot
[2012.11.28 20:55:55 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.17 08:26:42 | 000,000,336 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForÄntsch.job
[2012.11.28 13:25:51 | 000,000,306 | ---- | C] () -- C:\Windows\Tasks\TYPSPCNOKP.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.11.28 13:25:51 | 000,131,072 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\wmpmde0.dll
 
< %USERPROFILE%\*.* >
[2012.08.14 17:54:44 | 000,001,516 | ---- | M] () -- C:\Users\Äntsch\.recently-used.xbel
[2011.07.08 08:57:55 | 000,255,091 | ---- | M] () -- C:\Users\Äntsch\Exegese fertig.pdf
[2011.11.13 11:22:55 | 245,233,664 | ---- | M] () -- C:\Users\Äntsch\foto.iso
[2012.05.21 14:06:35 | 057,738,580 | ---- | M] () -- C:\Users\Äntsch\Hochzeit Gäste.cpr
[2012.11.29 18:18:58 | 004,194,304 | -HS- | M] () -- C:\Users\Äntsch\ntuser.dat
[2012.11.29 18:18:58 | 000,262,144 | -HS- | M] () -- C:\Users\Äntsch\ntuser.dat.LOG1
[2010.04.28 21:21:53 | 000,000,000 | -HS- | M] () -- C:\Users\Äntsch\ntuser.dat.LOG2
[2010.04.28 21:51:03 | 000,065,536 | -HS- | M] () -- C:\Users\Äntsch\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.04.28 21:51:03 | 000,524,288 | -HS- | M] () -- C:\Users\Äntsch\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.04.28 21:51:03 | 000,524,288 | -HS- | M] () -- C:\Users\Äntsch\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.04.28 21:21:54 | 000,000,020 | -HS- | M] () -- C:\Users\Äntsch\ntuser.ini
[2012.01.20 15:52:39 | 000,050,171 | ---- | M] () -- C:\Users\Äntsch\Rede.pdf
[2012.10.20 17:18:49 | 000,200,192 | -HS- | M] () -- C:\Users\Äntsch\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---
__________________

Alt 29.11.2012, 18:27   #4
Kalua_1
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



und im Extras-Editor:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.11.2012 18:02:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Äntsch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 57,18% Memory free
7,99 Gb Paging File | 6,18 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 214,77 Gb Free Space | 75,47% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,17 Gb Free Space | 16,43% Space Free | Partition Type: NTFS
 
Computer Name: ÄNTSCH-PC | User Name: Äntsch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1140B759-EBAB-4590-9810-9CDA273C6D4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1201DCCB-0804-4746-B687-7BB00261F06A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{26193338-7855-4F66-A527-63AF6931319A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E7EFBF7-4486-48BE-83B2-DDBA0526D97D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{320A2A8A-9167-46CA-A2CC-64D4043A2557}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3600AE21-6F7F-45BD-A9DC-8F11CDE939F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{39CE1ACA-1E83-4C4C-AC1A-2BD7B85F108D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{42B03D75-944D-460D-B46D-7F4BE34C7688}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{4336DEB2-A431-4D03-8918-EFE16EAAAFA5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{515AA528-7C3F-47D0-A891-F6CD7AF9DA5F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5C3D0EE2-D7A7-4EDC-91F6-2B77FC42FDB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6D1CB217-BCBD-4048-AF76-6865F2CAB377}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface | 
"{6EA5EA1D-4643-442A-A892-73060251B6C7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{747B173C-C907-490D-9529-2F607FA3CCE7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C661C9F-B318-498D-B27B-9A5439BA7820}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8F972642-3A38-432E-BC6F-7C8AE53B00B4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{920D5BE5-E4F7-436C-AC3A-6DB07A9DE8C5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{94E79AC9-64FF-4410-B78F-725B8DF8378D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A0F02A3A-441B-47A0-A15D-F884699ADB6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7A32D3B-AE4F-4BF0-B92E-D7274ED6E351}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B2F06B96-1E23-4FF3-A9B3-CAC16D1D6AA9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{C9218A00-D2FD-4E67-82EE-FB5F8DC19CAC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CB0B7969-3ACB-4D8F-B7FB-11C5369DE0B9}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{DF96EFFD-BE8C-477C-9517-B84D1248D20D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E2620BB6-A852-48CB-96A6-F35228613642}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E81C1B3C-CE1D-4288-9B12-3FF8F810E276}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E895BA6B-0EB2-42A0-8AD9-6C727C2BBF73}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EE178DE3-AC5C-4A7C-91D9-6DB93AB16A1E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F686F33A-3C0D-4ED1-81DF-5FBCBEA5E80C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F81F502E-D585-4088-8215-A7C9FA26BA2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00030173-72B2-49D9-99ED-E3DBE6C1DC0E}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{0487A4C0-2780-413A-9910-BADAC0F038D5}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{07E5D730-9422-4CCF-B53E-A5279E312C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{09D9A4C1-E614-4F4B-8E25-2975601409C4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E11E2E0-87CD-4091-814E-448821672D8E}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{1A9C3FF6-1CEF-4377-8377-4E0B9774BC90}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{1C3B0F7C-2622-4958-AC41-1549C61A00C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1CB5CDF9-C08E-4546-890A-BF1FE00BD12C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe | 
"{2096E151-EF0A-4FAF-902D-EBC4809C0268}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2F622222-5F8E-4BC3-BFAF-F84CA07CBDB1}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | 
"{31BA9A2E-50FB-4321-A9A7-D7A3744248C2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3C5E61CA-B733-4C92-8C6A-7543DD7952F4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{442D4A75-0EB8-40EA-9D39-D4A3DE0666E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4811A05B-AAA9-4BBF-BF77-663A2521E438}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{4B330359-2100-48CD-BB4C-F4D5897DC2F0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4F944F93-4156-40ED-8094-F5186D57FB2D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{599DBB5A-24E9-4275-9ECB-BF3ADCA6250B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59DDFD33-DAE9-42A3-84D5-598CB0AAE291}" = protocol=6 | dir=out | app=system | 
"{5C2586EF-73F0-44E7-8A3F-A9F9ACA0753E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe | 
"{5D30AF5D-974B-4D05-A091-B7733DA7386B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5F8E0275-4B16-42D2-AD90-FDC565296277}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe | 
"{5FB84246-CFEF-424A-8C84-49AFEED05C4D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{636BA9B4-D37A-4CD9-9DF2-EED027C478F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{64C69039-E306-4F4F-841B-A996F9175528}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{66FC8CBA-8465-40A0-BF04-D14802F5F934}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe | 
"{6EAD9B78-AD1D-45FC-BCCB-E2681A26A197}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{744F30DE-9793-4FCD-9CD3-D87D04527FD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{773B8AD1-24C5-4312-BA3B-BB7E769CD9C4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{80BB51A6-F553-492C-B4FD-22F9FBAF4173}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{81D95F01-522B-4571-A3B4-1F257340FBF8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{8273653A-1689-4D18-9FDB-D995E80BD0F2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdupswx.exe | 
"{8E229F35-010C-4A2E-B75F-1D9AB7EE4279}" = protocol=17 | dir=in | app=c:\users\äntsch\appdata\local\akamai\netsession_win.exe | 
"{8EEEEDEE-6109-428E-B7A4-D0968F835B7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90801E05-EE54-4444-93E4-F3EEDF9E2D35}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{929E202F-155A-4FEF-8CD0-94C961A8675D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{94BB80BE-8097-4E05-A6FA-8650BF8A8234}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{97EEE2D7-0C91-4C07-BB70-4295CFD03F6E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{9A019543-0A4B-4EF3-AFAE-80B8F957BA5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B25B1C3-BF5E-4E9C-BE10-0EF8026A920F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{9F16B5CF-59E8-480A-BD26-06457C094622}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A0413E00-7033-4DD3-A02E-F1D013997D92}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{A710C6FB-0DF1-47DC-882F-DA1A32A6C191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A872F54D-40FB-4775-B3BB-310535DBB4FE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AC78A44E-EDFE-40B4-8558-F36133B143B7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{AE268222-1DA0-470F-BDFB-55D16819017A}" = protocol=6 | dir=in | app=c:\users\äntsch\appdata\local\akamai\netsession_win.exe | 
"{B085F6A6-F77B-4316-8F27-E76C97A5B65F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{B2E385DD-490E-49E8-9CED-7DB716935DD6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{B2F421C8-3F73-44A3-8005-6FC72BAC93E9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{B985C187-A3CC-4EEB-A3D7-A753E94CB3E9}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{C08A393C-5169-40D9-B4DC-BD0A63AA0FF3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C5769CA7-F78B-4ACA-98AB-6897E5510BC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C78B2C79-299B-470F-A3F9-7DD1C6F3A5E7}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{C7C109C4-E4E1-415E-A329-3B364AAA65E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CD76B0E1-1FC0-47AB-A6C3-3B6B23E5DDD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D92DE930-AA15-4D61-9936-3DFD6D9056EF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{D941F750-9AC0-4E43-8FC4-1AD2C33DDAF2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{DAF3BD2C-0CAD-4B2C-AF78-BF787F3514E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB240D0C-9FA7-48F6-9CC8-9C815F75F54B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DB761FE8-22E1-429B-8910-A35761196E8F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DDB8471A-9B31-41B3-BFE1-E70C1C74776B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DFA783EA-12BD-48C3-A97A-802B701BC6E9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{EA285A05-26F2-4BD1-84C6-4BC020FD0B57}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EA45EB9B-6608-4985-B3CE-CAF6873940A7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{EAC6A913-75F3-412C-89A2-0E37FC0DA2D5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{ED5B0955-93A8-45AE-AA50-3996F962C94A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{EEC64521-226B-4CED-9D0B-37E7151A2897}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F0769AA6-8ADC-4FB5-849C-EAD984CB182D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F1754091-B61A-4EE0-AB6A-C090F3F15741}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F9DE7DE9-226B-4CB9-A6D6-6021EB62C22D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe | 
"{FBF20B5E-B96F-4294-9CB2-D91F159F4329}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{05040327-AE9E-4B80-BC80-45FFD2760889}C:\users\äntsch\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\äntsch\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{0718CF9E-E15D-4E1A-854B-FD7086DE1166}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{50BE8166-3231-4BA5-8920-0A1EA1372EDA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{9ED7672B-488C-475B-8737-510A8E4EB70B}C:\users\äntsch\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\äntsch\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{B54FED6D-CB97-4E6B-BBF7-AF1FCF2C5144}C:\program files (x86)\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"TCP Query User{CE45FC79-0B76-48D2-B658-BDEFF3142E9E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{DCF805B0-E221-47EF-B481-17D51861E942}C:\users\äntsch\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\äntsch\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{02D14A3D-7AA7-435D-BE6E-5408505F222E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{27486144-2FA2-4FE3-9CE2-D0F5142417C9}C:\program files (x86)\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe | 
"UDP Query User{4DA19065-356F-498A-BCE9-9CEDA1C10585}C:\users\äntsch\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\äntsch\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{65DE498C-82DD-4E8F-BD51-05B6A4457416}C:\users\äntsch\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\äntsch\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{8367BBB8-6CC3-45A3-9B86-DEA3278FE4CC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{8944D914-8999-4B3F-A46E-8A30991047DF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9C86ADCE-5043-4170-825A-6C50FE804E66}C:\users\äntsch\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\äntsch\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HardlinkShellExt" = Link Shell Extension
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F5D066E-C946-A258-7634-533D350ED19C}" = myphotobook.de
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{486F16B2-7EDD-4783-8EDB-FDC85E2E45CD}" = Herrnhuter Losungen
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.3.1.0
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"ElsterFormular 13.0.0.8055p" = ElsterFormular
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Red Eye Remover_is1" = Red Eye Remover 2.0
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Spotify" = Spotify
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.11.2012 06:14:50 | Computer Name = Äntsch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.11.2012 06:14:50 | Computer Name = Äntsch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7083
 
Error - 10.11.2012 06:14:50 | Computer Name = Äntsch-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7083
 
Error - 10.11.2012 14:20:56 | Computer Name = Äntsch-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
 Zeitstempel: 0x50882871  Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680,
 Zeitstempel: 0x508827d6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00130ef7  ID des fehlerhaften
 Prozesses: 0xef0  Startzeit der fehlerhaften Anwendung: 0x01cdbf6f86e34cc9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 5de01470-2b63-11e2-ac18-00269e382f4d
 
Error - 16.11.2012 09:21:56 | Computer Name = Äntsch-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 14.0.6123.5005 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e64    Startzeit: 01cdc3f9bbc0c3d9    Endzeit: 10    Anwendungspfad: 
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE    Berichts-ID: 8db6f05e-2ff0-11e2-ae9d-00269e382f4d

 
Error - 17.11.2012 08:35:10 | Computer Name = Äntsch-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
 Zeitstempel: 0x50882871  Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680,
 Zeitstempel: 0x508827d6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00130ef7  ID des fehlerhaften
 Prozesses: 0x8c8  Startzeit der fehlerhaften Anwendung: 0x01cdc4bdfdc78024  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 392771b2-30b3-11e2-8813-00269e382f4d
 
Error - 28.11.2012 07:12:30 | Computer Name = Äntsch-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 118c    Startzeit:
 01cdcd590f17a7c8    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 79a1a93a-394c-11e2-a149-00269e382f4d  
 
Error - 28.11.2012 12:17:37 | Computer Name = Äntsch-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Äntsch\Downloads\SoftonicDownloader_fuer_open-freely.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 28.11.2012 15:45:50 | Computer Name = Äntsch-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Äntsch\Downloads\SoftonicDownloader_fuer_open-freely.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 29.11.2012 13:01:53 | Computer Name = Äntsch-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Äntsch\Downloads\SoftonicDownloader_fuer_open-freely.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ Spybot - Search and Destroy Events ]
Error - 28.11.2012 12:56:53 | Computer Name = Äntsch-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 29.11.2012 11:05:54 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.11.2012 11:06:50 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Easybits Shared Services for Windows" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 29.11.2012 11:06:58 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 
Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 29.11.2012 11:35:44 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HitmanPro 3.6 Crusader (Boot)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%2
 
Error - 29.11.2012 11:35:57 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.11.2012 11:39:58 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 29.11.2012 11:43:37 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.6 Crusader (Boot)" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%0.
 
Error - 29.11.2012 11:43:53 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.11.2012 11:47:17 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.11.2012 11:50:56 | Computer Name = Äntsch-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
--- --- ---

Alt 30.11.2012, 15:12   #5
markusg
/// Malware-holic
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.11.28 13:25:51 | 000,131,072 | RHS- | M] () -- C:\Windows\SysWow64\wmpmde0.dll
[2012.11.29 16:50:35 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\TYPSPCNOKP.job
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.


Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.11.2012, 19:03   #6
Kalua_1
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Vielen Dank. Upload hat geklappt!

Hier noch die OTL Textdatei:

All processes killed
========== OTL ==========
File C:\Windows\SysWow64\wmpmde0.dll not found.
File C:\Windows\tasks\TYPSPCNOKP.job not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Äntsch
->Flash cache emptied: 14942430 bytes

Total Flash Files Cleaned = 14,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Äntsch
->Temp folder emptied: 16948 bytes
->Temporary Internet Files folder emptied: 171971644 bytes
->Java cache emptied: 39148220 bytes
->FireFox cache emptied: 176364685 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 353452019 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68152 bytes
RecycleBin emptied: 76743454 bytes

Total Files Cleaned = 780,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11302012_185124

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 30.11.2012, 19:21   #7
markusg
/// Malware-holic
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Hi
getinfo log fehlt.
Antwort auf die darunter gestellte Frage ebenso :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.12.2012, 14:37   #8
Kalua_1
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Hat hetzt doch geklappt mit getinfo:


System volume information: dwHighDateTime = 0x1cae74c,dwLowDateTime = 0xa3d30a29
System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0xaa22a5a9

Alt 03.12.2012, 15:52   #9
markusg
/// Malware-holic
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Danke
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.12.2012, 15:59   #10
Kalua_1
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Hier das Ergebnis:
Miniaturansicht angehängter Grafiken
mit ihavenet-Virus infiziert - was nun?-log.jpg  

Alt 03.12.2012, 16:53   #11
markusg
/// Malware-holic
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Das Log liegt auf c:
TDSS-killer-version-Datum.txt
Inhalt posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.12.2012, 18:00   #12
Kalua_1
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Okay, danke.

15:55:31.0777 0912 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:55:31.0977 0912 ============================================================
15:55:31.0977 0912 Current date / time: 2012/12/03 15:55:31.0977
15:55:31.0977 0912 SystemInfo:
15:55:31.0977 0912
15:55:31.0977 0912 OS Version: 6.1.7601 ServicePack: 1.0
15:55:31.0977 0912 Product type: Workstation
15:55:31.0977 0912 ComputerName: ÄNTSCH-PC
15:55:31.0977 0912 UserName: Äntsch
15:55:31.0977 0912 Windows directory: C:\Windows
15:55:31.0977 0912 System windows directory: C:\Windows
15:55:31.0977 0912 Running under WOW64
15:55:31.0977 0912 Processor architecture: Intel x64
15:55:31.0977 0912 Number of processors: 2
15:55:31.0977 0912 Page size: 0x1000
15:55:31.0977 0912 Boot type: Normal boot
15:55:31.0977 0912 ============================================================
15:55:33.0177 0912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:33.0177 0912 Drive \Device\Harddisk1\DR1 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:55:33.0187 0912 ============================================================
15:55:33.0187 0912 \Device\Harddisk0\DR0:
15:55:33.0187 0912 MBR partitions:
15:55:33.0187 0912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:55:33.0187 0912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23921000
15:55:33.0187 0912 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23985000, BlocksNum 0x1A75800
15:55:33.0187 0912 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
15:55:33.0187 0912 \Device\Harddisk1\DR1:
15:55:33.0187 0912 MBR partitions:
15:55:33.0187 0912 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x6FC3D80
15:55:33.0187 0912 ============================================================
15:55:33.0207 0912 C: <-> \Device\Harddisk0\DR0\Partition2
15:55:33.0247 0912 D: <-> \Device\Harddisk0\DR0\Partition3
15:55:33.0257 0912 F: <-> \Device\Harddisk1\DR1\Partition1
15:55:33.0257 0912 ============================================================
15:55:33.0257 0912 Initialize success
15:55:33.0257 0912 ============================================================
15:56:00.0574 2424 ============================================================
15:56:00.0574 2424 Scan started
15:56:00.0574 2424 Mode: Manual; SigCheck; TDLFS;
15:56:00.0574 2424 ============================================================
15:56:01.0305 2424 ================ Scan system memory ========================
15:56:01.0305 2424 System memory - ok
15:56:01.0305 2424 ================ Scan services =============================
15:56:01.0455 2424 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:56:01.0625 2424 1394ohci - ok
15:56:01.0655 2424 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
15:56:01.0695 2424 Accelerometer - ok
15:56:01.0735 2424 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:56:01.0765 2424 ACPI - ok
15:56:01.0795 2424 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:56:01.0915 2424 AcpiPmi - ok
15:56:02.0015 2424 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:02.0045 2424 AdobeARMservice - ok
15:56:02.0085 2424 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:56:02.0105 2424 adp94xx - ok
15:56:02.0125 2424 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:56:02.0145 2424 adpahci - ok
15:56:02.0155 2424 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:56:02.0185 2424 adpu320 - ok
15:56:02.0205 2424 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:56:02.0375 2424 AeLookupSvc - ok
15:56:02.0475 2424 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
15:56:02.0555 2424 AESTFilters - ok
15:56:02.0605 2424 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:56:02.0705 2424 AFD - ok
15:56:02.0745 2424 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:56:02.0785 2424 agp440 - ok
15:56:02.0935 2424 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
15:56:02.0935 2424 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
15:56:02.0945 2424 Akamai ( HiddenFile.Multi.Generic ) - warning
15:56:02.0945 2424 Akamai - detected HiddenFile.Multi.Generic (1)
15:56:02.0965 2424 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:56:03.0045 2424 ALG - ok
15:56:03.0085 2424 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:56:03.0105 2424 aliide - ok
15:56:03.0145 2424 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:56:03.0235 2424 AMD External Events Utility - ok
15:56:03.0255 2424 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:56:03.0275 2424 amdide - ok
15:56:03.0305 2424 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:56:03.0385 2424 AmdK8 - ok
15:56:03.0405 2424 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:56:03.0465 2424 AmdPPM - ok
15:56:03.0505 2424 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:56:03.0525 2424 amdsata - ok
15:56:03.0555 2424 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:56:03.0575 2424 amdsbs - ok
15:56:03.0585 2424 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:56:03.0595 2424 amdxata - ok
15:56:03.0655 2424 [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:56:03.0685 2424 AntiVirSchedulerService - ok
15:56:03.0725 2424 [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:56:03.0735 2424 AntiVirService - ok
15:56:03.0785 2424 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:56:04.0005 2424 AppID - ok
15:56:04.0025 2424 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:56:04.0095 2424 AppIDSvc - ok
15:56:04.0145 2424 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:56:04.0245 2424 Appinfo - ok
15:56:04.0305 2424 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:56:04.0315 2424 Apple Mobile Device - ok
15:56:04.0355 2424 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:56:04.0375 2424 arc - ok
15:56:04.0385 2424 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:56:04.0405 2424 arcsas - ok
15:56:04.0435 2424 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:04.0505 2424 AsyncMac - ok
15:56:04.0535 2424 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:56:04.0555 2424 atapi - ok
15:56:04.0605 2424 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:56:04.0755 2424 athr - ok
15:56:04.0925 2424 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:56:04.0965 2424 AtiHdmiService - ok
15:56:05.0105 2424 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:56:05.0355 2424 atikmdag - ok
15:56:05.0385 2424 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:56:05.0395 2424 AtiPcie - ok
15:56:05.0455 2424 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:05.0555 2424 AudioEndpointBuilder - ok
15:56:05.0595 2424 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:56:05.0635 2424 AudioSrv - ok
15:56:05.0665 2424 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:56:05.0685 2424 avgntflt - ok
15:56:05.0715 2424 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:56:05.0735 2424 avipbb - ok
15:56:05.0755 2424 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:56:05.0775 2424 avkmgr - ok
15:56:05.0815 2424 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:56:05.0915 2424 AxInstSV - ok
15:56:05.0945 2424 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:56:06.0015 2424 b06bdrv - ok
15:56:06.0045 2424 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:06.0095 2424 b57nd60a - ok
15:56:06.0135 2424 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:56:06.0165 2424 BDESVC - ok
15:56:06.0185 2424 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:56:06.0255 2424 Beep - ok
15:56:06.0325 2424 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:56:06.0445 2424 BFE - ok
15:56:06.0495 2424 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:56:06.0575 2424 BITS - ok
15:56:06.0615 2424 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:56:06.0655 2424 blbdrive - ok
15:56:06.0745 2424 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:56:06.0775 2424 Bonjour Service - ok
15:56:06.0825 2424 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:56:06.0875 2424 bowser - ok
15:56:06.0895 2424 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:56:07.0015 2424 BrFiltLo - ok
15:56:07.0015 2424 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:56:07.0035 2424 BrFiltUp - ok
15:56:07.0075 2424 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:56:07.0165 2424 Browser - ok
15:56:07.0185 2424 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:56:07.0275 2424 Brserid - ok
15:56:07.0295 2424 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:07.0335 2424 BrSerWdm - ok
15:56:07.0365 2424 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:07.0405 2424 BrUsbMdm - ok
15:56:07.0415 2424 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:07.0435 2424 BrUsbSer - ok
15:56:07.0455 2424 BT - ok
15:56:07.0465 2424 BTCOM - ok
15:56:07.0495 2424 BTCOMBUS - ok
15:56:07.0535 2424 Btcsrusb - ok
15:56:07.0575 2424 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:56:07.0635 2424 BthEnum - ok
15:56:07.0665 2424 [ 30B59C7B65092EA44C8668AFEB47AAAD ] BtHidBus C:\Windows\system32\Drivers\BtHidBus.sys
15:56:07.0685 2424 BtHidBus - ok
15:56:07.0715 2424 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:56:07.0765 2424 BTHMODEM - ok
15:56:07.0785 2424 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:56:07.0825 2424 BthPan - ok
15:56:07.0875 2424 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:56:07.0995 2424 BTHPORT - ok
15:56:08.0045 2424 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:56:08.0115 2424 bthserv - ok
15:56:08.0145 2424 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:56:08.0185 2424 BTHUSB - ok
15:56:08.0235 2424 [ C0D50877BB7EC88A953A2A56CEF170FA ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys
15:56:08.0255 2424 btnetBUs - ok
15:56:08.0285 2424 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:56:08.0355 2424 cdfs - ok
15:56:08.0405 2424 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:56:08.0425 2424 cdrom - ok
15:56:08.0455 2424 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:56:08.0515 2424 CertPropSvc - ok
15:56:08.0545 2424 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:56:08.0575 2424 circlass - ok
15:56:08.0595 2424 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:56:08.0625 2424 CLFS - ok
15:56:08.0685 2424 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:08.0735 2424 clr_optimization_v2.0.50727_32 - ok
15:56:08.0765 2424 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:08.0775 2424 clr_optimization_v2.0.50727_64 - ok
15:56:08.0855 2424 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:08.0905 2424 clr_optimization_v4.0.30319_32 - ok
15:56:08.0966 2424 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:08.0996 2424 clr_optimization_v4.0.30319_64 - ok
15:56:09.0026 2424 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:09.0066 2424 CmBatt - ok
15:56:09.0096 2424 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:56:09.0116 2424 cmdide - ok
15:56:09.0156 2424 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:56:09.0206 2424 CNG - ok
15:56:09.0276 2424 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:56:09.0326 2424 Com4QLBEx - ok
15:56:09.0356 2424 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:56:09.0376 2424 Compbatt - ok
15:56:09.0416 2424 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:56:09.0496 2424 CompositeBus - ok
15:56:09.0516 2424 COMSysApp - ok
15:56:09.0536 2424 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:56:09.0556 2424 crcdisk - ok
15:56:09.0606 2424 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:56:09.0686 2424 CryptSvc - ok
15:56:09.0736 2424 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:56:09.0816 2424 DcomLaunch - ok
15:56:09.0846 2424 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:56:09.0916 2424 defragsvc - ok
15:56:09.0957 2424 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:56:10.0047 2424 DfsC - ok
15:56:10.0087 2424 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:56:10.0137 2424 Dhcp - ok
15:56:10.0177 2424 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:56:10.0227 2424 discache - ok
15:56:10.0247 2424 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:56:10.0277 2424 Disk - ok
15:56:10.0297 2424 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:56:10.0337 2424 Dnscache - ok
15:56:10.0377 2424 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:56:10.0477 2424 dot3svc - ok
15:56:10.0517 2424 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:56:10.0577 2424 DPS - ok
15:56:10.0617 2424 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:56:10.0657 2424 drmkaud - ok
15:56:10.0707 2424 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:56:10.0737 2424 DXGKrnl - ok
15:56:10.0777 2424 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:56:10.0837 2424 EapHost - ok
15:56:10.0967 2424 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:56:11.0127 2424 ebdrv - ok
15:56:11.0167 2424 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:56:11.0237 2424 EFS - ok
15:56:11.0307 2424 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:56:11.0387 2424 ehRecvr - ok
15:56:11.0407 2424 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:56:11.0457 2424 ehSched - ok
15:56:11.0507 2424 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:56:11.0557 2424 elxstor - ok
15:56:11.0587 2424 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
15:56:11.0607 2424 enecir - ok
15:56:11.0627 2424 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:56:11.0657 2424 ErrDev - ok
15:56:11.0717 2424 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:56:11.0777 2424 EventSystem - ok
15:56:11.0807 2424 ewusbnet - ok
15:56:11.0827 2424 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:56:11.0887 2424 exfat - ok
15:56:11.0907 2424 ezSharedSvc - ok
15:56:11.0927 2424 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:56:11.0977 2424 fastfat - ok
15:56:12.0027 2424 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:56:12.0107 2424 Fax - ok
15:56:12.0127 2424 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:56:12.0147 2424 fdc - ok
15:56:12.0167 2424 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:56:12.0227 2424 fdPHost - ok
15:56:12.0247 2424 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:56:12.0307 2424 FDResPub - ok
15:56:12.0337 2424 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:56:12.0357 2424 FileInfo - ok
15:56:12.0357 2424 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:56:12.0427 2424 Filetrace - ok
15:56:12.0447 2424 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:56:12.0527 2424 flpydisk - ok
15:56:12.0547 2424 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:56:12.0587 2424 FltMgr - ok
15:56:12.0647 2424 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:56:12.0737 2424 FontCache - ok
15:56:12.0777 2424 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:56:12.0817 2424 FontCache3.0.0.0 - ok
15:56:12.0827 2424 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:56:12.0857 2424 FsDepends - ok
15:56:12.0887 2424 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:56:12.0907 2424 Fs_Rec - ok
15:56:12.0967 2424 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:56:12.0997 2424 fvevol - ok
15:56:13.0027 2424 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:56:13.0047 2424 gagp30kx - ok
15:56:13.0057 2424 GameConsoleService - ok
15:56:13.0097 2424 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:56:13.0117 2424 GEARAspiWDM - ok
15:56:13.0157 2424 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:56:13.0237 2424 gpsvc - ok
15:56:13.0247 2424 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:56:13.0287 2424 hcw85cir - ok
15:56:13.0327 2424 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:56:13.0397 2424 HdAudAddService - ok
15:56:13.0487 2424 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:56:13.0527 2424 HDAudBus - ok
15:56:13.0537 2424 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:56:13.0557 2424 HidBatt - ok
15:56:13.0587 2424 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:56:13.0627 2424 HidBth - ok
15:56:13.0647 2424 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:56:13.0687 2424 HidIr - ok
15:56:13.0727 2424 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:56:13.0797 2424 hidserv - ok
15:56:13.0827 2424 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:56:13.0847 2424 HidUsb - ok
15:56:13.0907 2424 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:56:13.0977 2424 hkmsvc - ok
15:56:14.0017 2424 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:56:14.0097 2424 HomeGroupListener - ok
15:56:14.0127 2424 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:56:14.0177 2424 HomeGroupProvider - ok
15:56:14.0257 2424 [ 58C91CCA61A948DC6E789C93C05A1D6F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:56:14.0287 2424 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:56:14.0287 2424 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:56:14.0327 2424 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
15:56:14.0347 2424 hpdskflt - ok
15:56:14.0397 2424 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:56:14.0427 2424 HpqKbFiltr - ok
15:56:14.0467 2424 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:56:14.0507 2424 hpqwmiex - ok
15:56:14.0547 2424 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:56:14.0567 2424 HpSAMD - ok
15:56:14.0597 2424 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
15:56:14.0627 2424 hpsrv - ok
15:56:14.0717 2424 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:56:14.0797 2424 HTTP - ok
15:56:14.0837 2424 [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:56:14.0867 2424 hwdatacard ( UnsignedFile.Multi.Generic ) - warning
15:56:14.0867 2424 hwdatacard - detected UnsignedFile.Multi.Generic (1)
15:56:14.0897 2424 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:56:14.0917 2424 hwpolicy - ok
15:56:14.0927 2424 hwusbdev - ok
15:56:14.0977 2424 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:56:15.0007 2424 i8042prt - ok
15:56:15.0127 2424 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:56:15.0187 2424 iaStorV - ok
15:56:15.0247 2424 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:56:15.0307 2424 idsvc - ok
15:56:15.0457 2424 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:56:15.0687 2424 igfx - ok
15:56:15.0717 2424 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:56:15.0737 2424 iirsp - ok
15:56:15.0797 2424 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:56:15.0897 2424 IKEEXT - ok
15:56:15.0917 2424 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:56:15.0937 2424 intelide - ok
15:56:15.0967 2424 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:56:16.0007 2424 intelppm - ok
15:56:16.0047 2424 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:56:16.0117 2424 IPBusEnum - ok
15:56:16.0147 2424 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:16.0217 2424 IpFilterDriver - ok
15:56:16.0267 2424 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:56:16.0327 2424 iphlpsvc - ok
15:56:16.0357 2424 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:56:16.0407 2424 IPMIDRV - ok
15:56:16.0447 2424 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:56:16.0557 2424 IPNAT - ok
15:56:16.0647 2424 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:56:16.0677 2424 iPod Service - ok
15:56:16.0697 2424 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:56:16.0737 2424 IRENUM - ok
15:56:16.0767 2424 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:56:16.0787 2424 isapnp - ok
15:56:16.0807 2424 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:56:16.0837 2424 iScsiPrt - ok
15:56:16.0877 2424 [ C7B6BE6BF2B5766648E232077E86B6A0 ] IvtBtBUs C:\Windows\system32\Drivers\IvtBtBus.sys
15:56:16.0917 2424 IvtBtBUs - ok
15:56:16.0948 2424 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
15:56:16.0998 2424 JMCR - ok
15:56:17.0038 2424 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:17.0058 2424 kbdclass - ok
15:56:17.0108 2424 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:56:17.0158 2424 kbdhid - ok
15:56:17.0178 2424 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:56:17.0198 2424 KeyIso - ok
15:56:17.0228 2424 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:56:17.0248 2424 KSecDD - ok
15:56:17.0278 2424 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:56:17.0308 2424 KSecPkg - ok
15:56:17.0318 2424 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:56:17.0378 2424 ksthunk - ok
15:56:17.0418 2424 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:56:17.0528 2424 KtmRm - ok
15:56:17.0578 2424 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:56:17.0688 2424 LanmanServer - ok
15:56:17.0698 2424 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:56:17.0768 2424 LanmanWorkstation - ok
15:56:17.0808 2424 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:56:17.0878 2424 lltdio - ok
15:56:17.0908 2424 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:56:17.0989 2424 lltdsvc - ok
15:56:18.0009 2424 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:56:18.0049 2424 lmhosts - ok
15:56:18.0079 2424 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:56:18.0099 2424 LSI_FC - ok
15:56:18.0119 2424 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:56:18.0139 2424 LSI_SAS - ok
15:56:18.0149 2424 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:56:18.0179 2424 LSI_SAS2 - ok
15:56:18.0189 2424 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:56:18.0209 2424 LSI_SCSI - ok
15:56:18.0229 2424 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:56:18.0299 2424 luafv - ok
15:56:18.0319 2424 lxdu_device - ok
15:56:18.0369 2424 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:56:18.0399 2424 Mcx2Svc - ok
15:56:18.0429 2424 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:56:18.0449 2424 megasas - ok
15:56:18.0459 2424 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:56:18.0489 2424 MegaSR - ok
15:56:18.0559 2424 Microsoft SharePoint Workspace Audit Service - ok
15:56:18.0579 2424 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:56:18.0679 2424 MMCSS - ok
15:56:18.0709 2424 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:56:18.0769 2424 Modem - ok
15:56:18.0799 2424 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:56:18.0839 2424 monitor - ok
15:56:18.0859 2424 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:56:18.0879 2424 mouclass - ok
15:56:18.0909 2424 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:56:18.0929 2424 mouhid - ok
15:56:18.0969 2424 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:56:18.0989 2424 mountmgr - ok
15:56:19.0039 2424 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:56:19.0059 2424 MozillaMaintenance - ok
15:56:19.0099 2424 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:56:19.0119 2424 mpio - ok
15:56:19.0139 2424 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:56:19.0229 2424 mpsdrv - ok
15:56:19.0279 2424 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:56:19.0369 2424 MpsSvc - ok
15:56:19.0399 2424 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:56:19.0449 2424 MRxDAV - ok
15:56:19.0489 2424 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:19.0549 2424 mrxsmb - ok
15:56:19.0589 2424 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:19.0639 2424 mrxsmb10 - ok
15:56:19.0669 2424 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:19.0689 2424 mrxsmb20 - ok
15:56:19.0719 2424 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:56:19.0739 2424 msahci - ok
15:56:19.0749 2424 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:56:19.0779 2424 msdsm - ok
15:56:19.0799 2424 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:56:19.0849 2424 MSDTC - ok
15:56:19.0889 2424 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:56:19.0929 2424 Msfs - ok
15:56:19.0949 2424 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:56:20.0019 2424 mshidkmdf - ok
15:56:20.0049 2424 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:56:20.0069 2424 msisadrv - ok
15:56:20.0109 2424 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:56:20.0169 2424 MSiSCSI - ok
15:56:20.0189 2424 msiserver - ok
15:56:20.0209 2424 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:56:20.0269 2424 MSKSSRV - ok
15:56:20.0309 2424 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:20.0349 2424 MSPCLOCK - ok
15:56:20.0369 2424 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:56:20.0429 2424 MSPQM - ok
15:56:20.0469 2424 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:56:20.0499 2424 MsRPC - ok
15:56:20.0519 2424 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:56:20.0529 2424 mssmbios - ok
15:56:20.0549 2424 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:56:20.0619 2424 MSTEE - ok
15:56:20.0619 2424 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:56:20.0649 2424 MTConfig - ok
15:56:20.0689 2424 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:56:20.0709 2424 Mup - ok
15:56:20.0749 2424 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:56:20.0829 2424 napagent - ok
15:56:20.0879 2424 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:56:20.0939 2424 NativeWifiP - ok
15:56:20.0999 2424 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:56:21.0039 2424 NDIS - ok
15:56:21.0069 2424 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:56:21.0119 2424 NdisCap - ok
15:56:21.0149 2424 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:21.0189 2424 NdisTapi - ok
15:56:21.0219 2424 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:21.0269 2424 Ndisuio - ok
15:56:21.0309 2424 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:21.0399 2424 NdisWan - ok
15:56:21.0449 2424 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:56:21.0509 2424 NDProxy - ok
15:56:21.0529 2424 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:56:21.0599 2424 NetBIOS - ok
15:56:21.0649 2424 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:56:21.0699 2424 NetBT - ok
15:56:21.0719 2424 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:56:21.0729 2424 Netlogon - ok
15:56:21.0769 2424 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:56:21.0839 2424 Netman - ok
15:56:21.0869 2424 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:56:21.0929 2424 netprofm - ok
15:56:21.0959 2424 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:56:21.0970 2424 NetTcpPortSharing - ok
15:56:22.0110 2424 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:56:22.0330 2424 netw5v64 - ok
15:56:22.0360 2424 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:56:22.0400 2424 nfrd960 - ok
15:56:22.0480 2424 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:56:22.0580 2424 NlaSvc - ok
15:56:22.0610 2424 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:56:22.0660 2424 Npfs - ok
15:56:22.0700 2424 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:56:22.0780 2424 nsi - ok
15:56:22.0790 2424 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:56:22.0840 2424 nsiproxy - ok
15:56:22.0910 2424 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:56:23.0040 2424 Ntfs - ok
15:56:23.0050 2424 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:56:23.0100 2424 Null - ok
15:56:23.0140 2424 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:56:23.0160 2424 nvraid - ok
15:56:23.0180 2424 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:56:23.0220 2424 nvstor - ok
15:56:23.0260 2424 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:56:23.0280 2424 nv_agp - ok
15:56:23.0320 2424 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:56:23.0340 2424 ohci1394 - ok
15:56:23.0400 2424 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:23.0430 2424 ose - ok
15:56:23.0570 2424 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:56:23.0770 2424 osppsvc - ok
15:56:23.0820 2424 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:56:23.0900 2424 p2pimsvc - ok
15:56:23.0940 2424 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:56:23.0960 2424 p2psvc - ok
15:56:23.0980 2424 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:56:24.0000 2424 Parport - ok
15:56:24.0020 2424 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:56:24.0040 2424 partmgr - ok
15:56:24.0060 2424 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:56:24.0130 2424 PcaSvc - ok
15:56:24.0280 2424 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:56:24.0310 2424 pccsmcfd - ok
15:56:24.0390 2424 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:56:24.0410 2424 pci - ok
15:56:24.0440 2424 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:56:24.0460 2424 pciide - ok
15:56:24.0500 2424 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:56:24.0530 2424 pcmcia - ok
15:56:24.0550 2424 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:56:24.0570 2424 pcw - ok
15:56:24.0660 2424 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:56:24.0780 2424 PEAUTH - ok
15:56:24.0970 2424 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:56:25.0000 2424 PerfHost - ok
15:56:25.0120 2424 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:56:25.0320 2424 pla - ok
15:56:25.0370 2424 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:56:25.0430 2424 PlugPlay - ok
15:56:25.0460 2424 [ F485770EEC8959684CC4C4786B63C06C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:56:25.0520 2424 Pml Driver HPZ12 - ok
15:56:25.0540 2424 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:56:25.0670 2424 PNRPAutoReg - ok
15:56:25.0710 2424 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:56:25.0730 2424 PNRPsvc - ok
15:56:25.0820 2424 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:56:25.0910 2424 PolicyAgent - ok
15:56:25.0940 2424 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:56:26.0030 2424 Power - ok
15:56:26.0070 2424 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:56:26.0160 2424 PptpMiniport - ok
15:56:26.0200 2424 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:56:26.0280 2424 Processor - ok
15:56:26.0330 2424 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:56:26.0450 2424 ProfSvc - ok
15:56:26.0470 2424 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:56:26.0490 2424 ProtectedStorage - ok
15:56:26.0540 2424 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:56:26.0660 2424 Psched - ok
15:56:26.0710 2424 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:56:26.0810 2424 ql2300 - ok
15:56:26.0840 2424 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:56:26.0870 2424 ql40xx - ok
15:56:26.0900 2424 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:56:26.0940 2424 QWAVE - ok
15:56:26.0960 2424 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:56:27.0061 2424 QWAVEdrv - ok
15:56:27.0081 2424 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:56:27.0141 2424 RasAcd - ok
15:56:27.0181 2424 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:56:27.0231 2424 RasAgileVpn - ok
15:56:27.0251 2424 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:56:27.0321 2424 RasAuto - ok
15:56:27.0351 2424 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:27.0411 2424 Rasl2tp - ok
15:56:27.0451 2424 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:56:27.0531 2424 RasMan - ok
15:56:27.0561 2424 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:27.0631 2424 RasPppoe - ok
15:56:27.0661 2424 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:56:27.0731 2424 RasSstp - ok
15:56:27.0771 2424 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:56:27.0851 2424 rdbss - ok
15:56:27.0871 2424 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:56:27.0891 2424 rdpbus - ok
15:56:27.0911 2424 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:27.0971 2424 RDPCDD - ok
15:56:28.0001 2424 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:56:28.0091 2424 RDPENCDD - ok
15:56:28.0141 2424 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:56:28.0191 2424 RDPREFMP - ok
15:56:28.0231 2424 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:56:28.0271 2424 RDPWD - ok
15:56:28.0301 2424 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:56:28.0321 2424 rdyboost - ok
15:56:28.0351 2424 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:56:28.0411 2424 RemoteAccess - ok
15:56:28.0451 2424 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:56:28.0521 2424 RemoteRegistry - ok
15:56:28.0571 2424 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:56:28.0641 2424 RFCOMM - ok
15:56:28.0701 2424 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:56:28.0731 2424 RichVideo - ok
15:56:28.0741 2424 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:56:28.0791 2424 RpcEptMapper - ok
15:56:28.0811 2424 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:56:28.0841 2424 RpcLocator - ok
15:56:28.0901 2424 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:56:28.0941 2424 RpcSs - ok
15:56:28.0971 2424 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:56:29.0011 2424 rspndr - ok
15:56:29.0031 2424 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:56:29.0071 2424 RTL8167 - ok
15:56:29.0091 2424 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:56:29.0111 2424 SamSs - ok
15:56:29.0141 2424 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:56:29.0161 2424 sbp2port - ok
15:56:29.0181 2424 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:56:29.0251 2424 SCardSvr - ok
15:56:29.0291 2424 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:56:29.0361 2424 scfilter - ok
15:56:29.0401 2424 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:56:29.0511 2424 Schedule - ok
15:56:29.0561 2424 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:56:29.0601 2424 SCPolicySvc - ok
15:56:29.0631 2424 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:56:29.0671 2424 sdbus - ok
15:56:29.0701 2424 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:56:29.0771 2424 SDRSVC - ok
15:56:29.0881 2424 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Äntsch\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
15:56:29.0911 2424 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
15:56:29.0911 2424 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
15:56:29.0951 2424 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:56:30.0041 2424 secdrv - ok
15:56:30.0071 2424 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:56:30.0151 2424 seclogon - ok
15:56:30.0181 2424 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:56:30.0231 2424 SENS - ok
15:56:30.0261 2424 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:56:30.0291 2424 SensrSvc - ok
15:56:30.0301 2424 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:56:30.0321 2424 Serenum - ok
15:56:30.0331 2424 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:56:30.0361 2424 Serial - ok
15:56:30.0391 2424 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:56:30.0431 2424 sermouse - ok
15:56:30.0511 2424 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:56:30.0581 2424 ServiceLayer - ok
15:56:30.0621 2424 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:56:30.0681 2424 SessionEnv - ok
15:56:30.0721 2424 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:56:30.0801 2424 sffdisk - ok
15:56:30.0811 2424 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:56:30.0851 2424 sffp_mmc - ok
15:56:30.0881 2424 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:56:30.0921 2424 sffp_sd - ok
15:56:30.0961 2424 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:56:31.0001 2424 sfloppy - ok
15:56:31.0031 2424 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:56:31.0111 2424 SharedAccess - ok
15:56:31.0151 2424 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:56:31.0201 2424 ShellHWDetection - ok
15:56:31.0231 2424 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:56:31.0251 2424 SiSRaid2 - ok
15:56:31.0261 2424 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:56:31.0291 2424 SiSRaid4 - ok
15:56:31.0341 2424 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:56:31.0401 2424 SkypeUpdate - ok
15:56:31.0421 2424 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:56:31.0481 2424 Smb - ok
15:56:31.0661 2424 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:56:31.0731 2424 SNMPTRAP - ok
15:56:31.0861 2424 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:56:31.0901 2424 spldr - ok
15:56:31.0951 2424 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:56:31.0991 2424 Spooler - ok
15:56:32.0091 2424 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:56:32.0171 2424 sppsvc - ok
15:56:32.0211 2424 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:56:32.0281 2424 sppuinotify - ok
15:56:32.0331 2424 [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd C:\Windows\system32\Drivers\sptd.sys
15:56:32.0341 2424 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51DE15CA5C05BCA46D8B110CD00A02FB
15:56:32.0341 2424 sptd ( LockedFile.Multi.Generic ) - warning
15:56:32.0341 2424 sptd - detected LockedFile.Multi.Generic (1)
15:56:32.0391 2424 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:56:32.0521 2424 srv - ok
15:56:32.0561 2424 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:56:32.0621 2424 srv2 - ok
15:56:32.0671 2424 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:56:32.0691 2424 SrvHsfHDA - ok
15:56:32.0781 2424 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:56:32.0881 2424 SrvHsfV92 - ok
15:56:32.0921 2424 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:56:33.0011 2424 SrvHsfWinac - ok
15:56:33.0051 2424 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:56:33.0101 2424 srvnet - ok
15:56:33.0171 2424 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:56:33.0251 2424 SSDPSRV - ok
15:56:33.0271 2424 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:56:33.0331 2424 SstpSvc - ok
15:56:33.0451 2424 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
15:56:33.0461 2424 STacSV - ok
15:56:33.0481 2424 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:56:33.0501 2424 stexstor - ok
15:56:33.0551 2424 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:56:33.0581 2424 STHDA - ok
15:56:33.0641 2424 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:56:33.0701 2424 stisvc - ok
15:56:33.0761 2424 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:56:33.0781 2424 swenum - ok
15:56:33.0831 2424 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:56:33.0921 2424 swprv - ok
15:56:34.0031 2424 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:56:34.0071 2424 SynTP - ok
15:56:34.0491 2424 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:56:34.0561 2424 SysMain - ok
15:56:34.0601 2424 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:56:34.0651 2424 TabletInputService - ok
15:56:34.0691 2424 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:56:34.0761 2424 TapiSrv - ok
15:56:34.0791 2424 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:56:34.0851 2424 TBS - ok
15:56:35.0011 2424 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:56:35.0151 2424 Tcpip - ok
15:56:35.0211 2424 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:56:35.0251 2424 TCPIP6 - ok
15:56:35.0291 2424 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:56:35.0311 2424 tcpipreg - ok
15:56:35.0341 2424 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:56:35.0371 2424 TDPIPE - ok
15:56:35.0401 2424 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:56:35.0431 2424 TDTCP - ok
15:56:35.0471 2424 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:56:35.0521 2424 tdx - ok
15:56:35.0571 2424 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:56:35.0591 2424 TermDD - ok
15:56:35.0621 2424 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:56:35.0721 2424 TermService - ok
15:56:35.0781 2424 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
15:56:35.0811 2424 TFsExDisk - ok
15:56:35.0841 2424 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:56:35.0881 2424 Themes - ok
15:56:35.0911 2424 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:56:35.0961 2424 THREADORDER - ok
15:56:35.0981 2424 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:56:36.0031 2424 TrkWks - ok
15:56:36.0061 2424 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:56:36.0131 2424 TrustedInstaller - ok
15:56:36.0161 2424 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:56:36.0221 2424 tssecsrv - ok
15:56:36.0281 2424 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:56:36.0371 2424 TsUsbFlt - ok
15:56:36.0411 2424 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:56:36.0451 2424 tunnel - ok
15:56:36.0481 2424 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:56:36.0501 2424 uagp35 - ok
15:56:36.0531 2424 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:56:36.0611 2424 udfs - ok
15:56:36.0651 2424 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:56:36.0671 2424 UI0Detect - ok
15:56:36.0701 2424 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:56:36.0721 2424 uliagpkx - ok
15:56:36.0771 2424 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:56:36.0821 2424 umbus - ok
15:56:36.0841 2424 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:56:36.0901 2424 UmPass - ok
15:56:36.0931 2424 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:56:37.0011 2424 upnphost - ok
15:56:37.0061 2424 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:56:37.0091 2424 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:56:37.0091 2424 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:56:37.0121 2424 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:56:37.0181 2424 usbccgp - ok
15:56:37.0201 2424 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:56:37.0221 2424 usbcir - ok
15:56:37.0241 2424 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:56:37.0311 2424 usbehci - ok
15:56:37.0331 2424 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
15:56:37.0341 2424 usbfilter - ok
15:56:37.0371 2424 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:56:37.0401 2424 usbhub - ok
15:56:37.0421 2424 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:56:37.0461 2424 usbohci - ok
15:56:37.0491 2424 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:56:37.0541 2424 usbprint - ok
15:56:37.0561 2424 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:56:37.0591 2424 usbscan - ok
15:56:37.0661 2424 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
15:56:37.0741 2424 usbser - ok
15:56:37.0761 2424 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:56:37.0831 2424 USBSTOR - ok
15:56:37.0861 2424 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:56:37.0951 2424 usbuhci - ok
15:56:37.0981 2424 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:56:38.0011 2424 usbvideo - ok
15:56:38.0041 2424 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:56:38.0101 2424 UxSms - ok
15:56:38.0101 2424 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:56:38.0121 2424 VaultSvc - ok
15:56:38.0151 2424 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:56:38.0181 2424 vdrvroot - ok
15:56:38.0231 2424 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:56:38.0351 2424 vds - ok
15:56:38.0401 2424 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:56:38.0431 2424 vga - ok
15:56:38.0451 2424 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:56:38.0511 2424 VgaSave - ok
15:56:38.0591 2424 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:56:38.0641 2424 vhdmp - ok
15:56:38.0691 2424 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:56:38.0711 2424 viaide - ok
15:56:38.0731 2424 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:56:38.0751 2424 volmgr - ok
15:56:38.0821 2424 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:56:38.0871 2424 volmgrx - ok
15:56:38.0921 2424 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:56:38.0961 2424 volsnap - ok
15:56:39.0041 2424 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:56:39.0061 2424 vsmraid - ok
15:56:39.0221 2424 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:56:39.0331 2424 VSS - ok
15:56:39.0351 2424 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:56:39.0401 2424 vwifibus - ok
15:56:39.0431 2424 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:56:39.0501 2424 vwififlt - ok
15:56:39.0551 2424 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:56:39.0591 2424 vwifimp - ok
15:56:39.0691 2424 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:56:39.0751 2424 W32Time - ok
15:56:39.0761 2424 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:56:39.0881 2424 WacomPen - ok
15:56:39.0941 2424 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:56:40.0021 2424 WANARP - ok
15:56:40.0042 2424 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:56:40.0092 2424 Wanarpv6 - ok
15:56:40.0232 2424 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:56:40.0322 2424 WatAdminSvc - ok
15:56:40.0402 2424 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:56:40.0512 2424 wbengine - ok
15:56:40.0552 2424 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:56:40.0582 2424 WbioSrvc - ok
15:56:40.0642 2424 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:56:40.0702 2424 wcncsvc - ok
15:56:40.0732 2424 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:56:40.0772 2424 WcsPlugInService - ok
15:56:40.0802 2424 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:56:40.0822 2424 Wd - ok
15:56:40.0882 2424 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:56:40.0952 2424 Wdf01000 - ok
15:56:40.0972 2424 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:56:41.0073 2424 WdiServiceHost - ok
15:56:41.0093 2424 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:56:41.0113 2424 WdiSystemHost - ok
15:56:41.0153 2424 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:56:41.0213 2424 WebClient - ok
15:56:41.0243 2424 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:56:41.0333 2424 Wecsvc - ok
15:56:41.0363 2424 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:56:41.0413 2424 wercplsupport - ok
15:56:41.0443 2424 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:56:41.0493 2424 WerSvc - ok
15:56:41.0543 2424 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:56:41.0583 2424 WfpLwf - ok
15:56:41.0603 2424 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:56:41.0633 2424 WIMMount - ok
15:56:41.0653 2424 WinDefend - ok
15:56:41.0663 2424 WinHttpAutoProxySvc - ok
15:56:41.0753 2424 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:56:41.0823 2424 Winmgmt - ok
15:56:41.0903 2424 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:56:42.0103 2424 WinRM - ok
15:56:42.0183 2424 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:56:42.0233 2424 WinUsb - ok
15:56:42.0323 2424 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:56:42.0413 2424 Wlansvc - ok
15:56:42.0463 2424 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:56:42.0493 2424 WmiAcpi - ok
15:56:42.0543 2424 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:56:42.0623 2424 wmiApSrv - ok
15:56:42.0663 2424 WMPNetworkSvc - ok
15:56:42.0723 2424 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:56:42.0753 2424 WPCSvc - ok
15:56:42.0803 2424 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:56:42.0843 2424 WPDBusEnum - ok
15:56:42.0873 2424 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:56:42.0943 2424 ws2ifsl - ok
15:56:42.0973 2424 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:56:43.0013 2424 wscsvc - ok
15:56:43.0023 2424 WSearch - ok
15:56:43.0343 2424 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:56:43.0433 2424 wuauserv - ok
15:56:43.0493 2424 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:56:43.0583 2424 WudfPf - ok
15:56:43.0653 2424 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:56:43.0723 2424 WUDFRd - ok
15:56:43.0743 2424 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:56:43.0753 2424 wudfsvc - ok
15:56:43.0783 2424 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:56:43.0843 2424 WwanSvc - ok
15:56:43.0933 2424 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:56:44.0085 2424 yukonw7 - ok
15:56:44.0145 2424 ================ Scan global ===============================
15:56:44.0165 2424 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:56:44.0225 2424 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:56:44.0305 2424 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:56:44.0335 2424 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:56:44.0385 2424 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:56:44.0405 2424 [Global] - ok
15:56:44.0405 2424 ================ Scan MBR ==================================
15:56:44.0415 2424 [ 80063A27F44478B1A9B3E74C2F4343C7 ] \Device\Harddisk0\DR0
15:56:45.0055 2424 \Device\Harddisk0\DR0 - ok
15:56:45.0065 2424 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:56:45.0605 2424 \Device\Harddisk1\DR1 - ok
15:56:45.0605 2424 ================ Scan VBR ==================================
15:56:45.0615 2424 [ 9A6AAAE7E93B44B948ED610249C7033F ] \Device\Harddisk0\DR0\Partition1
15:56:45.0625 2424 \Device\Harddisk0\DR0\Partition1 - ok
15:56:45.0645 2424 [ FB2172118A70EA8AE6219534079475DF ] \Device\Harddisk0\DR0\Partition2
15:56:45.0645 2424 \Device\Harddisk0\DR0\Partition2 - ok
15:56:45.0685 2424 [ 23E497654E934F93B6E4147ED0BCF499 ] \Device\Harddisk0\DR0\Partition3
15:56:45.0685 2424 \Device\Harddisk0\DR0\Partition3 - ok
15:56:45.0705 2424 [ 51A908754159E8500AFF4511F3D330D7 ] \Device\Harddisk0\DR0\Partition4
15:56:45.0705 2424 \Device\Harddisk0\DR0\Partition4 - ok
15:56:45.0715 2424 [ D2D884B30633D99A55165680F98905C4 ] \Device\Harddisk1\DR1\Partition1
15:56:45.0715 2424 \Device\Harddisk1\DR1\Partition1 - ok
15:56:45.0715 2424 ============================================================
15:56:45.0715 2424 Scan finished
15:56:45.0715 2424 ============================================================
15:56:45.0735 2564 Detected object count: 6
15:56:45.0735 2564 Actual detected object count: 6
15:57:23.0332 2564 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:57:23.0332 2564 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:57:23.0342 2564 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:23.0342 2564 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:57:23.0342 2564 hwdatacard ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:23.0342 2564 hwdatacard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:57:23.0342 2564 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:23.0342 2564 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:57:23.0342 2564 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:57:23.0342 2564 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:57:23.0352 2564 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:23.0352 2564 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:06:50.0126 4688 Deinitialize success

Alt 04.12.2012, 16:55   #13
markusg
/// Malware-holic
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.12.2012, 09:35   #14
Kalua_1
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Hallo!

Anscheinend hat sich das Problem gelöst, auch ohne combifix.
VIELEN VIELEN DANK für die Hilfe!

Alt 20.12.2012, 12:56   #15
markusg
/// Malware-holic
 
mit ihavenet-Virus infiziert - was nun? - Standard

mit ihavenet-Virus infiziert - was nun?



Hi
Es hat seinen Grund, warum ich Logfiles anfordere.
Nur weil du keine Symtome mehr hast, heißt es nicht, dass der PC sauber ist.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Geändert von markusg (20.12.2012 um 13:02 Uhr)

Antwort

Themen zu mit ihavenet-Virus infiziert - was nun?
adwcleaner, dankbar, geholfen, großes, hartnäckig, ihavenet, infiziert, lange, losgeworden, problem, programme, programmen, scans, seeehr, stunde, verschiedene, verschiedenen




Ähnliche Themen: mit ihavenet-Virus infiziert - was nun?


  1. Ihavenet - Virus
    Log-Analyse und Auswertung - 17.11.2013 (6)
  2. ihavenet virus
    Log-Analyse und Auswertung - 09.10.2013 (28)
  3. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (11)
  4. Windows 7: mit Virus ihavenet infiziert
    Log-Analyse und Auswertung - 01.10.2013 (9)
  5. 2x | Ihavenet - Virus
    Mülltonne - 30.09.2013 (1)
  6. Mit ihavenet.com Virus infiziert, kann es nicht beseitigen.
    Log-Analyse und Auswertung - 01.09.2013 (26)
  7. Laptop infiziert mit ihavenet.com
    Log-Analyse und Auswertung - 02.08.2013 (41)
  8. Netbook ist mit IHAVENET infiziert
    Log-Analyse und Auswertung - 15.07.2013 (23)
  9. ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (11)
  10. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (13)
  11. Ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (3)
  12. ihavenet virus
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (3)
  13. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  14. Ihavenet.com - Virus
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (9)
  15. ihavenet - virus infiziert?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  16. Ihavenet.com Virus
    Log-Analyse und Auswertung - 13.09.2012 (12)
  17. ihavenet-virus.. help
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (3)

Zum Thema mit ihavenet-Virus infiziert - was nun? - Hallo! Ich habe ein seeehr großes Problem mit dem ihavenet-Virus ! Stundenlange Recherche wie man diesen Virus loswird und viele Scans mit verschiedenen Programmen (Bitdefener, adwcleaner, xoftofspyse usw.) haben leider - mit ihavenet-Virus infiziert - was nun?...
Archiv
Du betrachtest: mit ihavenet-Virus infiziert - was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.