Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Zip Anhang mit TR/Roque.957311 geöffnet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.04.2013, 16:40   #1
alder
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Hallo ihr Profis,

schön dass es euch gibt

Heute morgen hat meine Frau in ihrem web.de Postfach eine Spam mail (angeblich Mahnung von Sanicare.de) gefunden und die angehängte zip-Datei runtergeladen. Dann hat sie den Download-Order in Firefox geöffnet und auf die Datei geklickt
Danach hat sich ein Fenster mit lauter Hiroglyphen (sagt sie) geöffnet.....

folgendes habe ich seit dem getan:

- Zip-Datei mit Antivir untersucht: Fund TR/rogue.957311 - in Quarantäne verschoben
- Windows Defender ausgeführt - kein Fund
- Antivir übers ganze Systen laufen lassen - kein Fund
- Malwarebytes übers ganze System laufen lassen - kein Fund
- Defogger nach Anleitung hier im Forum:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:14 on 22/04/2013 (Dell)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
- OTLtext:

Code:
ATTFilter
OTL logfile created on: 22.04.2013 16:16:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 52,67% Memory free
7,82 Gb Paging File | 5,73 Gb Available in Paging File | 73,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 330,30 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
 
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.22 16:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.28 15:52:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 15:52:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 15:52:28 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.27 15:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.03.27 15:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.03.27 15:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.03.27 15:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
PRC - [2010.12.29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.10.01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 20:55:05 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.13 15:26:58 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013.01.13 15:26:58 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
MOD - [2013.01.11 11:37:03 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 11:36:32 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.11 11:36:19 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.11 11:36:14 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.11 11:36:11 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.11 11:36:10 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.11 11:36:04 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.05.30 08:39:02 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.11.06 08:11:36 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.12.03 17:26:34 | 003,143,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV - [2013.04.12 16:54:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.28 15:52:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 15:52:28 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.12 21:40:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.30 14:34:51 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.27 15:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.03.27 15:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.03.27 15:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011.09.16 01:41:28 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.09.16 01:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011.09.16 01:24:52 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.09.15 16:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV - [2011.09.08 15:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.06.03 19:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2010.12.29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2010.12.03 17:14:58 | 002,696,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 21:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.28 15:52:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 15:52:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 15:52:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.21 18:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.13 16:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.02.13 15:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.06 16:01:52 | 010,208,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.06 07:34:34 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.09.26 09:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.09.18 09:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.09.15 16:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.09.15 16:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.09.08 15:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.08.23 13:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.06.21 22:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.21 22:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010.12.16 05:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.12.13 16:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.20 18:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
IE - HKCU\..\SearchScopes,DefaultScope = {3D66E81A-7403-4C61-B2B7-2245EB226AAB}
IE - HKCU\..\SearchScopes\{3D66E81A-7403-4C61-B2B7-2245EB226AAB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.05.30 06:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.17 10:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions
[2013.02.14 18:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions
[2013.01.03 20:26:08 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.09.27 16:50:04 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
[2013.02.14 18:55:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 16:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 16:54:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 18:11:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F154892-42A4-4EBD-AEDB-3D39BD955A2B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.22 16:10:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013.04.22 14:09:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Malwarebytes
[2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.22 14:09:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.04.22 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.22 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Programs
[2013.04.12 16:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 11:44:58 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Buhl Data Service
[2013.04.11 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl Data Service
[2013.04.11 11:43:48 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl
[2013.04.11 11:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2012
[2013.04.11 11:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steuer 2012
[2013.04.11 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2013.03.28 15:52:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.03.28 15:52:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.03.28 15:52:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.03.24 16:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.22 16:14:05 | 000,000,000 | ---- | M] () -- C:\Users\Dell\defogger_reenable
[2013.04.22 16:12:01 | 000,377,856 | ---- | M] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe
[2013.04.22 16:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013.04.22 16:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Dell\Desktop\Defogger.exe
[2013.04.22 15:58:15 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.04.22 15:58:15 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.04.22 15:58:15 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.04.22 15:58:15 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.04.22 15:58:15 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.04.22 15:39:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.04.22 15:38:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.22 14:09:37 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.22 13:57:43 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 13:57:43 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.22 13:50:26 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.22 13:49:30 | 000,456,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.04.22 13:49:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.04.22 13:48:28 | 3148,214,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.20 10:03:53 | 000,000,590 | ---- | M] () -- C:\windows\wiso.ini
[2013.04.14 19:42:26 | 000,025,043 | ---- | M] () -- C:\Users\Dell\Desktop\heidelberg.odt
[2013.04.11 11:43:46 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2012.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.03.30 20:00:34 | 000,020,696 | ---- | M] () -- C:\Users\Dell\Desktop\Zählerstände.ods
[2013.03.28 15:52:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.03.28 15:52:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.03.28 15:52:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.03.24 16:39:50 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.22 16:14:05 | 000,000,000 | ---- | C] () -- C:\Users\Dell\defogger_reenable
[2013.04.22 16:12:00 | 000,377,856 | ---- | C] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe
[2013.04.22 16:09:34 | 000,050,477 | ---- | C] () -- C:\Users\Dell\Desktop\Defogger.exe
[2013.04.22 14:09:37 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.11 11:43:49 | 000,000,590 | ---- | C] () -- C:\windows\wiso.ini
[2013.04.11 11:43:46 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2012.lnk
[2013.03.24 16:39:50 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.06 19:16:39 | 000,007,602 | ---- | C] () -- C:\Users\Dell\AppData\Local\Resmon.ResmonCfg
[2012.11.30 14:52:04 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.07.10 16:33:14 | 000,003,584 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.16 20:55:58 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2012.05.30 08:21:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012.05.30 08:21:20 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.05.30 08:21:20 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.05.30 08:21:19 | 013,903,360 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012.05.30 08:21:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012.05.30 08:21:19 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.05.30 08:21:18 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.05.30 06:11:06 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.05.30 06:04:16 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2012.05.30 05:59:04 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2012.02.26 14:02:17 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2012.02.26 14:02:12 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2012.02.26 14:02:12 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2012.02.26 14:02:12 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2012.02.26 14:02:12 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2012.02.26 14:02:12 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2012.02.26 14:02:12 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2012.02.26 14:02:12 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2012.02.26 12:54:12 | 001,590,378 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.11.06 05:29:16 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extra:

Code:
ATTFilter
OTL Extras logfile created on: 22.04.2013 16:16:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 52,67% Memory free
7,82 Gb Paging File | 5,73 Gb Available in Paging File | 73,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 330,30 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
 
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC8C789-F3B9-42A7-AAA6-1D69A661269A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{117D4677-D8EA-40B9-9180-9DFE17E91E85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1283A4DE-C313-4FAE-8042-7AA23B10431F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3132D0E6-A733-49BC-B081-C12E3CF44337}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{422AD37F-6FB6-4A23-9143-66B94919174E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A927413-5148-4029-9BA8-4C4976D23A58}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5E2AC7C0-314A-4CBB-8ED4-A99C25B52808}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6A463D46-71C3-4A78-8AC7-35A2CC31BAD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F4D462D-1D33-4CB6-B63E-5679FEC30FE0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{71A9AA7A-567E-4B17-AEE3-FF6D6E14A1E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73B69D36-F0CF-465B-8CD3-2B677787F9AA}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | 
"{7681E210-3CD1-424A-971E-A41B0F9B9356}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7885BFAC-FE6F-43AA-9699-FA9FA0236AFD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{87FF8E46-5005-4CD4-AF8C-60B052C46BCE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{93F40161-FDDB-40BA-BF13-AD118786C601}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC8E7156-242B-4CE3-83E7-CC12549F7371}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AFC544BD-0F6D-4245-A929-572A79FF0021}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B98ACCCB-7D1E-40A5-A7C3-986B1AB2B90F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB194FCB-6B84-4C74-BB34-B63B164E86AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C7963706-CC40-4CDE-AB91-8E9E3AFC7ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D864C982-D7A7-423D-BE77-679B471DFD69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA369F9F-05F8-47FF-94CE-FF2436AEAC64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DA554FFE-A00F-48E5-AD8B-B6E591FF2653}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DBBA19C4-AAD1-4340-8AA9-40F2838247DA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DDC0E055-B74A-459E-A1D4-4A08A737DFE7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F2090B15-0FB2-4573-B3F3-8D90064EA90F}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00157835-4941-4EDB-8FAF-48333FECC051}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{089018CE-FF27-43BF-B037-1273B7895A29}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0AA2009F-B8EE-4B08-9C8E-F433E19D82F9}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{1512C413-38C8-48A0-941C-3E3A0EBBF388}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1AAEA8AE-A448-45C3-9C9D-DB207041D598}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2326A654-26EE-4E86-A1BD-D11B14090837}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{2405D26C-B145-47F2-BF2A-35B8A0B18359}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{28E1CA45-4F9E-46C2-9B78-B0CE7382561C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{3221953B-4AC8-43E7-B7D3-817741E20375}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{396B2D02-7495-401D-9637-BB3924CDB0A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40499D98-55AB-4E3D-9C58-B7042B070CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{4677DA17-B9B5-4014-8D7B-A3242B684C71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{480F099C-A9A3-41FC-A4AA-42C90B130D72}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{495D5EA1-01AC-493E-B677-50EBAEE462D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4E89CE42-6345-4329-8991-B0A2033A332D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F754371-9F94-4033-AEF1-EC696EF4AB17}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{578A1964-18F1-4488-A012-9E11B4DD9129}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe | 
"{5A1F8F06-97B7-440A-8616-8B298FC5AB28}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{5CAE8FE3-0095-48C5-9C40-8C9F16EA1B95}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FC3C365-CB61-45BB-8585-88F851C1CD37}" = protocol=6 | dir=out | app=system | 
"{621E5781-1769-46D0-AC65-2401415A6C9D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{62B95C17-DAB1-4428-AF74-E58F22D5A403}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{6E478732-72C8-4450-A005-E17C2C207CF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EE865C4-0FD7-4601-81A4-834C3AE7ABAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8DB2F86C-285B-4558-8F91-30545D4342D6}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe | 
"{9ED8876C-4BB5-4549-9792-980F9D56316B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9F940E32-A58B-45B6-BF2B-3052DCBDD479}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A74FC99D-F505-4F8C-8218-EE719E1AD753}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{A7BDAB15-4005-4C7C-BCB7-F4FA26F0D3C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA6BE318-9614-4B26-93A0-3B46F6811818}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE572531-9E61-431A-AD62-6C9E9BC9B489}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{B4CC58E6-4937-42CE-B8E8-82D4EB0258A1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{BCEAC1C3-271C-40DF-9DE9-6E0C2105C738}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{C3DCD12D-B304-49D5-9754-AF9D45442D84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA9AC0A5-9D62-46D5-9143-05512F089DA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D62675CA-48EA-49A1-BC8B-F0D0895AE209}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE9C3BF7-C818-4B00-A5D3-7A94271B3BFC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{F2DAEBC7-7A4A-4000-9601-58FABD8A153F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F8C24C10-FDCB-483A-B03F-79FACE294038}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{036983CC-5AA7-F67F-A0AC-E2A9395BAE1E}" = ccc-utility64
"{06388E0D-A364-478B-8E40-7D76142A8DF5}" = Autodesk Workflows - Product Design Suite 2013
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{07DC9A9D-1793-4EB4-AC1A-70750F9FB72B}" = Autodesk Navisworks Simulate 2013 - 2009 DWG File Reader
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0C821839-EA2A-48C2-BBD5-2B3D28159BC0}" = Autodesk Mudbox 2013 64-bit
"{0D53A298-B2B7-4746-BB92-B757A6E559C3}" = Autodesk Navisworks Simulate 2013 - 2010 DWG File Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{107CB1E9-DDA9-40B5-8A6D-325361402200}" = Autodesk Navisworks Simulate 2013 - 2011 DWG File Reader
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi-Software
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{3CB60177-D3D2-4E9C-BE4D-8372B34B4C7F}" = Autodesk SketchBook Designer 2013
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F744A9A-3067-4605-8864-DA1658059F0B}" = Autodesk Navisworks Simulate 2013 - 2008 DWG File Reader
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}" = Validity Sensors DDK
"{5783F2D7-B005-0000-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 Language Pack - Deutsch (German)
"{5783F2D7-B005-0407-2102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-0102-0060B0CE6BBA}" = AutoCAD Electrical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-1102-0060B0CE6BBA}" = AutoCAD Electrical 2013 Language Pack - Deutsch
"{5783F2D7-B007-0407-2102-0060B0CE6BBA}" = AutoCAD Electrical 2013
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7B42AD25-3D13-4422-A445-F5E18BD963FC}" = Autodesk SketchBook Designer for AutoCAD 2013
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013
"{84A6C8C6-0000-0264-0002-83487CD4C147}" = Autodesk Product Design Suite Premium 2013
"{84A6C8C6-0010-0264-0002-83487CD4C147}" = Autodesk Product Design Suite 2013 Language Pack
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{907A3175-B78E-0407-A98B-0A97BDE8A59C}" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{90A2F9D3-3E5E-4EF4-BC83-E7795CEF1A42}" = Autodesk Navisworks Simulate 2013 - 2012 DWG File Reader
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A15BFC7D-6A90-47E6-8C6E-D51B2929D8C8}" = Autodesk Showcase 2013 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{CBED6FC7-FB20-4920-AA80-3D6F3459F902}" = Autodesk Navisworks Simulate 2013 - 2013 DWG File Reader
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{CFAD9B91-391E-8337-859E-B14918E9ABB3}" = AMD AVIVO64 Codecs
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D28EFBA5-1764-4B79-946A-000BE950E8E2}" = Autodesk Product Design Suite 2013 Schnelle Deinstallation
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DE7FFE23-D092-5379-B83C-0E27FF07E329}" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F17E30E2-7ED4-0000-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013
"{F17E30E2-7ED4-0407-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD Electrical 2013 - Deutsch (German)" = AutoCAD Electrical 2013 - Deutsch (German)
"AutoCAD Mechanical 2013 - Deutsch (German)" = AutoCAD Mechanical 2013 - Deutsch (German)
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Autodesk Inventor 2013" = Autodesk Inventor 2013 Deutsch (German)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Mudbox 2013 64-bit" = Autodesk Mudbox 2013 64-bit
"Autodesk Navisworks 2013 64 bit Exporter Plug-ins" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Navisworks Simulate 2013" = Autodesk Navisworks Simulate 2013
"Autodesk Navisworks Simulate 2013 Language Pack - Deutsch" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"Autodesk Product Design Suite Premium 2013" = Autodesk Product Design Suite Premium 2013
"Autodesk Showcase 2013 64-bit" = Autodesk Showcase 2013 64-bit
"Autodesk SketchBook Designer 2013" = Autodesk SketchBook Designer 2013
"Autodesk SketchBook Designer for AutoCAD 2013" = Autodesk SketchBook Designer for AutoCAD 2013
"DWG TrueView 2013" = DWG TrueView 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{12867B14-03B1-5FEA-B987-9508DBB92A51}" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{249A3D8F-FE03-374E-BFB2-ED3B1FF072C6}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34CB9121-4C52-7854-5E6B-30C00F603782}" = CCC Help Chinese Traditional
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EF2FD37-A6AF-030E-5140-6D64264CB0CC}" = CCC Help Swedish
"{4614113D-DB85-EBE8-C550-52D5134A25E5}" = Catalyst Control Center
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CD64D9F-9525-4CED-34F9-CD600D486A7B}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60D2D550-6DA4-E943-592A-B71B577767A6}" = PX Profile Update
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E469237-BA9E-DF10-9DE1-1BC649DEDC01}" = Catalyst Control Center InstallProxy
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70E3E97D-726D-B60E-B776-AC3200A870F3}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7E30BC50-4F89-1E78-BE14-13395A356BE7}" = CCC Help Dutch
"{7EC2E893-73FC-6AEA-F8C6-A7C74C541C73}" = CCC Help French
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84D61D1B-4F89-D6B1-79B9-FA390A9B05F5}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8754105B-2BEF-0407-83F9-573C69BB204F}" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5921F0-8370-171D-D0D1-C83A7BD17400}" = CCC Help Danish
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9669EB2-B188-2D11-1562-BBB7BF0342E9}" = CCC Help Italian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5E44903-EE08-4B97-9A0F-08E2E1AAACF5}" = PowerXpressHybrid
"{BB531F76-F03F-B6DC-B740-830B46A60616}" = Catalyst Control Center Profiles Mobile
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7755E3B-57EF-ADF8-A112-85C14D0388D0}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB89DE9-C8FD-4D33-986A-DBDEC5309378}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2643DB8-3102-A67F-E1C0-4292FACC3637}" = CCC Help Portuguese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF86FC7A-4065-D2D2-99FB-E86E8CB9D64E}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBEA3B88-360E-858B-53F5-1948FF0466D9}" = CCC Help German
"{ED18994D-D12A-CD81-D1B9-C8844B5654BB}" = CCC Help Chinese Standard
"{ED3264CD-DF55-ECEE-9ED6-C85BAD78512F}" = CCC Help Finnish
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F13E6A6E-95B7-0352-2292-AAADF81FC560}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Navisworks 2013 32 bit Exporter Plug-ins" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviraSpeedup" = Avira System Speedup
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Dell Webcam Central" = Dell Webcam Central
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 08:56:55 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2013\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.01.2013 05:30:17 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.01.2013 05:25:22 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.01.2013 10:05:42 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2013\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.01.2013 04:34:40 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.01.2013 16:40:17 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.01.2013 13:41:18 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2013\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.02.2013 09:58:58 | Computer Name = Dell-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6365.0,
 Zeitstempel: 0x4e68a05a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00000000000737e2
ID
 des fehlerhaften Prozesses: 0x1b8  Startzeit der fehlerhaften Anwendung: 0x01cdf5bbee4eb11f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\IDT\WDM\STacSV64.exe  Pfad des fehlerhaften
 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 2f82b63b-6f9c-11e2-a51e-4ceb4294832d
 
Error - 06.02.2013 09:23:10 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2013\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.02.2013 14:40:45 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
 2013\python\lib\distutils\command\wininst-8_d.exe".  Die abhängige Assemblierung 
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 09.03.2013 10:45:50 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 09.03.2013 17:36:27 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10.03.2013 15:30:03 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.03.2013 12:06:36 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 14.03.2013 15:51:11 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.03.2013 14:39:52 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits 
1 Mal passiert.
 
Error - 22.03.2013 11:25:03 | Computer Name = Dell-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 23.03.2013 08:51:55 | Computer Name = Dell-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.03.2013 08:51:55 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%109
 
Error - 25.03.2013 04:40:08 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
GMER:

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-22 17:15:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF3O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dell\AppData\Local\Temp\pxldapod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                  fffff800031b2000 45 bytes [00, 00, BD, 00, 46, 69, 6C, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                                                  fffff800031b202f 17 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2044] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69    00000000753a1465 2 bytes [3A, 75]
.text     C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2044] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155   00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                 * 2
.text     C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000753a1465 2 bytes [3A, 75]
.text     C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   00000000753a1465 2 bytes [3A, 75]
.text     C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000753a14bb 2 bytes [3A, 75]
.text     ...                                                                                                                                                 * 2

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4840:4412]                                                                                      000007fefc292a7c
Thread    C:\windows\System32\svchost.exe [5616:5696]                                                                                                         000007fee9f29688

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b                                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d                                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d@e8cba1465d59                                                            0xE0 0x3D 0x79 0xD0 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d@5cff353fb196                                                            0x41 0xC5 0xBE 0x8F ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)                                                     
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d (not active ControlSet)                                                     
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d@e8cba1465d59                                                                0xE0 0x3D 0x79 0xD0 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d@5cff353fb196                                                                0x41 0xC5 0xBE 0x8F ...

---- EOF - GMER 2.1 ----
         
Wär echt toll, wenn ihr mir sagen könnt, ob mein System sauber ist.
Vielen Dank vorab

Alt 24.04.2013, 11:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 24.04.2013, 13:45   #3
alder
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Jepp, hier der Log von Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dell :: DELL-PC [Administrator]

Schutz: Aktiviert

22.04.2013 14:11:10
mbam-log-2013-04-22 (14-11-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 491023
Laufzeit: 1 Stunde(n), 8 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und hier das Log von Antivir, bei dem ich die zip-Datei explizit untersucht habe:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 22. April 2013  14:01


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : Dell
Computername   : DELL-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.3499          Bytes  19.03.2013 16:29:00
AVSCAN.EXE     : 13.6.0.986    639712 Bytes  28.03.2013 13:52:30
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  12.12.2012 13:21:34
LUKE.DLL       : 13.6.0.902     67808 Bytes  28.03.2013 13:52:41
AVSCPLR.DLL    : 13.6.0.986     94944 Bytes  19.03.2013 19:39:18
AVREG.DLL      : 13.6.0.940    250592 Bytes  19.03.2013 19:39:18
avlode.dll     : 13.6.2.940    434912 Bytes  28.03.2013 13:52:29
avlode.rdf     : 13.0.0.46      15591 Bytes  28.03.2013 13:52:46
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 13:32:25
VBASE001.VDF   : 7.11.70.1       2048 Bytes  04.04.2013 13:32:26
VBASE002.VDF   : 7.11.70.2       2048 Bytes  04.04.2013 13:32:26
VBASE003.VDF   : 7.11.70.3       2048 Bytes  04.04.2013 13:32:26
VBASE004.VDF   : 7.11.70.4       2048 Bytes  04.04.2013 13:32:26
VBASE005.VDF   : 7.11.70.5       2048 Bytes  04.04.2013 13:32:26
VBASE006.VDF   : 7.11.70.6       2048 Bytes  04.04.2013 13:32:26
VBASE007.VDF   : 7.11.70.7       2048 Bytes  04.04.2013 13:32:26
VBASE008.VDF   : 7.11.70.8       2048 Bytes  04.04.2013 13:32:26
VBASE009.VDF   : 7.11.70.9       2048 Bytes  04.04.2013 13:32:27
VBASE010.VDF   : 7.11.70.10      2048 Bytes  04.04.2013 13:32:27
VBASE011.VDF   : 7.11.70.11      2048 Bytes  04.04.2013 13:32:27
VBASE012.VDF   : 7.11.70.12      2048 Bytes  04.04.2013 13:32:27
VBASE013.VDF   : 7.11.70.13      2048 Bytes  04.04.2013 13:32:27
VBASE014.VDF   : 7.11.70.103   136192 Bytes  05.04.2013 20:28:38
VBASE015.VDF   : 7.11.70.183   183808 Bytes  06.04.2013 15:26:45
VBASE016.VDF   : 7.11.71.9     145920 Bytes  08.04.2013 12:56:50
VBASE017.VDF   : 7.11.71.115   169472 Bytes  10.04.2013 11:32:27
VBASE018.VDF   : 7.11.71.197   172544 Bytes  11.04.2013 09:37:00
VBASE019.VDF   : 7.11.72.17    135168 Bytes  12.04.2013 11:36:06
VBASE020.VDF   : 7.11.72.103   158208 Bytes  15.04.2013 11:39:29
VBASE021.VDF   : 7.11.72.137   152064 Bytes  15.04.2013 11:39:29
VBASE022.VDF   : 7.11.72.223   159232 Bytes  16.04.2013 12:55:10
VBASE023.VDF   : 7.11.73.59    204288 Bytes  18.04.2013 05:45:56
VBASE024.VDF   : 7.11.73.133   164864 Bytes  19.04.2013 12:08:14
VBASE025.VDF   : 7.11.73.201   225792 Bytes  22.04.2013 11:38:41
VBASE026.VDF   : 7.11.73.202     1536 Bytes  22.04.2013 11:38:41
VBASE027.VDF   : 7.11.73.203     1536 Bytes  22.04.2013 11:38:41
VBASE028.VDF   : 7.11.73.204     1536 Bytes  22.04.2013 11:38:41
VBASE029.VDF   : 7.11.73.205     1536 Bytes  22.04.2013 11:38:41
VBASE030.VDF   : 7.11.73.206     1536 Bytes  22.04.2013 11:38:41
VBASE031.VDF   : 7.11.73.224    35840 Bytes  22.04.2013 11:38:41
Engineversion  : 8.2.12.30 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL   : 8.1.4.106     483709 Bytes  11.04.2013 15:37:01
AESCN.DLL      : 8.1.10.4      131446 Bytes  28.03.2013 13:52:25
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 14:11:00
AEPACK.DLL     : 8.3.2.6       827767 Bytes  28.03.2013 13:52:25
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 14:36:21
AEHEUR.DLL     : 8.1.4.302    5890425 Bytes  18.04.2013 14:18:24
AEHELP.DLL     : 8.1.25.2      258423 Bytes  12.10.2012 15:52:32
AEGEN.DLL      : 8.1.7.2       442741 Bytes  28.03.2013 13:52:21
AEEXP.DLL      : 8.4.0.22      196982 Bytes  18.04.2013 14:18:25
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 14:42:55
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 13:52:18
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 15:07:19
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  07.02.2013 14:04:58
AVPREF.DLL     : 13.6.0.480     51056 Bytes  07.02.2013 14:05:27
AVREP.DLL      : 13.6.0.480    178544 Bytes  05.02.2013 13:59:17
AVARKT.DLL     : 13.6.0.902    260832 Bytes  28.03.2013 13:52:26
AVEVTLOG.DLL   : 13.6.0.902    167648 Bytes  28.03.2013 13:52:27
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  07.02.2013 14:05:29
NETNT.DLL      : 13.6.0.480     16240 Bytes  07.02.2013 14:05:59
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  12.12.2012 13:21:30
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  28.03.2013 13:52:19

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Dell\AppData\Local\Temp\3e3552a5.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 22. April 2013  14:01

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Dell\Downloads\*** MAHNUNG www.sanicare.de 19593280.zip'
C:\Users\Dell\Downloads\*** MAHNUNG www.sanicare.de 19593280.zip
    [0] Archivtyp: ZIP
    --> Rechnung.scr
        [FUND]      Ist das Trojanische Pferd TR/Rogue.957311
        [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden

Beginne mit der Desinfektion:
C:\Users\Dell\Downloads\*** MAHNUNG www.sanicare.de 19593280.zip
  [FUND]      Ist das Trojanische Pferd TR/Rogue.957311
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '565f84c6.qua' verschoben!


Ende des Suchlaufs: Montag, 22. April 2013  14:01
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
      3 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
      2 Dateien ohne Befall
      1 Archive wurden durchsucht
      1 Warnungen
      1 Hinweise
         
Viele Grüße
__________________

Alt 24.04.2013, 13:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.04.2013, 16:00   #5
alder
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Hallo,

zuerst Malwarebites Antirootkit:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dell :: DELL-PC [administrator]

24.04.2013 16:34:31
mbar-log-2013-04-24 (16-34-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 40852
Time elapsed: 9 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
jetzt aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-24 16:38:54
-----------------------------
16:38:54.606    OS Version: Windows x64 6.1.7601 Service Pack 1
16:38:54.606    Number of processors: 4 586 0x2A07
16:38:54.607    ComputerName: DELL-PC  UserName: Dell
16:38:56.143    Initialize success
16:44:03.865    AVAST engine defs: 13042400
16:44:16.247    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:44:16.249    Disk 0 Vendor: Hitachi_ JF3O Size: 476940MB BusType: 3
16:44:17.518    Disk 0 MBR read successfully
16:44:17.524    Disk 0 MBR scan
16:44:17.535    Disk 0 Windows 7 default MBR code
16:44:17.700    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      100 MB offset 2048
16:44:17.827    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        20000 MB offset 206848
16:44:17.908    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       456838 MB offset 41166848
16:44:19.785    Disk 0 scanning C:\windows\system32\drivers
16:47:11.563    Service scanning
16:47:37.786    Modules scanning
16:47:37.802    Disk 0 trace - called modules:
16:47:37.924    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll 
16:47:37.952    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a72060]
16:47:37.962    3 CLASSPNP.SYS[fffff88001a2c43f] -> nt!IofCallDriver -> [0xfffffa8004906890]
16:47:37.974    5 stdcfltn.sys[fffff880016d5c52] -> nt!IofCallDriver -> [0xfffffa800449f800]
16:47:37.981    7 ACPI.sys[fffff88000f067a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044a5050]
16:47:39.021    AVAST engine scan C:\windows
16:49:25.295    Disk 0 MBR has been saved successfully to "C:\Users\Dell\Desktop\MBR.dat"
16:49:25.314    The log file has been saved successfully to "C:\Users\Dell\Desktop\aswMBR.txt"
         
und zum Schluss tdsskiller:
Code:
ATTFilter
16:52:25.0271 2920  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:52:25.0419 2920  ============================================================
16:52:25.0419 2920  Current date / time: 2013/04/24 16:52:25.0419
16:52:25.0419 2920  SystemInfo:
16:52:25.0419 2920  
16:52:25.0419 2920  OS Version: 6.1.7601 ServicePack: 1.0
16:52:25.0419 2920  Product type: Workstation
16:52:25.0419 2920  ComputerName: DELL-PC
16:52:25.0419 2920  UserName: Dell
16:52:25.0419 2920  Windows directory: C:\windows
16:52:25.0419 2920  System windows directory: C:\windows
16:52:25.0419 2920  Running under WOW64
16:52:25.0419 2920  Processor architecture: Intel x64
16:52:25.0419 2920  Number of processors: 4
16:52:25.0419 2920  Page size: 0x1000
16:52:25.0419 2920  Boot type: Normal boot
16:52:25.0419 2920  ============================================================
16:52:25.0895 2920  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:52:25.0899 2920  ============================================================
16:52:25.0899 2920  \Device\Harddisk0\DR0:
16:52:25.0899 2920  MBR partitions:
16:52:25.0899 2920  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2710000
16:52:25.0899 2920  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030
16:52:25.0899 2920  ============================================================
16:52:25.0938 2920  C: <-> \Device\Harddisk0\DR0\Partition2
16:52:25.0938 2920  ============================================================
16:52:25.0938 2920  Initialize success
16:52:25.0938 2920  ============================================================
16:53:21.0902 4472  ============================================================
16:53:21.0902 4472  Scan started
16:53:21.0902 4472  Mode: Manual; SigCheck; TDLFS; 
16:53:21.0902 4472  ============================================================
16:53:22.0077 4472  ================ Scan system memory ========================
16:53:22.0077 4472  System memory - ok
16:53:22.0077 4472  ================ Scan services =============================
16:53:22.0290 4472  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:53:22.0532 4472  1394ohci - ok
16:53:22.0560 4472  [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler         C:\windows\system32\DRIVERS\Accelern.sys
16:53:22.0605 4472  Acceler - ok
16:53:22.0640 4472  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:53:22.0668 4472  ACPI - ok
16:53:22.0686 4472  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:53:22.0782 4472  AcpiPmi - ok
16:53:22.0856 4472  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:53:22.0882 4472  AdobeARMservice - ok
16:53:22.0985 4472  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:53:23.0017 4472  AdobeFlashPlayerUpdateSvc - ok
16:53:23.0058 4472  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
16:53:23.0091 4472  adp94xx - ok
16:53:23.0533 4472  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
16:53:23.0557 4472  adpahci - ok
16:53:23.0683 4472  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
16:53:23.0715 4472  adpu320 - ok
16:53:23.0749 4472  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:53:23.0923 4472  AeLookupSvc - ok
16:53:24.0011 4472  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
16:53:24.0117 4472  AESTFilters - ok
16:53:24.0166 4472  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
16:53:24.0282 4472  AFD - ok
16:53:24.0318 4472  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
16:53:24.0345 4472  agp440 - ok
16:53:24.0382 4472  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
16:53:24.0457 4472  ALG - ok
16:53:24.0492 4472  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
16:53:24.0501 4472  aliide - ok
16:53:24.0535 4472  [ CA52F07AB224527F0E2AFF987A4DEAAE ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:53:24.0660 4472  AMD External Events Utility - ok
16:53:24.0686 4472  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
16:53:24.0711 4472  amdide - ok
16:53:24.0782 4472  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
16:53:24.0862 4472  AmdK8 - ok
16:53:25.0113 4472  [ 5752679DF26FFF6F87E8EE7318F4931D ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
16:53:25.0387 4472  amdkmdag - ok
16:53:25.0452 4472  [ 0F010003B8032DDB4E5A4DFC37D6FDBD ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
16:53:25.0514 4472  amdkmdap - ok
16:53:25.0539 4472  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
16:53:25.0601 4472  AmdPPM - ok
16:53:25.0646 4472  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:53:25.0676 4472  amdsata - ok
16:53:25.0697 4472  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
16:53:25.0709 4472  amdsbs - ok
16:53:25.0722 4472  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:53:25.0736 4472  amdxata - ok
16:53:25.0776 4472  [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPAL          C:\windows\system32\DRIVERS\AMPPAL.sys
16:53:25.0863 4472  AMPPAL - ok
16:53:25.0877 4472  [ 3BC90482A834F998C3B7A9C934A20342 ] AMPPALP         C:\windows\system32\DRIVERS\amppal.sys
16:53:25.0895 4472  AMPPALP - ok
16:53:25.0975 4472  [ A47D7FEBD9381D34DDB4FF38B15A67FE ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:53:26.0001 4472  AMPPALR3 - ok
16:53:26.0076 4472  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:53:26.0099 4472  AntiVirSchedulerService - ok
16:53:26.0117 4472  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:53:26.0126 4472  AntiVirService - ok
16:53:26.0158 4472  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
16:53:26.0322 4472  AppID - ok
16:53:26.0344 4472  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:53:26.0418 4472  AppIDSvc - ok
16:53:26.0454 4472  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll
16:53:26.0532 4472  Appinfo - ok
16:53:26.0576 4472  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
16:53:26.0602 4472  arc - ok
16:53:26.0615 4472  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
16:53:26.0625 4472  arcsas - ok
16:53:26.0717 4472  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:53:26.0751 4472  aspnet_state - ok
16:53:26.0774 4472  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:53:26.0861 4472  AsyncMac - ok
16:53:26.0896 4472  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
16:53:26.0906 4472  atapi - ok
16:53:26.0975 4472  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:53:27.0074 4472  AudioEndpointBuilder - ok
16:53:27.0084 4472  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:53:27.0121 4472  AudioSrv - ok
16:53:27.0233 4472  [ F431DC5D94F4B2FDBC927655D8A9B10E ] Autodesk Content Service C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
16:53:27.0264 4472  Autodesk Content Service - ok
16:53:27.0317 4472  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
16:53:27.0342 4472  avgntflt - ok
16:53:27.0369 4472  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
16:53:27.0379 4472  avipbb - ok
16:53:27.0399 4472  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
16:53:27.0407 4472  avkmgr - ok
16:53:27.0442 4472  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:53:27.0567 4472  AxInstSV - ok
16:53:27.0612 4472  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
16:53:27.0691 4472  b06bdrv - ok
16:53:27.0721 4472  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:53:27.0784 4472  b57nd60a - ok
16:53:27.0846 4472  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
16:53:27.0936 4472  BDESVC - ok
16:53:27.0963 4472  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
16:53:28.0065 4472  Beep - ok
16:53:28.0108 4472  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
16:53:28.0210 4472  BFE - ok
16:53:28.0249 4472  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
16:53:28.0364 4472  BITS - ok
16:53:28.0396 4472  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:53:28.0439 4472  blbdrive - ok
16:53:28.0536 4472  [ 6D625A18DDFCD0464B914B71293AD837 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
16:53:28.0573 4472  Bluetooth Device Monitor - ok
16:53:28.0613 4472  [ 74B2BF80D966CFE8BC8005D19E40608D ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
16:53:28.0663 4472  Bluetooth Media Service - ok
16:53:28.0720 4472  [ 707BF27D30ADAB7798C69D5BF41C7131 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
16:53:28.0757 4472  Bluetooth OBEX Service - ok
16:53:28.0785 4472  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:53:28.0869 4472  bowser - ok
16:53:28.0905 4472  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
16:53:28.0958 4472  BrFiltLo - ok
16:53:28.0985 4472  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
16:53:29.0040 4472  BrFiltUp - ok
16:53:29.0100 4472  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
16:53:29.0141 4472  Browser - ok
16:53:29.0174 4472  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:53:29.0260 4472  Brserid - ok
16:53:29.0282 4472  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:53:29.0337 4472  BrSerWdm - ok
16:53:29.0375 4472  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:53:29.0431 4472  BrUsbMdm - ok
16:53:29.0454 4472  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:53:29.0486 4472  BrUsbSer - ok
16:53:29.0531 4472  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
16:53:29.0611 4472  BthEnum - ok
16:53:29.0650 4472  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
16:53:29.0702 4472  BTHMODEM - ok
16:53:29.0724 4472  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:53:29.0799 4472  BthPan - ok
16:53:29.0847 4472  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
16:53:29.0946 4472  BTHPORT - ok
16:53:29.0982 4472  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
16:53:30.0015 4472  bthserv - ok
16:53:30.0038 4472  [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:53:30.0048 4472  BTHSSecurityMgr - ok
16:53:30.0079 4472  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
16:53:30.0131 4472  BTHUSB - ok
16:53:30.0175 4472  [ 3676BEAA7D842047D30E95D59B241F22 ] btmaux          C:\windows\system32\DRIVERS\btmaux.sys
16:53:30.0243 4472  btmaux - ok
16:53:30.0290 4472  [ FA0E7B5AFB8FD335234916764A2D6CF9 ] btmhsf          C:\windows\system32\DRIVERS\btmhsf.sys
16:53:30.0368 4472  btmhsf - ok
16:53:30.0403 4472  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:53:30.0492 4472  cdfs - ok
16:53:30.0527 4472  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:53:30.0580 4472  cdrom - ok
16:53:30.0621 4472  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
16:53:30.0706 4472  CertPropSvc - ok
16:53:30.0755 4472  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
16:53:30.0768 4472  circlass - ok
16:53:30.0787 4472  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
16:53:30.0803 4472  CLFS - ok
16:53:30.0854 4472  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:30.0865 4472  clr_optimization_v2.0.50727_32 - ok
16:53:30.0884 4472  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:53:30.0893 4472  clr_optimization_v2.0.50727_64 - ok
16:53:30.0967 4472  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:30.0990 4472  clr_optimization_v4.0.30319_32 - ok
16:53:31.0012 4472  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:53:31.0047 4472  clr_optimization_v4.0.30319_64 - ok
16:53:31.0067 4472  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:53:31.0192 4472  CmBatt - ok
16:53:31.0227 4472  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:53:31.0249 4472  cmdide - ok
16:53:31.0307 4472  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
16:53:31.0371 4472  CNG - ok
16:53:31.0405 4472  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
16:53:31.0431 4472  Compbatt - ok
16:53:31.0446 4472  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
16:53:31.0500 4472  CompositeBus - ok
16:53:31.0524 4472  COMSysApp - ok
16:53:31.0544 4472  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
16:53:31.0570 4472  crcdisk - ok
16:53:31.0635 4472  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:53:31.0754 4472  CryptSvc - ok
16:53:31.0799 4472  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\windows\system32\DRIVERS\CtClsFlt.sys
16:53:31.0884 4472  CtClsFlt - ok
16:53:31.0932 4472  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:53:32.0018 4472  DcomLaunch - ok
16:53:32.0057 4472  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
16:53:32.0138 4472  defragsvc - ok
16:53:32.0176 4472  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:53:32.0262 4472  DfsC - ok
16:53:32.0309 4472  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
16:53:32.0403 4472  Dhcp - ok
16:53:32.0423 4472  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
16:53:32.0507 4472  discache - ok
16:53:32.0561 4472  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
16:53:32.0589 4472  Disk - ok
16:53:32.0626 4472  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:53:32.0699 4472  Dnscache - ok
16:53:32.0723 4472  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
16:53:32.0805 4472  dot3svc - ok
16:53:32.0881 4472  [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost          C:\Program Files\DigitalPersona\Bin\DpHostW.exe
16:53:32.0912 4472  DpHost - ok
16:53:32.0926 4472  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
16:53:32.0984 4472  DPS - ok
16:53:33.0021 4472  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:53:33.0072 4472  drmkaud - ok
16:53:33.0101 4472  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:53:33.0130 4472  DXGKrnl - ok
16:53:33.0148 4472  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
16:53:33.0199 4472  EapHost - ok
16:53:33.0296 4472  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
16:53:33.0375 4472  ebdrv - ok
16:53:33.0413 4472  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
16:53:33.0521 4472  EFS - ok
16:53:33.0582 4472  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:53:33.0664 4472  ehRecvr - ok
16:53:33.0677 4472  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
16:53:33.0722 4472  ehSched - ok
16:53:33.0783 4472  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
16:53:33.0817 4472  elxstor - ok
16:53:33.0829 4472  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:53:33.0862 4472  ErrDev - ok
16:53:33.0909 4472  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
16:53:33.0999 4472  EventSystem - ok
16:53:34.0097 4472  [ B20A788579E443F768AAB1A24F705D0A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:53:34.0135 4472  EvtEng - ok
16:53:34.0160 4472  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
16:53:34.0214 4472  exfat - ok
16:53:34.0226 4472  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:53:34.0281 4472  fastfat - ok
16:53:34.0341 4472  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
16:53:34.0435 4472  Fax - ok
16:53:34.0462 4472  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
16:53:34.0513 4472  fdc - ok
16:53:34.0568 4472  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
16:53:34.0633 4472  fdPHost - ok
16:53:34.0642 4472  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
16:53:34.0694 4472  FDResPub - ok
16:53:34.0729 4472  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:53:34.0740 4472  FileInfo - ok
16:53:34.0759 4472  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:53:34.0862 4472  Filetrace - ok
16:53:34.0959 4472  [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:53:35.0001 4472  FLEXnet Licensing Service 64 - ok
16:53:35.0018 4472  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
16:53:35.0029 4472  flpydisk - ok
16:53:35.0059 4472  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:53:35.0080 4472  FltMgr - ok
16:53:35.0127 4472  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
16:53:35.0251 4472  FontCache - ok
16:53:35.0294 4472  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:53:35.0316 4472  FontCache3.0.0.0 - ok
16:53:35.0332 4472  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:53:35.0346 4472  FsDepends - ok
16:53:35.0369 4472  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:53:35.0379 4472  Fs_Rec - ok
16:53:35.0409 4472  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:53:35.0437 4472  fvevol - ok
16:53:35.0462 4472  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
16:53:35.0472 4472  gagp30kx - ok
16:53:35.0503 4472  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
16:53:35.0546 4472  gpsvc - ok
16:53:35.0611 4472  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:53:35.0635 4472  gupdate - ok
16:53:35.0641 4472  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:53:35.0649 4472  gupdatem - ok
16:53:35.0686 4472  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:53:35.0755 4472  hcw85cir - ok
16:53:35.0778 4472  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:53:35.0834 4472  HdAudAddService - ok
16:53:35.0867 4472  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
16:53:35.0920 4472  HDAudBus - ok
16:53:35.0955 4472  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
16:53:36.0008 4472  HidBatt - ok
16:53:36.0035 4472  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
16:53:36.0090 4472  HidBth - ok
16:53:36.0121 4472  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
16:53:36.0152 4472  HidIr - ok
16:53:36.0174 4472  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
16:53:36.0226 4472  hidserv - ok
16:53:36.0254 4472  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:53:36.0264 4472  HidUsb - ok
16:53:36.0300 4472  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:53:36.0379 4472  hkmsvc - ok
16:53:36.0422 4472  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:53:36.0507 4472  HomeGroupListener - ok
16:53:36.0530 4472  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:53:36.0578 4472  HomeGroupProvider - ok
16:53:36.0619 4472  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:53:36.0648 4472  HpSAMD - ok
16:53:36.0673 4472  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:53:36.0759 4472  HTTP - ok
16:53:36.0797 4472  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:53:36.0806 4472  hwpolicy - ok
16:53:36.0821 4472  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
16:53:36.0833 4472  i8042prt - ok
16:53:36.0857 4472  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:53:36.0870 4472  iaStor - ok
16:53:36.0908 4472  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:53:36.0926 4472  IAStorDataMgrSvc - ok
16:53:36.0969 4472  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:53:36.0997 4472  iaStorV - ok
16:53:37.0008 4472  [ 653A38B868A5F20BB506AB57AC41B936 ] ibtfltcoex      C:\windows\system32\DRIVERS\iBtFltCoex.sys
16:53:37.0016 4472  ibtfltcoex - ok
16:53:37.0071 4472  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:53:37.0110 4472  idsvc - ok
16:53:37.0140 4472  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
16:53:37.0167 4472  iirsp - ok
16:53:37.0210 4472  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
16:53:37.0282 4472  IKEEXT - ok
16:53:37.0327 4472  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
16:53:37.0349 4472  intaud_WaveExtensible - ok
16:53:37.0398 4472  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
16:53:37.0474 4472  IntcDAud - ok
16:53:37.0504 4472  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
16:53:37.0529 4472  intelide - ok
16:53:37.0754 4472  [ 978D876A581D57E0DE6437674EB0014D ] intelkmd        C:\windows\system32\DRIVERS\igdpmd64.sys
16:53:38.0063 4472  intelkmd - ok
16:53:38.0102 4472  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:53:38.0155 4472  intelppm - ok
16:53:38.0203 4472  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:53:38.0294 4472  IPBusEnum - ok
16:53:38.0308 4472  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:53:38.0340 4472  IpFilterDriver - ok
16:53:38.0402 4472  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:53:38.0491 4472  iphlpsvc - ok
16:53:38.0533 4472  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:53:38.0589 4472  IPMIDRV - ok
16:53:38.0630 4472  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:53:38.0715 4472  IPNAT - ok
16:53:38.0757 4472  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:53:38.0791 4472  IRENUM - ok
16:53:38.0804 4472  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:53:38.0813 4472  isapnp - ok
16:53:38.0833 4472  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:53:38.0847 4472  iScsiPrt - ok
16:53:38.0887 4472  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\windows\system32\DRIVERS\iwdbus.sys
16:53:38.0908 4472  iwdbus - ok
16:53:38.0943 4472  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:53:38.0969 4472  kbdclass - ok
16:53:38.0979 4472  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:53:39.0027 4472  kbdhid - ok
16:53:39.0055 4472  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
16:53:39.0077 4472  KeyIso - ok
16:53:39.0115 4472  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:53:39.0140 4472  KSecDD - ok
16:53:39.0186 4472  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:53:39.0212 4472  KSecPkg - ok
16:53:39.0247 4472  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:53:39.0319 4472  ksthunk - ok
16:53:39.0368 4472  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
16:53:39.0456 4472  KtmRm - ok
16:53:39.0498 4472  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
16:53:39.0585 4472  LanmanServer - ok
16:53:39.0616 4472  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:53:39.0719 4472  LanmanWorkstation - ok
16:53:39.0754 4472  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:53:39.0849 4472  lltdio - ok
16:53:39.0902 4472  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:53:39.0973 4472  lltdsvc - ok
16:53:40.0000 4472  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:53:40.0087 4472  lmhosts - ok
16:53:40.0158 4472  [ 0803906D607A9B83184447B75B60ECC2 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:53:40.0192 4472  LMS - ok
16:53:40.0232 4472  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
16:53:40.0260 4472  LSI_FC - ok
16:53:40.0278 4472  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
16:53:40.0289 4472  LSI_SAS - ok
16:53:40.0304 4472  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
16:53:40.0314 4472  LSI_SAS2 - ok
16:53:40.0325 4472  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
16:53:40.0336 4472  LSI_SCSI - ok
16:53:40.0351 4472  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
16:53:40.0422 4472  luafv - ok
16:53:40.0483 4472  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
16:53:40.0504 4472  MBAMProtector - ok
16:53:40.0587 4472  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:53:40.0621 4472  MBAMScheduler - ok
16:53:40.0664 4472  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:53:40.0691 4472  MBAMService - ok
16:53:40.0722 4472  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:53:40.0769 4472  Mcx2Svc - ok
16:53:40.0805 4472  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
16:53:40.0830 4472  megasas - ok
16:53:40.0846 4472  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
16:53:40.0860 4472  MegaSR - ok
16:53:40.0912 4472  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
16:53:40.0933 4472  MEIx64 - ok
16:53:41.0080 4472  [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2013_64 C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
16:53:41.0090 4472  mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - warning
16:53:41.0090 4472  mi-raysat_3dsmax2013_64 - detected UnsignedFile.Multi.Generic (1)
16:53:41.0125 4472  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
16:53:41.0206 4472  MMCSS - ok
16:53:41.0242 4472  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
16:53:41.0323 4472  Modem - ok
16:53:41.0347 4472  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:53:41.0400 4472  monitor - ok
16:53:41.0421 4472  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:53:41.0437 4472  mouclass - ok
16:53:41.0454 4472  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:53:41.0468 4472  mouhid - ok
16:53:41.0492 4472  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:53:41.0519 4472  mountmgr - ok
16:53:41.0559 4472  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:53:41.0581 4472  MozillaMaintenance - ok
16:53:41.0599 4472  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
16:53:41.0611 4472  mpio - ok
16:53:41.0625 4472  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:53:41.0659 4472  mpsdrv - ok
16:53:41.0696 4472  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:53:41.0800 4472  MpsSvc - ok
16:53:41.0826 4472  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:53:41.0881 4472  MRxDAV - ok
16:53:41.0904 4472  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:53:41.0991 4472  mrxsmb - ok
16:53:42.0025 4472  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:53:42.0058 4472  mrxsmb10 - ok
16:53:42.0074 4472  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:53:42.0118 4472  mrxsmb20 - ok
16:53:42.0149 4472  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
16:53:42.0174 4472  msahci - ok
16:53:42.0196 4472  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:53:42.0208 4472  msdsm - ok
16:53:42.0221 4472  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
16:53:42.0266 4472  MSDTC - ok
16:53:42.0298 4472  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:53:42.0350 4472  Msfs - ok
16:53:42.0375 4472  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:53:42.0459 4472  mshidkmdf - ok
16:53:42.0482 4472  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:53:42.0491 4472  msisadrv - ok
16:53:42.0509 4472  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:53:42.0587 4472  MSiSCSI - ok
16:53:42.0590 4472  msiserver - ok
16:53:42.0627 4472  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:53:42.0678 4472  MSKSSRV - ok
16:53:42.0705 4472  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:53:42.0770 4472  MSPCLOCK - ok
16:53:42.0796 4472  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:53:42.0880 4472  MSPQM - ok
16:53:42.0909 4472  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:53:42.0925 4472  MsRPC - ok
16:53:42.0935 4472  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
16:53:42.0944 4472  mssmbios - ok
16:53:42.0974 4472  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:53:43.0041 4472  MSTEE - ok
16:53:43.0061 4472  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
16:53:43.0104 4472  MTConfig - ok
16:53:43.0128 4472  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
16:53:43.0139 4472  Mup - ok
16:53:43.0172 4472  [ F217D7718FD7577AF331E89910B2D21E ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:53:43.0206 4472  MyWiFiDHCPDNS - ok
16:53:43.0241 4472  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
16:53:43.0331 4472  napagent - ok
16:53:43.0415 4472  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:53:43.0465 4472  NativeWifiP - ok
16:53:43.0545 4472  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:53:43.0592 4472  NDIS - ok
16:53:43.0618 4472  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:53:43.0697 4472  NdisCap - ok
16:53:43.0730 4472  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:53:43.0812 4472  NdisTapi - ok
16:53:43.0845 4472  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:53:43.0885 4472  Ndisuio - ok
16:53:43.0913 4472  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:53:43.0993 4472  NdisWan - ok
16:53:44.0018 4472  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:53:44.0051 4472  NDProxy - ok
16:53:44.0069 4472  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:53:44.0145 4472  NetBIOS - ok
16:53:44.0174 4472  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:53:44.0208 4472  NetBT - ok
16:53:44.0222 4472  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
16:53:44.0232 4472  Netlogon - ok
16:53:44.0269 4472  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
16:53:44.0353 4472  Netman - ok
16:53:44.0385 4472  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:44.0414 4472  NetMsmqActivator - ok
16:53:44.0422 4472  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:44.0436 4472  NetPipeActivator - ok
16:53:44.0453 4472  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
16:53:44.0532 4472  netprofm - ok
16:53:44.0536 4472  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:44.0545 4472  NetTcpActivator - ok
16:53:44.0550 4472  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:53:44.0559 4472  NetTcpPortSharing - ok
16:53:44.0757 4472  [ 9FD1BE1881446D954FF77244AE58FBCB ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
16:53:45.0000 4472  NETwNs64 - ok
16:53:45.0048 4472  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
16:53:45.0072 4472  nfrd960 - ok
16:53:45.0130 4472  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:53:45.0180 4472  NlaSvc - ok
16:53:45.0207 4472  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:53:45.0260 4472  Npfs - ok
16:53:45.0279 4472  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
16:53:45.0312 4472  nsi - ok
16:53:45.0321 4472  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:53:45.0353 4472  nsiproxy - ok
16:53:45.0428 4472  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:53:45.0477 4472  Ntfs - ok
16:53:45.0497 4472  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
16:53:45.0529 4472  Null - ok
16:53:45.0563 4472  [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
16:53:45.0589 4472  nusb3hub - ok
16:53:45.0627 4472  [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
16:53:45.0668 4472  nusb3xhc - ok
16:53:45.0710 4472  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:53:45.0740 4472  nvraid - ok
16:53:45.0756 4472  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:53:45.0768 4472  nvstor - ok
16:53:45.0798 4472  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:53:45.0827 4472  nv_agp - ok
16:53:45.0846 4472  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:53:45.0888 4472  ohci1394 - ok
16:53:45.0937 4472  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:53:45.0985 4472  p2pimsvc - ok
16:53:46.0005 4472  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
16:53:46.0023 4472  p2psvc - ok
16:53:46.0046 4472  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
16:53:46.0073 4472  Parport - ok
16:53:46.0098 4472  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:53:46.0107 4472  partmgr - ok
16:53:46.0127 4472  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:53:46.0188 4472  PcaSvc - ok
16:53:46.0227 4472  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
16:53:46.0257 4472  pci - ok
16:53:46.0267 4472  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
16:53:46.0277 4472  pciide - ok
16:53:46.0298 4472  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
16:53:46.0311 4472  pcmcia - ok
16:53:46.0329 4472  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
16:53:46.0339 4472  pcw - ok
16:53:46.0362 4472  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:53:46.0423 4472  PEAUTH - ok
16:53:46.0535 4472  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:53:46.0590 4472  PerfHost - ok
16:53:46.0672 4472  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
16:53:46.0728 4472  pla - ok
16:53:46.0768 4472  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:53:46.0854 4472  PlugPlay - ok
16:53:46.0875 4472  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:53:46.0917 4472  PNRPAutoReg - ok
16:53:46.0953 4472  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:53:46.0983 4472  PNRPsvc - ok
16:53:47.0018 4472  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:53:47.0113 4472  PolicyAgent - ok
16:53:47.0145 4472  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\windows\system32\umpo.dll
16:53:47.0218 4472  Power - ok
16:53:47.0259 4472  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:53:47.0352 4472  PptpMiniport - ok
16:53:47.0377 4472  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
16:53:47.0419 4472  Processor - ok
16:53:47.0474 4472  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
16:53:47.0552 4472  ProfSvc - ok
16:53:47.0565 4472  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:53:47.0585 4472  ProtectedStorage - ok
16:53:47.0607 4472  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:53:47.0683 4472  Psched - ok
16:53:47.0724 4472  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
16:53:47.0747 4472  PxHlpa64 - ok
16:53:47.0809 4472  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
16:53:47.0849 4472  ql2300 - ok
16:53:47.0886 4472  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
16:53:47.0912 4472  ql40xx - ok
16:53:47.0939 4472  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
16:53:47.0976 4472  QWAVE - ok
16:53:47.0991 4472  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:53:48.0029 4472  QWAVEdrv - ok
16:53:48.0067 4472  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:53:48.0141 4472  RasAcd - ok
16:53:48.0183 4472  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:53:48.0233 4472  RasAgileVpn - ok
16:53:48.0257 4472  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
16:53:48.0344 4472  RasAuto - ok
16:53:48.0367 4472  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:53:48.0400 4472  Rasl2tp - ok
16:53:48.0423 4472  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
16:53:48.0460 4472  RasMan - ok
16:53:48.0469 4472  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:53:48.0507 4472  RasPppoe - ok
16:53:48.0528 4472  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:53:48.0613 4472  RasSstp - ok
16:53:48.0652 4472  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:53:48.0734 4472  rdbss - ok
16:53:48.0759 4472  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
16:53:48.0772 4472  rdpbus - ok
16:53:48.0798 4472  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:53:48.0834 4472  RDPCDD - ok
16:53:48.0845 4472  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:53:48.0918 4472  RDPENCDD - ok
16:53:48.0944 4472  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:53:48.0976 4472  RDPREFMP - ok
16:53:49.0034 4472  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
16:53:49.0102 4472  RdpVideoMiniport - ok
16:53:49.0133 4472  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:53:49.0180 4472  RDPWD - ok
16:53:49.0209 4472  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:53:49.0235 4472  rdyboost - ok
16:53:49.0305 4472  [ B9A0810D16EA7935B10A5499ABA61DC3 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:53:49.0335 4472  RegSrvc - ok
16:53:49.0371 4472  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:53:49.0452 4472  RemoteAccess - ok
16:53:49.0499 4472  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:53:49.0581 4472  RemoteRegistry - ok
16:53:49.0616 4472  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:53:49.0678 4472  RFCOMM - ok
16:53:49.0817 4472  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
16:53:49.0849 4472  RoxMediaDB12OEM - ok
16:53:49.0875 4472  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
16:53:49.0886 4472  RoxWatch12 - ok
16:53:49.0913 4472  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:53:49.0966 4472  RpcEptMapper - ok
16:53:49.0989 4472  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
16:53:50.0037 4472  RpcLocator - ok
16:53:50.0072 4472  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
16:53:50.0126 4472  RpcSs - ok
16:53:50.0146 4472  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:53:50.0179 4472  rspndr - ok
16:53:50.0225 4472  [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
16:53:50.0251 4472  RSUSBSTOR - ok
16:53:50.0298 4472  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
16:53:50.0325 4472  RTL8167 - ok
16:53:50.0329 4472  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
16:53:50.0342 4472  SamSs - ok
16:53:50.0356 4472  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:53:50.0366 4472  sbp2port - ok
16:53:50.0388 4472  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:53:50.0443 4472  SCardSvr - ok
16:53:50.0464 4472  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:53:50.0536 4472  scfilter - ok
16:53:50.0582 4472  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
16:53:50.0683 4472  Schedule - ok
16:53:50.0714 4472  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:53:50.0745 4472  SCPolicySvc - ok
16:53:50.0769 4472  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:53:50.0848 4472  SDRSVC - ok
16:53:50.0871 4472  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:53:50.0953 4472  secdrv - ok
16:53:50.0978 4472  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
16:53:51.0067 4472  seclogon - ok
16:53:51.0117 4472  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
16:53:51.0195 4472  SENS - ok
16:53:51.0230 4472  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:53:51.0296 4472  SensrSvc - ok
16:53:51.0315 4472  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
16:53:51.0357 4472  Serenum - ok
16:53:51.0402 4472  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
16:53:51.0458 4472  Serial - ok
16:53:51.0493 4472  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
16:53:51.0523 4472  sermouse - ok
16:53:51.0560 4472  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
16:53:51.0642 4472  SessionEnv - ok
16:53:51.0662 4472  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:53:51.0711 4472  sffdisk - ok
16:53:51.0739 4472  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:53:51.0795 4472  sffp_mmc - ok
16:53:51.0826 4472  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:53:51.0881 4472  sffp_sd - ok
16:53:51.0909 4472  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
16:53:51.0938 4472  sfloppy - ok
16:53:51.0986 4472  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:53:52.0069 4472  SharedAccess - ok
16:53:52.0116 4472  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:53:52.0208 4472  ShellHWDetection - ok
16:53:52.0281 4472  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
16:53:52.0308 4472  SiSRaid2 - ok
16:53:52.0323 4472  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
16:53:52.0334 4472  SiSRaid4 - ok
16:53:52.0404 4472  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:53:52.0429 4472  SkypeUpdate - ok
16:53:52.0454 4472  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:53:52.0542 4472  Smb - ok
16:53:52.0582 4472  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:53:52.0605 4472  SNMPTRAP - ok
16:53:52.0616 4472  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
16:53:52.0628 4472  spldr - ok
16:53:52.0672 4472  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
16:53:52.0748 4472  Spooler - ok
16:53:52.0853 4472  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
16:53:52.0985 4472  sppsvc - ok
16:53:53.0006 4472  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:53:53.0040 4472  sppuinotify - ok
16:53:53.0065 4472  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
16:53:53.0141 4472  srv - ok
16:53:53.0162 4472  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:53:53.0210 4472  srv2 - ok
16:53:53.0259 4472  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:53:53.0283 4472  srvnet - ok
16:53:53.0305 4472  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:53:53.0388 4472  SSDPSRV - ok
16:53:53.0413 4472  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:53:53.0447 4472  SstpSvc - ok
16:53:53.0488 4472  [ 7BF818B11C1FEDC3E76D233124470A30 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
16:53:53.0546 4472  STacSV - ok
16:53:53.0594 4472  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\windows\system32\DRIVERS\stdcfltn.sys
16:53:53.0615 4472  stdcfltn - ok
16:53:53.0642 4472  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
16:53:53.0667 4472  stexstor - ok
16:53:53.0713 4472  [ EBC1A5E076A9BE314D3D9E8ED19ABB0A ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
16:53:53.0756 4472  STHDA - ok
16:53:53.0813 4472  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
16:53:53.0894 4472  stisvc - ok
16:53:53.0959 4472  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:53:53.0981 4472  stllssvr - ok
16:53:54.0004 4472  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
16:53:54.0028 4472  swenum - ok
16:53:54.0051 4472  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
16:53:54.0159 4472  swprv - ok
16:53:54.0239 4472  [ 09E811486038F1C06F9E00DFFAAB7A4E ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:53:54.0288 4472  SynTP - ok
16:53:54.0332 4472  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
16:53:54.0410 4472  SysMain - ok
16:53:54.0440 4472  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:53:54.0474 4472  TabletInputService - ok
16:53:54.0491 4472  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
16:53:54.0528 4472  TapiSrv - ok
16:53:54.0545 4472  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
16:53:54.0578 4472  TBS - ok
16:53:54.0660 4472  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:53:54.0705 4472  Tcpip - ok
16:53:54.0737 4472  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:53:54.0773 4472  TCPIP6 - ok
16:53:54.0811 4472  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:53:54.0839 4472  tcpipreg - ok
16:53:54.0859 4472  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:53:54.0929 4472  TDPIPE - ok
16:53:54.0962 4472  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:53:55.0014 4472  TDTCP - ok
16:53:55.0040 4472  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:53:55.0095 4472  tdx - ok
16:53:55.0111 4472  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
16:53:55.0120 4472  TermDD - ok
16:53:55.0160 4472  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
16:53:55.0204 4472  TermService - ok
16:53:55.0219 4472  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
16:53:55.0236 4472  Themes - ok
16:53:55.0259 4472  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
16:53:55.0292 4472  THREADORDER - ok
16:53:55.0314 4472  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
16:53:55.0394 4472  TrkWks - ok
16:53:55.0454 4472  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:53:55.0515 4472  TrustedInstaller - ok
16:53:55.0538 4472  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:53:55.0608 4472  tssecsrv - ok
16:53:55.0642 4472  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:53:55.0706 4472  TsUsbFlt - ok
16:53:55.0732 4472  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
16:53:55.0749 4472  TsUsbGD - ok
16:53:55.0788 4472  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:53:55.0870 4472  tunnel - ok
16:53:55.0895 4472  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
16:53:55.0908 4472  uagp35 - ok
16:53:55.0927 4472  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:53:55.0999 4472  udfs - ok
16:53:56.0043 4472  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:53:56.0072 4472  UI0Detect - ok
16:53:56.0100 4472  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:53:56.0127 4472  uliagpkx - ok
16:53:56.0151 4472  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
16:53:56.0193 4472  umbus - ok
16:53:56.0217 4472  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
16:53:56.0248 4472  UmPass - ok
16:53:56.0375 4472  [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:53:56.0450 4472  UNS - ok
16:53:56.0482 4472  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
16:53:56.0566 4472  upnphost - ok
16:53:56.0593 4472  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:53:56.0676 4472  usbccgp - ok
16:53:56.0693 4472  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:53:56.0710 4472  usbcir - ok
16:53:56.0724 4472  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
16:53:56.0761 4472  usbehci - ok
16:53:56.0806 4472  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:53:56.0864 4472  usbhub - ok
16:53:56.0901 4472  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:53:56.0943 4472  usbohci - ok
16:53:56.0984 4472  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:53:57.0032 4472  usbprint - ok
16:53:57.0069 4472  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
16:53:57.0102 4472  usbscan - ok
16:53:57.0121 4472  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:53:57.0215 4472  USBSTOR - ok
16:53:57.0236 4472  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:53:57.0269 4472  usbuhci - ok
16:53:57.0320 4472  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
16:53:57.0382 4472  usbvideo - ok
16:53:57.0415 4472  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
16:53:57.0495 4472  UxSms - ok
16:53:57.0515 4472  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
16:53:57.0525 4472  VaultSvc - ok
16:53:57.0605 4472  [ 8C51E58D59CBF2639832484EC9ED8DDA ] vcsFPService    C:\Windows\system32\vcsFPService.exe
16:53:57.0672 4472  vcsFPService - ok
16:53:57.0681 4472  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:53:57.0690 4472  vdrvroot - ok
16:53:57.0716 4472  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
16:53:57.0791 4472  vds - ok
16:53:57.0833 4472  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:53:57.0887 4472  vga - ok
16:53:57.0916 4472  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
16:53:57.0949 4472  VgaSave - ok
16:53:57.0970 4472  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:53:57.0983 4472  vhdmp - ok
16:53:57.0993 4472  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
16:53:58.0002 4472  viaide - ok
16:53:58.0026 4472  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:53:58.0036 4472  volmgr - ok
16:53:58.0055 4472  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:53:58.0070 4472  volmgrx - ok
16:53:58.0090 4472  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:53:58.0104 4472  volsnap - ok
16:53:58.0130 4472  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
16:53:58.0147 4472  vsmraid - ok
16:53:58.0209 4472  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
16:53:58.0293 4472  VSS - ok
16:53:58.0324 4472  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:53:58.0381 4472  vwifibus - ok
16:53:58.0406 4472  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:53:58.0442 4472  vwififlt - ok
16:53:58.0467 4472  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:53:58.0502 4472  vwifimp - ok
16:53:58.0537 4472  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
16:53:58.0588 4472  W32Time - ok
16:53:58.0608 4472  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
16:53:58.0655 4472  WacomPen - ok
16:53:58.0702 4472  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:53:58.0784 4472  WANARP - ok
16:53:58.0787 4472  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:53:58.0818 4472  Wanarpv6 - ok
16:53:58.0881 4472  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:53:58.0913 4472  WatAdminSvc - ok
16:53:58.0971 4472  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
16:53:59.0063 4472  wbengine - ok
16:53:59.0086 4472  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:53:59.0116 4472  WbioSrvc - ok
16:53:59.0144 4472  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:53:59.0183 4472  wcncsvc - ok
16:53:59.0212 4472  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:53:59.0281 4472  WcsPlugInService - ok
16:53:59.0304 4472  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
16:53:59.0331 4472  Wd - ok
16:53:59.0386 4472  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:53:59.0416 4472  Wdf01000 - ok
16:53:59.0443 4472  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:53:59.0559 4472  WdiServiceHost - ok
16:53:59.0566 4472  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:53:59.0591 4472  WdiSystemHost - ok
16:53:59.0602 4472  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
16:53:59.0657 4472  WebClient - ok
16:53:59.0695 4472  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:53:59.0777 4472  Wecsvc - ok
16:53:59.0801 4472  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:53:59.0836 4472  wercplsupport - ok
16:53:59.0857 4472  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
16:53:59.0892 4472  WerSvc - ok
16:53:59.0902 4472  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:53:59.0934 4472  WfpLwf - ok
16:53:59.0963 4472  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:53:59.0980 4472  WIMMount - ok
16:54:00.0008 4472  WinDefend - ok
16:54:00.0014 4472  WinHttpAutoProxySvc - ok
16:54:00.0063 4472  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:54:00.0162 4472  Winmgmt - ok
16:54:00.0238 4472  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
16:54:00.0299 4472  WinRM - ok
16:54:00.0353 4472  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
16:54:00.0396 4472  WinUSB - ok
16:54:00.0443 4472  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
16:54:00.0527 4472  Wlansvc - ok
16:54:00.0569 4472  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:54:00.0592 4472  wlcrasvc - ok
16:54:00.0692 4472  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:54:00.0732 4472  wlidsvc - ok
16:54:00.0757 4472  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
16:54:00.0799 4472  WmiAcpi - ok
16:54:00.0846 4472  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:54:00.0907 4472  wmiApSrv - ok
16:54:00.0953 4472  WMPNetworkSvc - ok
16:54:00.0975 4472  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:54:01.0010 4472  WPCSvc - ok
16:54:01.0030 4472  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:54:01.0070 4472  WPDBusEnum - ok
16:54:01.0098 4472  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:54:01.0151 4472  ws2ifsl - ok
16:54:01.0168 4472  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
16:54:01.0217 4472  wscsvc - ok
16:54:01.0227 4472  WSearch - ok
16:54:01.0321 4472  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
16:54:01.0377 4472  wuauserv - ok
16:54:01.0413 4472  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:54:01.0488 4472  WudfPf - ok
16:54:01.0518 4472  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:54:01.0562 4472  WUDFRd - ok
16:54:01.0606 4472  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:54:01.0662 4472  wudfsvc - ok
16:54:01.0704 4472  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll
16:54:01.0743 4472  WwanSvc - ok
16:54:01.0760 4472  ================ Scan global ===============================
16:54:01.0783 4472  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:54:01.0826 4472  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:54:01.0843 4472  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:54:01.0871 4472  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:54:01.0892 4472  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:54:01.0902 4472  [Global] - ok
16:54:01.0904 4472  ================ Scan MBR ==================================
16:54:01.0918 4472  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:54:02.0371 4472  \Device\Harddisk0\DR0 - ok
16:54:02.0372 4472  ================ Scan VBR ==================================
16:54:02.0411 4472  [ 45A5ECABE538EF4D16A872BC9AA46E20 ] \Device\Harddisk0\DR0\Partition1
16:54:02.0415 4472  \Device\Harddisk0\DR0\Partition1 - ok
16:54:02.0433 4472  [ 98DC1CDFF4AB0E27F5BFEF327D5B9724 ] \Device\Harddisk0\DR0\Partition2
16:54:02.0437 4472  \Device\Harddisk0\DR0\Partition2 - ok
16:54:02.0438 4472  ============================================================
16:54:02.0438 4472  Scan finished
16:54:02.0438 4472  ============================================================
16:54:02.0458 5828  Detected object count: 1
16:54:02.0458 5828  Actual detected object count: 1
16:54:42.0245 5828  mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0245 5828  mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:54:56.0081 4888  Deinitialize success
         
warte auf weiter Anweisungen


Alt 24.04.2013, 20:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Zitat:
mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic )
Ich will jetzt nicht sagen, dass das schädlich ist, aber das gehört ja zu 3ds Max von Autodesk.
Was machst du denn mit dieser teuren Software, auf einem privaten (?) PC?
__________________
--> Zip Anhang mit TR/Roque.957311 geöffnet

Alt 25.04.2013, 10:51   #7
alder
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Zitat:
Ich will jetzt nicht sagen, dass das schädlich ist, aber das gehört ja zu 3ds Max von Autodesk.
Was machst du denn mit dieser teuren Software, auf einem privaten (?) PC?
Dies ist eine sogenannte Home-use-licence die einem als Autodesk-Kunde pro regulärer Lizenz einmalig zur Verfügung steht, wenn man einen Subscription-Vertrag, der natürlich auch noch mal kostet, hat. Benutzen tu ich sie aber tatsächlich fast nie...

Aber ansonsten: heisst das jetzt, dass mein Laptop Trojanerfrei ist???

Viele Grüße

Alt 25.04.2013, 12:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.04.2013, 16:16   #9
alder
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



So, das ist nun auch durch.
Obwohl ich Antivir in der Taskleiste deaktiviert hatte, hat es sich 2 mal jeweils beim Erstellen des Wiederherstellungspunktes zu Wort gemeldet. unerlaubter Zugriff auf Regestry...

Code:
ATTFilter
ComboFix 13-04-25.01 - Dell 25.04.2013  17:04:36.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4003.1726 [GMT 2:00]
ausgeführt von:: c:\users\Dell\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\6032\AddOnDownloaded\07287f2e-4f82-4848-8132-7055ef322318.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2d5007b2-cc36-4b97-a231-d0c427a69035.dll
c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\75609d46-7fbb-40a8-a578-eec234c38e9a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\827ed839-f1a1-460d-82db-7790aaf0bceb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c870b857-9ba2-408a-b058-928ff7135168.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f04a4d58-1eb6-4e35-b4b4-db6bab11e49b.dll
c:\programdata\Roaming
c:\windows\Downloaded Program Files\IDropPTB.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-25 bis 2013-04-25  ))))))))))))))))))))))))))))))
.
.
2013-04-25 15:09 . 2013-04-25 15:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-22 12:09 . 2013-04-22 12:09	--------	d-----w-	c:\users\Dell\AppData\Roaming\Malwarebytes
2013-04-22 12:09 . 2013-04-22 12:09	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-22 12:09 . 2013-04-22 12:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-22 12:09 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-22 12:08 . 2013-04-22 12:08	--------	d-----w-	c:\users\Dell\AppData\Local\Programs
2013-04-22 11:53 . 2013-04-22 11:53	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6136AC0A-5EA2-4E60-893C-C49C88864E60}\offreg.dll
2013-04-22 11:43 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6136AC0A-5EA2-4E60-893C-C49C88864E60}\mpengine.dll
2013-04-22 11:41 . 2013-03-01 03:36	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-04-22 11:41 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-04-22 11:41 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-22 11:41 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-22 11:41 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-04-22 11:41 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-04-22 11:41 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-04-22 11:41 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-04-11 09:44 . 2013-04-11 09:44	--------	d-----w-	c:\users\Dell\AppData\Roaming\Buhl Data Service
2013-04-11 09:44 . 2013-04-11 09:44	--------	d-----w-	c:\users\Dell\AppData\Local\Buhl Data Service
2013-04-11 09:43 . 2013-04-11 09:44	--------	d-----w-	c:\users\Dell\AppData\Local\Buhl
2013-04-11 09:40 . 2013-04-20 08:03	--------	d-----w-	c:\program files (x86)\Steuer 2012
2013-04-11 09:39 . 2013-04-20 08:03	--------	d-----w-	c:\programdata\Buhl Data Service GmbH
2013-03-28 13:52 . 2013-03-28 13:52	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-28 13:52 . 2013-03-28 13:52	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-28 13:52 . 2013-03-28 13:52	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-01 17:58 . 2012-06-16 11:15	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-03-12 19:40 . 2012-05-30 03:59	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 19:40 . 2012-05-30 03:59	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2010-11-21 03:27	282744	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AviraSpeedup"="c:\program files (x86)\AviraSpeedup\AviraSpeedup.exe" [2012-11-05 4856296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-06 343168]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"Z1"="c:\users\Dell\Desktop\mbar-1.05.0.1001\mbar\mbar.exe" [2013-04-24 1398856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
3;3 MBAMProtector;MBAMProtector [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-30 1432400]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-15 340240]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-06 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-12-03 3143472]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-09-26 12309440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 10615902
*NewlyCreated* - ASWMBR
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - PXLDAPOD
*Deregistered* - 10615902
*Deregistered* - aswMBR
*Deregistered* - pxldapod
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 19:40]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 14:12]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 14:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-26 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-26 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-26 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-15 686704]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-15 1935120]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://web.de/
uLocal Page = c:\windows\system32\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\r4y2oheo.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-25  17:11:55
ComboFix-quarantined-files.txt  2013-04-25 15:11
.
Vor Suchlauf: 10 Verzeichnis(se), 354.040.713.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 354.709.827.584 Bytes frei
.
- - End Of File - - 26969C688D1DE392A208A9E1AAE40125
         

Alt 25.04.2013, 21:48   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2013, 15:57   #11
alder
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



So, hat alles ohne Fehlermeldung geklappt.

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dell on 26.04.2013 at 16:28:30,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.1049.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.1049.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Dell\AppData\Roaming\dvdvideosoftiehelpers"



~~~ FireFox

Emptied folder: C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\minidumps [204 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2013 at 16:32:22,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 26/04/2013 um 16:35:06 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dell - DELL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dell\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Dell\AppData\Roaming\DesktopIconForAmazon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\r4y2oheo.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [902 octets] - [26/04/2013 16:35:06]

########## EOF - C:\AdwCleaner[S1].txt - [961 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 26.04.2013 16:42:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,09% Memory free
7,82 Gb Paging File | 5,88 Gb Available in Paging File | 75,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 330,32 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
 
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dell\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
PRC - C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (mi-raysat_3dsmax2013_64) -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
IE - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\..\SearchScopes\{3D66E81A-7403-4C61-B2B7-2245EB226AAB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.5
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.05.30 06:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.17 10:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions
[2013.02.14 18:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions
[2013.01.03 20:26:08 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.09.27 16:50:04 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
[2013.02.14 18:55:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 16:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 16:54:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 18:11:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.25 17:09:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1716932777-2091039190-360034761-1000..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O7 - HKU\S-1-5-21-1716932777-2091039190-360034761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F154892-42A4-4EBD-AEDB-3D39BD955A2B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 16:31:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.26 16:28:27 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013.04.26 16:28:16 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.26 16:23:45 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dell\Desktop\JRT.exe
[2013.04.25 17:11:57 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013.04.25 17:02:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.04.25 17:02:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.04.25 17:02:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.04.25 17:02:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.25 17:01:48 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013.04.25 16:58:59 | 005,059,017 | R--- | C] (Swearware) -- C:\Users\Dell\Desktop\ComboFix.exe
[2013.04.24 16:52:00 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dell\Desktop\tdsskiller.exe
[2013.04.24 16:36:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Dell\Desktop\aswMBR.exe
[2013.04.24 16:21:44 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\mbar-1.05.0.1001
[2013.04.22 16:10:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013.04.22 14:09:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Malwarebytes
[2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.22 14:09:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.04.22 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.22 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Programs
[2013.04.22 13:42:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013.04.22 13:42:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.04.22 13:42:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.04.22 13:42:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013.04.22 13:42:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013.04.22 13:42:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.04.22 13:42:55 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013.04.22 13:42:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013.04.22 13:42:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.04.22 13:42:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013.04.22 13:42:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013.04.22 13:42:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013.04.22 13:42:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.04.22 13:42:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.04.22 13:42:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013.04.22 13:41:48 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013.04.22 13:41:16 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013.04.22 13:41:15 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013.04.22 13:41:15 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013.04.22 13:41:15 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smss.exe
[2013.04.22 13:41:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2013.04.22 13:41:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\apisetschema.dll
[2013.04.12 16:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 11:44:58 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Buhl Data Service
[2013.04.11 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl Data Service
[2013.04.11 11:43:48 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl
[2013.04.11 11:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2012
[2013.04.11 11:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steuer 2012
[2013.04.11 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2013.03.28 15:52:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.03.28 15:52:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.03.28 15:52:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 16:45:26 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 16:45:26 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 16:42:36 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.04.26 16:42:36 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.04.26 16:42:36 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.04.26 16:42:36 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.04.26 16:42:36 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.04.26 16:39:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.04.26 16:38:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 16:37:49 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 16:37:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.04.26 16:36:49 | 3148,214,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 16:26:50 | 000,619,461 | ---- | M] () -- C:\Users\Dell\Desktop\adwcleaner.exe
[2013.04.26 16:23:54 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dell\Desktop\JRT.exe
[2013.04.25 17:09:36 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013.04.25 16:59:23 | 005,059,017 | R--- | M] (Swearware) -- C:\Users\Dell\Desktop\ComboFix.exe
[2013.04.24 16:52:04 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dell\Desktop\tdsskiller.exe
[2013.04.24 16:49:25 | 000,000,512 | ---- | M] () -- C:\Users\Dell\Desktop\MBR.dat
[2013.04.24 16:38:10 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Dell\Desktop\aswMBR.exe
[2013.04.22 16:14:05 | 000,000,000 | ---- | M] () -- C:\Users\Dell\defogger_reenable
[2013.04.22 16:12:01 | 000,377,856 | ---- | M] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe
[2013.04.22 16:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013.04.22 16:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Dell\Desktop\Defogger.exe
[2013.04.22 14:09:37 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.22 13:49:30 | 000,456,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.04.20 10:03:53 | 000,000,590 | ---- | M] () -- C:\windows\wiso.ini
[2013.04.14 19:42:26 | 000,025,043 | ---- | M] () -- C:\Users\Dell\Desktop\heidelberg.odt
[2013.04.11 11:43:46 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2012.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.03.30 20:00:34 | 000,020,696 | ---- | M] () -- C:\Users\Dell\Desktop\Zählerstände.ods
[2013.03.28 15:52:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.03.28 15:52:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.03.28 15:52:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.26 16:26:45 | 000,619,461 | ---- | C] () -- C:\Users\Dell\Desktop\adwcleaner.exe
[2013.04.25 17:02:15 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.04.25 17:02:15 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.04.25 17:02:15 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.04.25 17:02:15 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.04.25 17:02:15 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.04.24 16:49:25 | 000,000,512 | ---- | C] () -- C:\Users\Dell\Desktop\MBR.dat
[2013.04.22 16:14:05 | 000,000,000 | ---- | C] () -- C:\Users\Dell\defogger_reenable
[2013.04.22 16:12:00 | 000,377,856 | ---- | C] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe
[2013.04.22 16:09:34 | 000,050,477 | ---- | C] () -- C:\Users\Dell\Desktop\Defogger.exe
[2013.04.22 14:09:37 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.11 11:43:49 | 000,000,590 | ---- | C] () -- C:\windows\wiso.ini
[2013.04.11 11:43:46 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2012.lnk
[2013.03.06 19:16:39 | 000,007,602 | ---- | C] () -- C:\Users\Dell\AppData\Local\Resmon.ResmonCfg
[2012.11.30 14:52:04 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.07.10 16:33:14 | 000,003,584 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.16 20:55:58 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll
[2012.05.30 08:21:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012.05.30 08:21:20 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012.05.30 08:21:20 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012.05.30 08:21:19 | 013,903,360 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012.05.30 08:21:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012.05.30 08:21:19 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.05.30 08:21:18 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012.05.30 06:11:06 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012.05.30 06:04:16 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2012.05.30 05:59:04 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2012.02.26 14:02:17 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2012.02.26 14:02:12 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2012.02.26 14:02:12 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2012.02.26 14:02:12 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2012.02.26 14:02:12 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2012.02.26 14:02:12 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2012.02.26 14:02:12 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2012.02.26 14:02:12 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2012.02.26 12:54:12 | 001,590,378 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.11.06 05:29:16 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2013 16:42:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,09% Memory free
7,82 Gb Paging File | 5,88 Gb Available in Paging File | 75,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 330,32 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
 
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1716932777-2091039190-360034761-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC8C789-F3B9-42A7-AAA6-1D69A661269A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{117D4677-D8EA-40B9-9180-9DFE17E91E85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1283A4DE-C313-4FAE-8042-7AA23B10431F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3132D0E6-A733-49BC-B081-C12E3CF44337}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{422AD37F-6FB6-4A23-9143-66B94919174E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A927413-5148-4029-9BA8-4C4976D23A58}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5E2AC7C0-314A-4CBB-8ED4-A99C25B52808}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6A463D46-71C3-4A78-8AC7-35A2CC31BAD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F4D462D-1D33-4CB6-B63E-5679FEC30FE0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{71A9AA7A-567E-4B17-AEE3-FF6D6E14A1E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73B69D36-F0CF-465B-8CD3-2B677787F9AA}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | 
"{7681E210-3CD1-424A-971E-A41B0F9B9356}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7885BFAC-FE6F-43AA-9699-FA9FA0236AFD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{87FF8E46-5005-4CD4-AF8C-60B052C46BCE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{93F40161-FDDB-40BA-BF13-AD118786C601}" = lport=138 | protocol=17 | dir=in | app=system | 
"{AC8E7156-242B-4CE3-83E7-CC12549F7371}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AFC544BD-0F6D-4245-A929-572A79FF0021}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B98ACCCB-7D1E-40A5-A7C3-986B1AB2B90F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BB194FCB-6B84-4C74-BB34-B63B164E86AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C7963706-CC40-4CDE-AB91-8E9E3AFC7ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D864C982-D7A7-423D-BE77-679B471DFD69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DA369F9F-05F8-47FF-94CE-FF2436AEAC64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DA554FFE-A00F-48E5-AD8B-B6E591FF2653}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DBBA19C4-AAD1-4340-8AA9-40F2838247DA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DDC0E055-B74A-459E-A1D4-4A08A737DFE7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F2090B15-0FB2-4573-B3F3-8D90064EA90F}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00157835-4941-4EDB-8FAF-48333FECC051}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{089018CE-FF27-43BF-B037-1273B7895A29}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0AA2009F-B8EE-4B08-9C8E-F433E19D82F9}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{1512C413-38C8-48A0-941C-3E3A0EBBF388}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1AAEA8AE-A448-45C3-9C9D-DB207041D598}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2326A654-26EE-4E86-A1BD-D11B14090837}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe | 
"{2405D26C-B145-47F2-BF2A-35B8A0B18359}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{28E1CA45-4F9E-46C2-9B78-B0CE7382561C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{3221953B-4AC8-43E7-B7D3-817741E20375}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{396B2D02-7495-401D-9637-BB3924CDB0A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{40499D98-55AB-4E3D-9C58-B7042B070CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{4677DA17-B9B5-4014-8D7B-A3242B684C71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{480F099C-A9A3-41FC-A4AA-42C90B130D72}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{495D5EA1-01AC-493E-B677-50EBAEE462D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4E89CE42-6345-4329-8991-B0A2033A332D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F754371-9F94-4033-AEF1-EC696EF4AB17}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{578A1964-18F1-4488-A012-9E11B4DD9129}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe | 
"{5A1F8F06-97B7-440A-8616-8B298FC5AB28}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{5CAE8FE3-0095-48C5-9C40-8C9F16EA1B95}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FC3C365-CB61-45BB-8585-88F851C1CD37}" = protocol=6 | dir=out | app=system | 
"{621E5781-1769-46D0-AC65-2401415A6C9D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{62B95C17-DAB1-4428-AF74-E58F22D5A403}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 
"{6E478732-72C8-4450-A005-E17C2C207CF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EE865C4-0FD7-4601-81A4-834C3AE7ABAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8DB2F86C-285B-4558-8F91-30545D4342D6}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe | 
"{9ED8876C-4BB5-4549-9792-980F9D56316B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9F940E32-A58B-45B6-BF2B-3052DCBDD479}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A74FC99D-F505-4F8C-8218-EE719E1AD753}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 
"{A7BDAB15-4005-4C7C-BCB7-F4FA26F0D3C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA6BE318-9614-4B26-93A0-3B46F6811818}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE572531-9E61-431A-AD62-6C9E9BC9B489}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe | 
"{B4CC58E6-4937-42CE-B8E8-82D4EB0258A1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{BCEAC1C3-271C-40DF-9DE9-6E0C2105C738}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 
"{C3DCD12D-B304-49D5-9754-AF9D45442D84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA9AC0A5-9D62-46D5-9143-05512F089DA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D62675CA-48EA-49A1-BC8B-F0D0895AE209}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE9C3BF7-C818-4B00-A5D3-7A94271B3BFC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{F2DAEBC7-7A4A-4000-9601-58FABD8A153F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F8C24C10-FDCB-483A-B03F-79FACE294038}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{036983CC-5AA7-F67F-A0AC-E2A9395BAE1E}" = ccc-utility64
"{06388E0D-A364-478B-8E40-7D76142A8DF5}" = Autodesk Workflows - Product Design Suite 2013
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{07DC9A9D-1793-4EB4-AC1A-70750F9FB72B}" = Autodesk Navisworks Simulate 2013 - 2009 DWG File Reader
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0C821839-EA2A-48C2-BBD5-2B3D28159BC0}" = Autodesk Mudbox 2013 64-bit
"{0D53A298-B2B7-4746-BB92-B757A6E559C3}" = Autodesk Navisworks Simulate 2013 - 2010 DWG File Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{107CB1E9-DDA9-40B5-8A6D-325361402200}" = Autodesk Navisworks Simulate 2013 - 2011 DWG File Reader
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi-Software
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{3CB60177-D3D2-4E9C-BE4D-8372B34B4C7F}" = Autodesk SketchBook Designer 2013
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F744A9A-3067-4605-8864-DA1658059F0B}" = Autodesk Navisworks Simulate 2013 - 2008 DWG File Reader
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}" = Validity Sensors DDK
"{5783F2D7-B005-0000-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 Language Pack - Deutsch (German)
"{5783F2D7-B005-0407-2102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-0102-0060B0CE6BBA}" = AutoCAD Electrical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-1102-0060B0CE6BBA}" = AutoCAD Electrical 2013 Language Pack - Deutsch
"{5783F2D7-B007-0407-2102-0060B0CE6BBA}" = AutoCAD Electrical 2013
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7B42AD25-3D13-4422-A445-F5E18BD963FC}" = Autodesk SketchBook Designer for AutoCAD 2013
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013
"{84A6C8C6-0000-0264-0002-83487CD4C147}" = Autodesk Product Design Suite Premium 2013
"{84A6C8C6-0010-0264-0002-83487CD4C147}" = Autodesk Product Design Suite 2013 Language Pack
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{907A3175-B78E-0407-A98B-0A97BDE8A59C}" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{90A2F9D3-3E5E-4EF4-BC83-E7795CEF1A42}" = Autodesk Navisworks Simulate 2013 - 2012 DWG File Reader
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A15BFC7D-6A90-47E6-8C6E-D51B2929D8C8}" = Autodesk Showcase 2013 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{CBED6FC7-FB20-4920-AA80-3D6F3459F902}" = Autodesk Navisworks Simulate 2013 - 2013 DWG File Reader
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{CFAD9B91-391E-8337-859E-B14918E9ABB3}" = AMD AVIVO64 Codecs
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D28EFBA5-1764-4B79-946A-000BE950E8E2}" = Autodesk Product Design Suite 2013 Schnelle Deinstallation
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DE7FFE23-D092-5379-B83C-0E27FF07E329}" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F17E30E2-7ED4-0000-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013
"{F17E30E2-7ED4-0407-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD Electrical 2013 - Deutsch (German)" = AutoCAD Electrical 2013 - Deutsch (German)
"AutoCAD Mechanical 2013 - Deutsch (German)" = AutoCAD Mechanical 2013 - Deutsch (German)
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Autodesk Inventor 2013" = Autodesk Inventor 2013 Deutsch (German)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Mudbox 2013 64-bit" = Autodesk Mudbox 2013 64-bit
"Autodesk Navisworks 2013 64 bit Exporter Plug-ins" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Navisworks Simulate 2013" = Autodesk Navisworks Simulate 2013
"Autodesk Navisworks Simulate 2013 Language Pack - Deutsch" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"Autodesk Product Design Suite Premium 2013" = Autodesk Product Design Suite Premium 2013
"Autodesk Showcase 2013 64-bit" = Autodesk Showcase 2013 64-bit
"Autodesk SketchBook Designer 2013" = Autodesk SketchBook Designer 2013
"Autodesk SketchBook Designer for AutoCAD 2013" = Autodesk SketchBook Designer for AutoCAD 2013
"DWG TrueView 2013" = DWG TrueView 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{12867B14-03B1-5FEA-B987-9508DBB92A51}" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{249A3D8F-FE03-374E-BFB2-ED3B1FF072C6}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34CB9121-4C52-7854-5E6B-30C00F603782}" = CCC Help Chinese Traditional
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EF2FD37-A6AF-030E-5140-6D64264CB0CC}" = CCC Help Swedish
"{4614113D-DB85-EBE8-C550-52D5134A25E5}" = Catalyst Control Center
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CD64D9F-9525-4CED-34F9-CD600D486A7B}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60D2D550-6DA4-E943-592A-B71B577767A6}" = PX Profile Update
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E469237-BA9E-DF10-9DE1-1BC649DEDC01}" = Catalyst Control Center InstallProxy
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70E3E97D-726D-B60E-B776-AC3200A870F3}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7E30BC50-4F89-1E78-BE14-13395A356BE7}" = CCC Help Dutch
"{7EC2E893-73FC-6AEA-F8C6-A7C74C541C73}" = CCC Help French
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84D61D1B-4F89-D6B1-79B9-FA390A9B05F5}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8754105B-2BEF-0407-83F9-573C69BB204F}" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5921F0-8370-171D-D0D1-C83A7BD17400}" = CCC Help Danish
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9669EB2-B188-2D11-1562-BBB7BF0342E9}" = CCC Help Italian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5E44903-EE08-4B97-9A0F-08E2E1AAACF5}" = PowerXpressHybrid
"{BB531F76-F03F-B6DC-B740-830B46A60616}" = Catalyst Control Center Profiles Mobile
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7755E3B-57EF-ADF8-A112-85C14D0388D0}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB89DE9-C8FD-4D33-986A-DBDEC5309378}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2643DB8-3102-A67F-E1C0-4292FACC3637}" = CCC Help Portuguese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF86FC7A-4065-D2D2-99FB-E86E8CB9D64E}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBEA3B88-360E-858B-53F5-1948FF0466D9}" = CCC Help German
"{ED18994D-D12A-CD81-D1B9-C8844B5654BB}" = CCC Help Chinese Standard
"{ED3264CD-DF55-ECEE-9ED6-C85BAD78512F}" = CCC Help Finnish
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F13E6A6E-95B7-0352-2292-AAADF81FC560}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Navisworks 2013 32 bit Exporter Plug-ins" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviraSpeedup" = Avira System Speedup
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Dell Webcam Central" = Dell Webcam Central
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2013 10:37:46 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >
         

Alt 26.04.2013, 16:23   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.04.2013, 10:50   #13
alder
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Malwarebites hab ich versehentlich einen kompett-Scan gemacht. Hier das Log
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dell :: DELL-PC [Administrator]

Schutz: Deaktiviert

26.04.2013 22:20:23
mbam-log-2013-04-26 (22-20-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 492610
Laufzeit: 1 Stunde(n), 9 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fbcf97834bccf74387773be2bf62a188
# engine=13707
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-27 09:45:20
# local_time=2013-04-27 11:45:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 48464 232475610 356 0
# compatibility_mode=5893 16776573 100 94 424330 118685770 0 0
# scanned=300581
# found=0
# cleaned=0
# scan_time=7188
         

Alt 27.04.2013, 17:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Komplettscan mit Malwarebytes schadet nicht ist nur sehr oft unnötig

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.04.2013, 10:12   #15
alder
 
Zip Anhang mit TR/Roque.957311 geöffnet - Standard

Zip Anhang mit TR/Roque.957311 geöffnet



Der Rechner läuft soweit einwandfrei, keine weiteren Funde

Die Host-Datei hab ich mal aufgespielt, Danke für den Tipp.

Jetzt kann ich ja mein Desktop wieder aufräumen, in der Hoffnung, dass ich die ganzen Helferlein so schnell nicht mehr brauche...

Die erste Amtshandlung mit dem nun sauberen PC wird eine Online-Überweisung ans TB sein.

Vielen Dank!

Antwort

Themen zu Zip Anhang mit TR/Roque.957311 geöffnet
32 bit, antivir, autorun, avira, bho, converter, error, fehler, firefox, flash player, format, helper, home, igdpmd64.sys, install.exe, logfile, monitor.exe, mozilla, mp3, ntdll.dll, plug-in, realtek, registry, rundll, scan, software, spam, svchost.exe, system, usb, windows




Ähnliche Themen: Zip Anhang mit TR/Roque.957311 geöffnet


  1. DHL-Mail Anhang geöffnet
    Log-Analyse und Auswertung - 02.06.2015 (9)
  2. DHL Spam-Anhang mit Mac geöffnet?
    Alles rund um Mac OSX & Linux - 29.05.2015 (1)
  3. DHL Spam-Anhang mit Mac geöffnet
    Alles rund um Mac OSX & Linux - 28.05.2015 (8)
  4. Bei Rechnungsaufforderung Anhang geöffnet.
    Log-Analyse und Auswertung - 10.05.2015 (9)
  5. DHL Paketankündigung Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (19)
  6. DHL Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (9)
  7. UPS-Mail anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (9)
  8. Anhang mit Trojaner geöffnet
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (19)
  9. ZIP Anhang in Mahnungsmail geöffnet
    Log-Analyse und Auswertung - 07.05.2013 (7)
  10. Email-Anhang (ZIP) geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (1)
  11. Mydirtyhobby.de Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (13)
  12. Email Anhang geöffnet!
    Log-Analyse und Auswertung - 11.03.2013 (44)
  13. Zip-Anhang von Rechnungsmail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (8)
  14. zip. Anhang geöffnet TR/Matsnu.EB.101
    Log-Analyse und Auswertung - 21.02.2013 (19)
  15. mms@t-mobile.de Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (1)
  16. NACHA anhang geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (15)
  17. Falsche Vodafonemail - PDF-Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (3)

Zum Thema Zip Anhang mit TR/Roque.957311 geöffnet - Hallo ihr Profis, schön dass es euch gibt Heute morgen hat meine Frau in ihrem web.de Postfach eine Spam mail (angeblich Mahnung von Sanicare.de) gefunden und die angehängte zip-Datei runtergeladen. - Zip Anhang mit TR/Roque.957311 geöffnet...
Archiv
Du betrachtest: Zip Anhang mit TR/Roque.957311 geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.