Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus.Win64.TAccess.b in services.exe [Solved]

Started by neuronet , Sep 16 2012 02:08 PM

  • This topic is locked This topic is locked

#1
neuronet
Posted 16 September 2012 - 02:08 PM

neuronet

    New Member

  • Member
  • Pip
  • 6 posts
Hello folks... i hope you can help me :D

TDDSKiller reports :

Virus.Win64.ZAccess.b
File: C:\Windows\system32\service.exe
Malware object, high risk

Report:

16:03:26.0236 4008  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:03:26.0629 4008  ============================================================
16:03:26.0629 4008  Current date / time: 2012/09/16 16:03:26.0629
16:03:26.0629 4008  SystemInfo:
16:03:26.0629 4008  
16:03:26.0629 4008  OS Version: 6.1.7600 ServicePack: 0.0
16:03:26.0629 4008  Product type: Workstation
16:03:26.0630 4008  ComputerName: BIENCHEN-PC
16:03:26.0630 4008  UserName: Bienchen
16:03:26.0630 4008  Windows directory: C:\Windows
16:03:26.0630 4008  System windows directory: C:\Windows
16:03:26.0630 4008  Running under WOW64
16:03:26.0630 4008  Processor architecture: Intel x64
16:03:26.0630 4008  Number of processors: 2
16:03:26.0630 4008  Page size: 0x1000
16:03:26.0630 4008  Boot type: Normal boot
16:03:26.0630 4008  ============================================================
16:03:27.0727 4008  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:03:27.0730 4008  ============================================================
16:03:27.0731 4008  \Device\Harddisk0\DR0:
16:03:27.0731 4008  MBR partitions:
16:03:27.0731 4008  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:03:27.0731 4008  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D4000
16:03:27.0731 4008  ============================================================
16:03:27.0757 4008  C: <-> \Device\Harddisk0\DR0\Partition2
16:03:27.0757 4008  ============================================================
16:03:27.0757 4008  Initialize success
16:03:27.0757 4008  ============================================================
16:03:32.0706 2856  ============================================================
16:03:32.0706 2856  Scan started
16:03:32.0706 2856  Mode: Manual; 
16:03:32.0706 2856  ============================================================
16:03:33.0906 2856  ================ Scan system memory ========================
16:03:33.0906 2856  System memory - ok
16:03:33.0907 2856  ================ Scan services =============================
16:03:34.0223 2856  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:03:34.0223 2856  1394ohci - ok
16:03:34.0254 2856  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
16:03:34.0254 2856  ACPI - ok
16:03:34.0270 2856  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
16:03:34.0271 2856  AcpiPmi - ok
16:03:34.0380 2856  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:03:34.0381 2856  AdobeARMservice - ok
16:03:34.0417 2856  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:03:34.0425 2856  adp94xx - ok
16:03:34.0448 2856  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:03:34.0454 2856  adpahci - ok
16:03:34.0476 2856  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:03:34.0478 2856  adpu320 - ok
16:03:34.0504 2856  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:03:34.0505 2856  AeLookupSvc - ok
16:03:34.0523 2856  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
16:03:34.0527 2856  AFD - ok
16:03:34.0541 2856  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
16:03:34.0542 2856  agp440 - ok
16:03:34.0558 2856  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:03:34.0559 2856  ALG - ok
16:03:34.0570 2856  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
16:03:34.0571 2856  aliide - ok
16:03:34.0576 2856  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
16:03:34.0577 2856  amdide - ok
16:03:34.0598 2856  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:03:34.0599 2856  AmdK8 - ok
16:03:34.0624 2856  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:03:34.0624 2856  AmdPPM - ok
16:03:34.0643 2856  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
16:03:34.0644 2856  amdsata - ok
16:03:34.0657 2856  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:03:34.0658 2856  amdsbs - ok
16:03:34.0672 2856  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
16:03:34.0672 2856  amdxata - ok
16:03:34.0738 2856  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:03:34.0740 2856  AntiVirSchedulerService - ok
16:03:34.0762 2856  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:03:34.0764 2856  AntiVirService - ok
16:03:34.0784 2856  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
16:03:34.0786 2856  AppID - ok
16:03:34.0795 2856  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:03:34.0796 2856  AppIDSvc - ok
16:03:34.0823 2856  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
16:03:34.0825 2856  Appinfo - ok
16:03:34.0844 2856  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:03:34.0845 2856  arc - ok
16:03:34.0866 2856  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:03:34.0867 2856  arcsas - ok
16:03:34.0978 2856  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:03:34.0979 2856  aspnet_state - ok
16:03:35.0001 2856  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:03:35.0002 2856  AsyncMac - ok
16:03:35.0020 2856  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
16:03:35.0021 2856  atapi - ok
16:03:35.0145 2856  [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:03:35.0170 2856  atikmdag - ok
16:03:35.0193 2856  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
16:03:35.0194 2856  AtiPcie - ok
16:03:35.0215 2856  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:03:35.0226 2856  AudioEndpointBuilder - ok
16:03:35.0247 2856  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:03:35.0252 2856  AudioSrv - ok
16:03:35.0261 2856  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:03:35.0262 2856  avgntflt - ok
16:03:35.0282 2856  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:03:35.0283 2856  avipbb - ok
16:03:35.0293 2856  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:03:35.0294 2856  avkmgr - ok
16:03:35.0332 2856  [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio        C:\Windows\system32\DRIVERS\avmaudio.sys
16:03:35.0334 2856  avmaudio - ok
16:03:35.0350 2856  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:03:35.0353 2856  AxInstSV - ok
16:03:35.0377 2856  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:03:35.0381 2856  b06bdrv - ok
16:03:35.0396 2856  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:03:35.0398 2856  b57nd60a - ok
16:03:35.0413 2856  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:03:35.0414 2856  BDESVC - ok
16:03:35.0421 2856  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:03:35.0421 2856  Beep - ok
16:03:35.0448 2856  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
16:03:35.0451 2856  BFE - ok
16:03:35.0493 2856  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
16:03:35.0498 2856  BITS - ok
16:03:35.0512 2856  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:03:35.0512 2856  blbdrive - ok
16:03:35.0531 2856  [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:03:35.0532 2856  bowser - ok
16:03:35.0542 2856  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:03:35.0542 2856  BrFiltLo - ok
16:03:35.0552 2856  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:03:35.0552 2856  BrFiltUp - ok
16:03:35.0567 2856  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
16:03:35.0568 2856  BridgeMP - ok
16:03:35.0573 2856  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
16:03:35.0574 2856  Browser - ok
16:03:35.0589 2856  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:03:35.0591 2856  Brserid - ok
16:03:35.0604 2856  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:03:35.0605 2856  BrSerWdm - ok
16:03:35.0615 2856  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:03:35.0615 2856  BrUsbMdm - ok
16:03:35.0629 2856  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:03:35.0630 2856  BrUsbSer - ok
16:03:35.0644 2856  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:03:35.0645 2856  BTHMODEM - ok
16:03:35.0658 2856  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:03:35.0658 2856  bthserv - ok
16:03:35.0674 2856  catchme - ok
16:03:35.0690 2856  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:03:35.0690 2856  cdfs - ok
16:03:35.0705 2856  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:03:35.0705 2856  cdrom - ok
16:03:35.0705 2856  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:03:35.0705 2856  CertPropSvc - ok
16:03:35.0721 2856  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:03:35.0721 2856  circlass - ok
16:03:35.0736 2856  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:03:35.0752 2856  CLFS - ok
16:03:35.0805 2856  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:03:35.0807 2856  clr_optimization_v2.0.50727_32 - ok
16:03:35.0858 2856  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:03:35.0860 2856  clr_optimization_v2.0.50727_64 - ok
16:03:35.0946 2856  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:03:35.0949 2856  clr_optimization_v4.0.30319_32 - ok
16:03:35.0983 2856  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:03:35.0986 2856  clr_optimization_v4.0.30319_64 - ok
16:03:36.0021 2856  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:03:36.0022 2856  CmBatt - ok
16:03:36.0038 2856  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
16:03:36.0039 2856  cmdide - ok
16:03:36.0071 2856  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
16:03:36.0075 2856  CNG - ok
16:03:36.0091 2856  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:03:36.0092 2856  Compbatt - ok
16:03:36.0108 2856  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:03:36.0108 2856  CompositeBus - ok
16:03:36.0114 2856  COMSysApp - ok
16:03:36.0130 2856  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:03:36.0130 2856  crcdisk - ok
16:03:36.0166 2856  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:03:36.0168 2856  CryptSvc - ok
16:03:36.0186 2856  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:03:36.0192 2856  DcomLaunch - ok
16:03:36.0213 2856  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:03:36.0216 2856  defragsvc - ok
16:03:36.0230 2856  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:03:36.0232 2856  DfsC - ok
16:03:36.0253 2856  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:03:36.0256 2856  Dhcp - ok
16:03:36.0265 2856  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:03:36.0266 2856  discache - ok
16:03:36.0283 2856  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:03:36.0284 2856  Disk - ok
16:03:36.0300 2856  [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:03:36.0301 2856  Dnscache - ok
16:03:36.0308 2856  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
16:03:36.0309 2856  dot3svc - ok
16:03:36.0315 2856  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
16:03:36.0316 2856  DPS - ok
16:03:36.0342 2856  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:03:36.0342 2856  drmkaud - ok
16:03:36.0355 2856  [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:03:36.0359 2856  DXGKrnl - ok
16:03:36.0393 2856  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:03:36.0394 2856  EapHost - ok
16:03:36.0444 2856  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:03:36.0459 2856  ebdrv - ok
16:03:36.0485 2856  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
16:03:36.0486 2856  EFS - ok
16:03:36.0529 2856  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:03:36.0533 2856  ehRecvr - ok
16:03:36.0549 2856  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:03:36.0550 2856  ehSched - ok
16:03:36.0610 2856  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
16:03:36.0612 2856  ElbyCDIO - ok
16:03:36.0644 2856  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:03:36.0653 2856  elxstor - ok
16:03:36.0667 2856  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
16:03:36.0668 2856  ErrDev - ok
16:03:36.0695 2856  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:03:36.0698 2856  EventSystem - ok
16:03:36.0719 2856  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:03:36.0720 2856  exfat - ok
16:03:36.0732 2856  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:03:36.0734 2856  fastfat - ok
16:03:36.0766 2856  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
16:03:36.0770 2856  Fax - ok
16:03:36.0782 2856  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:03:36.0783 2856  fdc - ok
16:03:36.0793 2856  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:03:36.0794 2856  fdPHost - ok
16:03:36.0799 2856  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:03:36.0800 2856  FDResPub - ok
16:03:36.0813 2856  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:03:36.0814 2856  FileInfo - ok
16:03:36.0825 2856  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:03:36.0825 2856  Filetrace - ok
16:03:36.0842 2856  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:03:36.0842 2856  flpydisk - ok
16:03:36.0859 2856  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:03:36.0861 2856  FltMgr - ok
16:03:36.0901 2856  [ D4463A74E1BFBF3FB9B4FC6CF5390152 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
16:03:36.0904 2856  fltsrv - ok
16:03:36.0945 2856  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
16:03:36.0958 2856  FontCache - ok
16:03:37.0007 2856  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:03:37.0008 2856  FontCache3.0.0.0 - ok
16:03:37.0020 2856  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:03:37.0021 2856  FsDepends - ok
16:03:37.0036 2856  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:03:37.0036 2856  Fs_Rec - ok
16:03:37.0045 2856  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:03:37.0047 2856  fvevol - ok
16:03:37.0069 2856  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:03:37.0070 2856  gagp30kx - ok
16:03:37.0095 2856  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
16:03:37.0101 2856  gpsvc - ok
16:03:37.0150 2856  [ 5BF776ABEDEA06B0779C82E9D54B58D7 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
16:03:37.0152 2856  hcmon - ok
16:03:37.0173 2856  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:03:37.0174 2856  hcw85cir - ok
16:03:37.0214 2856  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:03:37.0220 2856  HdAudAddService - ok
16:03:37.0238 2856  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:03:37.0240 2856  HDAudBus - ok
16:03:37.0250 2856  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:03:37.0251 2856  HidBatt - ok
16:03:37.0273 2856  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:03:37.0274 2856  HidBth - ok
16:03:37.0294 2856  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:03:37.0295 2856  HidIr - ok
16:03:37.0299 2856  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
16:03:37.0300 2856  hidserv - ok
16:03:37.0325 2856  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:03:37.0326 2856  HidUsb - ok
16:03:37.0335 2856  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:03:37.0337 2856  hkmsvc - ok
16:03:37.0343 2856  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:03:37.0345 2856  HomeGroupListener - ok
16:03:37.0366 2856  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:03:37.0368 2856  HomeGroupProvider - ok
16:03:37.0382 2856  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
16:03:37.0382 2856  HpSAMD - ok
16:03:37.0408 2856  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:03:37.0412 2856  HTTP - ok
16:03:37.0421 2856  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:03:37.0421 2856  hwpolicy - ok
16:03:37.0432 2856  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:03:37.0433 2856  i8042prt - ok
16:03:37.0460 2856  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
16:03:37.0462 2856  iaStorV - ok
16:03:37.0501 2856  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:03:37.0506 2856  idsvc - ok
16:03:37.0516 2856  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:03:37.0517 2856  iirsp - ok
16:03:37.0553 2856  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
16:03:37.0558 2856  IKEEXT - ok
16:03:37.0650 2856  [ 4BBB5A55EEB5EC11B20FCBB4CBB49357 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:03:37.0673 2856  IntcAzAudAddService - ok
16:03:37.0678 2856  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
16:03:37.0679 2856  intelide - ok
16:03:37.0713 2856  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:03:37.0714 2856  intelppm - ok
16:03:37.0732 2856  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:03:37.0734 2856  IPBusEnum - ok
16:03:37.0759 2856  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:03:37.0761 2856  IpFilterDriver - ok
16:03:37.0799 2856  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:03:37.0805 2856  iphlpsvc - ok
16:03:37.0817 2856  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:03:37.0818 2856  IPMIDRV - ok
16:03:37.0834 2856  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:03:37.0835 2856  IPNAT - ok
16:03:37.0855 2856  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:03:37.0855 2856  IRENUM - ok
16:03:37.0859 2856  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
16:03:37.0860 2856  isapnp - ok
16:03:37.0888 2856  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:03:37.0889 2856  iScsiPrt - ok
16:03:37.0902 2856  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:03:37.0902 2856  kbdclass - ok
16:03:37.0918 2856  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:03:37.0919 2856  kbdhid - ok
16:03:37.0923 2856  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
16:03:37.0924 2856  KeyIso - ok
16:03:37.0942 2856  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:03:37.0943 2856  KSecDD - ok
16:03:37.0958 2856  [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:03:37.0959 2856  KSecPkg - ok
16:03:37.0976 2856  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:03:37.0976 2856  ksthunk - ok
16:03:38.0002 2856  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:03:38.0008 2856  KtmRm - ok
16:03:38.0040 2856  [ B8040D3B97B16B89701E31A17353856C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
16:03:38.0041 2856  L1C - ok
16:03:38.0053 2856  [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:03:38.0057 2856  LanmanServer - ok
16:03:38.0086 2856  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:03:38.0089 2856  LanmanWorkstation - ok
16:03:38.0109 2856  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:03:38.0111 2856  lltdio - ok
16:03:38.0136 2856  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:03:38.0140 2856  lltdsvc - ok
16:03:38.0159 2856  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:03:38.0160 2856  lmhosts - ok
16:03:38.0178 2856  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:03:38.0180 2856  LSI_FC - ok
16:03:38.0194 2856  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:03:38.0196 2856  LSI_SAS - ok
16:03:38.0208 2856  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:03:38.0209 2856  LSI_SAS2 - ok
16:03:38.0238 2856  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:03:38.0239 2856  LSI_SCSI - ok
16:03:38.0280 2856  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:03:38.0281 2856  luafv - ok
16:03:38.0313 2856  [ 07389F6925E490D2DB7882110E99921C ] lvpepf64        C:\Windows\system32\DRIVERS\lv302a64.sys
16:03:38.0313 2856  lvpepf64 - ok
16:03:38.0363 2856  [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
16:03:38.0369 2856  LVRS64 - ok
16:03:38.0381 2856  [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
16:03:38.0382 2856  LVUSBS64 - ok
16:03:38.0391 2856  massfilter - ok
16:03:38.0411 2856  massfilter_hs - ok
16:03:38.0430 2856  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:03:38.0431 2856  Mcx2Svc - ok
16:03:38.0440 2856  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:03:38.0440 2856  megasas - ok
16:03:38.0455 2856  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:03:38.0457 2856  MegaSR - ok
16:03:38.0471 2856  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:03:38.0472 2856  MMCSS - ok
16:03:38.0484 2856  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:03:38.0485 2856  Modem - ok
16:03:38.0494 2856  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:03:38.0495 2856  monitor - ok
16:03:38.0503 2856  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:03:38.0504 2856  mouclass - ok
16:03:38.0516 2856  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:03:38.0517 2856  mouhid - ok
16:03:38.0528 2856  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:03:38.0529 2856  mountmgr - ok
16:03:38.0587 2856  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:03:38.0589 2856  MozillaMaintenance - ok
16:03:38.0613 2856  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
16:03:38.0616 2856  mpio - ok
16:03:38.0642 2856  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:03:38.0644 2856  mpsdrv - ok
16:03:38.0689 2856  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:03:38.0704 2856  MpsSvc - ok
16:03:38.0730 2856  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:03:38.0732 2856  MRxDAV - ok
16:03:38.0755 2856  [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:03:38.0757 2856  mrxsmb - ok
16:03:38.0777 2856  [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:03:38.0780 2856  mrxsmb10 - ok
16:03:38.0791 2856  [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:03:38.0792 2856  mrxsmb20 - ok
16:03:38.0796 2856  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
16:03:38.0797 2856  msahci - ok
16:03:38.0802 2856  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
16:03:38.0803 2856  msdsm - ok
16:03:38.0824 2856  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:03:38.0825 2856  MSDTC - ok
16:03:38.0851 2856  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:03:38.0852 2856  Msfs - ok
16:03:38.0870 2856  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:03:38.0870 2856  mshidkmdf - ok
16:03:38.0881 2856  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
16:03:38.0882 2856  msisadrv - ok
16:03:38.0902 2856  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:03:38.0903 2856  MSiSCSI - ok
16:03:38.0907 2856  msiserver - ok
16:03:38.0938 2856  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:03:38.0939 2856  MSKSSRV - ok
16:03:38.0964 2856  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:03:38.0965 2856  MSPCLOCK - ok
16:03:38.0983 2856  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:03:38.0984 2856  MSPQM - ok
16:03:39.0005 2856  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:03:39.0008 2856  MsRPC - ok
16:03:39.0023 2856  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:03:39.0024 2856  mssmbios - ok
16:03:39.0043 2856  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:03:39.0043 2856  MSTEE - ok
16:03:39.0059 2856  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:03:39.0060 2856  MTConfig - ok
16:03:39.0081 2856  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:03:39.0082 2856  Mup - ok
16:03:39.0118 2856  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
16:03:39.0123 2856  napagent - ok
16:03:39.0157 2856  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:03:39.0160 2856  NativeWifiP - ok
16:03:39.0327 2856  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:03:39.0341 2856  NDIS - ok
16:03:39.0382 2856  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:03:39.0383 2856  NdisCap - ok
16:03:39.0402 2856  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:03:39.0403 2856  NdisTapi - ok
16:03:39.0423 2856  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:03:39.0424 2856  Ndisuio - ok
16:03:39.0450 2856  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:03:39.0451 2856  NdisWan - ok
16:03:39.0463 2856  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:03:39.0464 2856  NDProxy - ok
16:03:39.0480 2856  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:03:39.0480 2856  NetBIOS - ok
16:03:39.0500 2856  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:03:39.0501 2856  NetBT - ok
16:03:39.0518 2856  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
16:03:39.0520 2856  Netlogon - ok
16:03:39.0552 2856  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:03:39.0554 2856  Netman - ok
16:03:39.0584 2856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:03:39.0585 2856  NetMsmqActivator - ok
16:03:39.0589 2856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:03:39.0590 2856  NetPipeActivator - ok
16:03:39.0598 2856  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:03:39.0602 2856  netprofm - ok
16:03:39.0607 2856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:03:39.0608 2856  NetTcpActivator - ok
16:03:39.0612 2856  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:03:39.0613 2856  NetTcpPortSharing - ok
16:03:39.0633 2856  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:03:39.0634 2856  nfrd960 - ok
16:03:39.0651 2856  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:03:39.0654 2856  NlaSvc - ok
16:03:39.0724 2856  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
16:03:39.0726 2856  NPF - ok
16:03:39.0742 2856  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:03:39.0744 2856  Npfs - ok
16:03:39.0770 2856  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:03:39.0774 2856  nsi - ok
16:03:39.0789 2856  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:03:39.0790 2856  nsiproxy - ok
16:03:39.0834 2856  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:03:39.0847 2856  Ntfs - ok
16:03:39.0866 2856  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:03:39.0867 2856  Null - ok
16:03:39.0916 2856  [ E20ABD5B229760158F753CA90B97E090 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:03:39.0917 2856  NVHDA - ok
16:03:40.0204 2856  [ 10AD52B18792420E27BD5A0E912B1891 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:03:40.0265 2856  nvlddmkm - ok
16:03:40.0292 2856  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
16:03:40.0293 2856  nvraid - ok
16:03:40.0299 2856  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
16:03:40.0300 2856  nvstor - ok
16:03:40.0324 2856  [ 49873A036B03E7AB0287C5D54D54F1E0 ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:03:40.0326 2856  nvsvc - ok
16:03:40.0358 2856  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
16:03:40.0359 2856  nv_agp - ok
16:03:40.0373 2856  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:03:40.0373 2856  ohci1394 - ok
16:03:40.0443 2856  [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
16:03:40.0444 2856  OpenVPNService - ok
16:03:40.0477 2856  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:03:40.0485 2856  p2pimsvc - ok
16:03:40.0515 2856  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:03:40.0525 2856  p2psvc - ok
16:03:40.0548 2856  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:03:40.0550 2856  Parport - ok
16:03:40.0564 2856  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:03:40.0566 2856  partmgr - ok
16:03:40.0583 2856  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:03:40.0587 2856  PcaSvc - ok
16:03:40.0598 2856  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
16:03:40.0600 2856  pci - ok
16:03:40.0611 2856  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
16:03:40.0611 2856  pciide - ok
16:03:40.0631 2856  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:03:40.0633 2856  pcmcia - ok
16:03:40.0647 2856  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:03:40.0648 2856  pcw - ok
16:03:40.0678 2856  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:03:40.0684 2856  PEAUTH - ok
16:03:40.0755 2856  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:03:40.0757 2856  PerfHost - ok
16:03:40.0832 2856  [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
16:03:40.0844 2856  PID_PEPI - ok
16:03:40.0888 2856  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
16:03:40.0911 2856  pla - ok
16:03:40.0937 2856  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:03:40.0941 2856  PlugPlay - ok
16:03:40.0946 2856  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:03:40.0948 2856  PNRPAutoReg - ok
16:03:40.0965 2856  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:03:40.0968 2856  PNRPsvc - ok
16:03:41.0004 2856  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:03:41.0013 2856  PolicyAgent - ok
16:03:41.0075 2856  PORTMON - ok
16:03:41.0106 2856  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:03:41.0113 2856  Power - ok
16:03:41.0134 2856  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:03:41.0136 2856  PptpMiniport - ok
16:03:41.0152 2856  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:03:41.0153 2856  Processor - ok
16:03:41.0199 2856  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
16:03:41.0203 2856  ProfSvc - ok
16:03:41.0218 2856  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
16:03:41.0220 2856  ProtectedStorage - ok
16:03:41.0237 2856  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:03:41.0238 2856  Psched - ok
16:03:41.0280 2856  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:03:41.0292 2856  ql2300 - ok
16:03:41.0303 2856  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:03:41.0304 2856  ql40xx - ok
16:03:41.0320 2856  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:03:41.0322 2856  QWAVE - ok
16:03:41.0329 2856  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:03:41.0330 2856  QWAVEdrv - ok
16:03:41.0348 2856  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:03:41.0349 2856  RasAcd - ok
16:03:41.0367 2856  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:03:41.0368 2856  RasAgileVpn - ok
16:03:41.0376 2856  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:03:41.0378 2856  RasAuto - ok
16:03:41.0390 2856  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:03:41.0391 2856  Rasl2tp - ok
16:03:41.0406 2856  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
16:03:41.0409 2856  RasMan - ok
16:03:41.0421 2856  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:03:41.0421 2856  RasPppoe - ok
16:03:41.0447 2856  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:03:41.0448 2856  RasSstp - ok
16:03:41.0460 2856  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:03:41.0462 2856  rdbss - ok
16:03:41.0478 2856  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:03:41.0479 2856  rdpbus - ok
16:03:41.0488 2856  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:03:41.0488 2856  RDPCDD - ok
16:03:41.0512 2856  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:03:41.0513 2856  RDPENCDD - ok
16:03:41.0531 2856  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:03:41.0531 2856  RDPREFMP - ok
16:03:41.0546 2856  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:03:41.0547 2856  RDPWD - ok
16:03:41.0564 2856  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:03:41.0566 2856  rdyboost - ok
16:03:41.0584 2856  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:03:41.0586 2856  RemoteAccess - ok
16:03:41.0599 2856  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:03:41.0601 2856  RemoteRegistry - ok
16:03:41.0669 2856  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
16:03:41.0672 2856  rpcapd - ok
16:03:41.0692 2856  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:03:41.0694 2856  RpcEptMapper - ok
16:03:41.0709 2856  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:03:41.0710 2856  RpcLocator - ok
16:03:41.0730 2856  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
16:03:41.0734 2856  RpcSs - ok
16:03:41.0749 2856  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:03:41.0750 2856  rspndr - ok
16:03:41.0754 2856  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
16:03:41.0756 2856  SamSs - ok
16:03:41.0779 2856  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
16:03:41.0780 2856  sbp2port - ok
16:03:41.0800 2856  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:03:41.0803 2856  SCardSvr - ok
16:03:41.0813 2856  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:03:41.0814 2856  scfilter - ok
16:03:41.0843 2856  [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule        C:\Windows\system32\schedsvc.dll
16:03:41.0851 2856  Schedule - ok
16:03:41.0875 2856  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:03:41.0876 2856  SCPolicySvc - ok
16:03:41.0889 2856  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:03:41.0892 2856  SDRSVC - ok
16:03:41.0909 2856  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:03:41.0910 2856  secdrv - ok
16:03:41.0925 2856  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
16:03:41.0927 2856  seclogon - ok
16:03:41.0936 2856  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
16:03:41.0938 2856  SENS - ok
16:03:41.0948 2856  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:03:41.0950 2856  SensrSvc - ok
16:03:41.0965 2856  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:03:41.0966 2856  Serenum - ok
16:03:41.0976 2856  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:03:41.0977 2856  Serial - ok
16:03:41.0995 2856  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:03:41.0996 2856  sermouse - ok
16:03:42.0016 2856  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
16:03:42.0019 2856  SessionEnv - ok
16:03:42.0030 2856  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
16:03:42.0031 2856  sffdisk - ok
16:03:42.0043 2856  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:03:42.0044 2856  sffp_mmc - ok
16:03:42.0055 2856  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
16:03:42.0055 2856  sffp_sd - ok
16:03:42.0065 2856  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:03:42.0065 2856  sfloppy - ok
16:03:42.0115 2856  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:03:42.0122 2856  SharedAccess - ok
16:03:42.0143 2856  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:03:42.0148 2856  ShellHWDetection - ok
16:03:42.0163 2856  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:03:42.0164 2856  SiSRaid2 - ok
16:03:42.0180 2856  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:03:42.0181 2856  SiSRaid4 - ok
16:03:42.0238 2856  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:03:42.0241 2856  SkypeUpdate - ok
16:03:42.0260 2856  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:03:42.0263 2856  Smb - ok
16:03:42.0299 2856  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:03:42.0301 2856  SNMPTRAP - ok
16:03:42.0317 2856  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:03:42.0318 2856  spldr - ok
16:03:42.0329 2856  [ 89E8550C5862999FCF482EA562B0E98E ] Spooler         C:\Windows\System32\spoolsv.exe
16:03:42.0334 2856  Spooler - ok
16:03:42.0419 2856  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:03:42.0441 2856  sppsvc - ok
16:03:42.0456 2856  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:03:42.0458 2856  sppuinotify - ok
16:03:42.0474 2856  [ EC8F67289105BF270498095F14963464 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:03:42.0477 2856  srv - ok
16:03:42.0485 2856  [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:03:42.0487 2856  srv2 - ok
16:03:42.0500 2856  [ 26E84D3649019C3244622E654DFCD75B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:03:42.0501 2856  srvnet - ok
16:03:42.0521 2856  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:03:42.0523 2856  SSDPSRV - ok
16:03:42.0533 2856  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:03:42.0535 2856  SstpSvc - ok
16:03:42.0584 2856  [ FB8FCF538184A28F674FEA9521D7A6BB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:03:42.0585 2856  Stereo Service - ok
16:03:42.0589 2856  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:03:42.0591 2856  stexstor - ok
16:03:42.0638 2856  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
16:03:42.0651 2856  stisvc - ok
16:03:42.0663 2856  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:03:42.0663 2856  swenum - ok
16:03:42.0774 2856  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:03:42.0778 2856  SwitchBoard - ok
16:03:42.0810 2856  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:03:42.0816 2856  swprv - ok
16:03:42.0851 2856  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
16:03:42.0866 2856  SysMain - ok
16:03:42.0884 2856  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:03:42.0887 2856  TabletInputService - ok
16:03:42.0930 2856  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
16:03:42.0931 2856  tap0901 - ok
16:03:42.0947 2856  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:03:42.0954 2856  TapiSrv - ok
16:03:42.0968 2856  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:03:42.0971 2856  TBS - ok
16:03:43.0007 2856  [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:03:43.0018 2856  Tcpip - ok
16:03:43.0047 2856  [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:03:43.0056 2856  TCPIP6 - ok
16:03:43.0066 2856  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:03:43.0067 2856  tcpipreg - ok
16:03:43.0085 2856  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:03:43.0086 2856  TDPIPE - ok
16:03:43.0098 2856  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:03:43.0098 2856  TDTCP - ok
16:03:43.0116 2856  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:03:43.0117 2856  tdx - ok
16:03:43.0252 2856  [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:03:43.0265 2856  TeamViewer7 - ok
16:03:43.0285 2856  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:03:43.0285 2856  TermDD - ok
16:03:43.0304 2856  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
16:03:43.0309 2856  TermService - ok
16:03:43.0354 2856  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
16:03:43.0354 2856  TFsExDisk - ok
16:03:43.0358 2856  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:03:43.0360 2856  Themes - ok
16:03:43.0382 2856  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:03:43.0383 2856  THREADORDER - ok
16:03:43.0393 2856  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:03:43.0395 2856  TrkWks - ok
16:03:43.0439 2856  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:03:43.0442 2856  TrustedInstaller - ok
16:03:43.0466 2856  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:03:43.0467 2856  tssecsrv - ok
16:03:43.0483 2856  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:03:43.0485 2856  tunnel - ok
16:03:43.0500 2856  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:03:43.0500 2856  uagp35 - ok
16:03:43.0514 2856  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:03:43.0516 2856  udfs - ok
16:03:43.0549 2856  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:03:43.0551 2856  UI0Detect - ok
16:03:43.0570 2856  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
16:03:43.0571 2856  uliagpkx - ok
16:03:43.0580 2856  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:03:43.0581 2856  umbus - ok
16:03:43.0599 2856  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:03:43.0599 2856  UmPass - ok
16:03:43.0616 2856  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:03:43.0619 2856  upnphost - ok
16:03:43.0634 2856  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:03:43.0635 2856  usbaudio - ok
16:03:43.0651 2856  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:03:43.0652 2856  usbccgp - ok
16:03:43.0666 2856  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
16:03:43.0667 2856  usbcir - ok
16:03:43.0682 2856  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:03:43.0683 2856  usbehci - ok
16:03:43.0718 2856  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
16:03:43.0720 2856  usbfilter - ok
16:03:43.0736 2856  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:03:43.0741 2856  usbhub - ok
16:03:43.0786 2856  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:03:43.0787 2856  usbohci - ok
16:03:43.0808 2856  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:03:43.0809 2856  usbprint - ok
16:03:43.0847 2856  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:03:43.0848 2856  usbscan - ok
16:03:43.0878 2856  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:03:43.0880 2856  USBSTOR - ok
16:03:43.0887 2856  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:03:43.0888 2856  usbuhci - ok
16:03:43.0905 2856  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:03:43.0908 2856  UxSms - ok
16:03:43.0919 2856  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
16:03:43.0921 2856  VaultSvc - ok
16:03:43.0959 2856  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
16:03:43.0960 2856  VClone - ok
16:03:43.0974 2856  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
16:03:43.0975 2856  vdrvroot - ok
16:03:43.0996 2856  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
16:03:44.0002 2856  vds - ok
16:03:44.0008 2856  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:03:44.0009 2856  vga - ok
16:03:44.0025 2856  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:03:44.0026 2856  VgaSave - ok
16:03:44.0049 2856  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
16:03:44.0050 2856  vhdmp - ok
16:03:44.0065 2856  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
16:03:44.0065 2856  viaide - ok
16:03:44.0088 2856  [ 905DD422D28A32FACE8AE695B3823843 ] vidsflt67       C:\Windows\system32\DRIVERS\vsflt67.sys
16:03:44.0089 2856  vidsflt67 - ok
16:03:44.0169 2856  [ 0FC29ADB3F634ED3E535A76395B470B5 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
16:03:44.0171 2856  VMAuthdService - ok
16:03:44.0195 2856  [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
16:03:44.0198 2856  vmci - ok
16:03:44.0237 2856  [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:03:44.0238 2856  VMnetAdapter - ok
16:03:44.0268 2856  [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:03:44.0269 2856  VMnetBridge - ok
16:03:44.0274 2856  VMnetDHCP - ok
16:03:44.0289 2856  [ 227982E986C02B710630D7FC570CAA77 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
16:03:44.0289 2856  VMnetuserif - ok
16:03:44.0342 2856  [ 415B167695C4B5960A13098622EF3D80 ] vmusb           C:\Windows\system32\Drivers\vmusb.sys
16:03:44.0344 2856  vmusb - ok
16:03:44.0429 2856  [ B5BB4513C3206D1D4F8A0F276AE424FA ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
16:03:44.0435 2856  VMUSBArbService - ok
16:03:44.0444 2856  VMware NAT Service - ok
16:03:44.0665 2856  [ 0B82C21C79BC67ECF416F1E1655E5F65 ] VMwareHostd     C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
16:03:44.0720 2856  VMwareHostd - ok
16:03:44.0751 2856  [ 86AA5EAE57E2EAEF3B6F5C16B27E0EC4 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
16:03:44.0752 2856  vmx86 - ok
16:03:44.0772 2856  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
16:03:44.0772 2856  volmgr - ok
16:03:44.0780 2856  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:03:44.0782 2856  volmgrx - ok
16:03:44.0792 2856  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
16:03:44.0794 2856  volsnap - ok
16:03:44.0810 2856  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:03:44.0811 2856  vsmraid - ok
16:03:44.0848 2856  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
16:03:44.0857 2856  VSS - ok
16:03:44.0932 2856  [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
16:03:44.0932 2856  vstor2-mntapi10-shared - ok
16:03:44.0953 2856  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:03:44.0954 2856  vwifibus - ok
16:03:44.0968 2856  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:03:44.0974 2856  W32Time - ok
16:03:44.0982 2856  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:03:44.0984 2856  WacomPen - ok
16:03:44.0994 2856  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:03:44.0995 2856  WANARP - ok
16:03:44.0998 2856  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:03:44.0999 2856  Wanarpv6 - ok
16:03:45.0022 2856  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
16:03:45.0030 2856  wbengine - ok
16:03:45.0037 2856  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:03:45.0039 2856  WbioSrvc - ok
16:03:45.0046 2856  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:03:45.0049 2856  wcncsvc - ok
16:03:45.0067 2856  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:03:45.0068 2856  WcsPlugInService - ok
16:03:45.0072 2856  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:03:45.0073 2856  Wd - ok
16:03:45.0093 2856  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:03:45.0097 2856  Wdf01000 - ok
16:03:45.0110 2856  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:03:45.0112 2856  WdiServiceHost - ok
16:03:45.0116 2856  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:03:45.0117 2856  WdiSystemHost - ok
16:03:45.0132 2856  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
16:03:45.0135 2856  WebClient - ok
16:03:45.0147 2856  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:03:45.0150 2856  Wecsvc - ok
16:03:45.0171 2856  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:03:45.0172 2856  wercplsupport - ok
16:03:45.0190 2856  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:03:45.0192 2856  WerSvc - ok
16:03:45.0204 2856  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:03:45.0204 2856  WfpLwf - ok
16:03:45.0223 2856  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:03:45.0224 2856  WIMMount - ok
16:03:45.0242 2856  WinDefend - ok
16:03:45.0249 2856  WinHttpAutoProxySvc - ok
16:03:45.0277 2856  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:03:45.0279 2856  Winmgmt - ok
16:03:45.0351 2856  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:03:45.0370 2856  WinRM - ok
16:03:45.0428 2856  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:03:45.0430 2856  WinUsb - ok
16:03:45.0471 2856  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:03:45.0478 2856  Wlansvc - ok
16:03:45.0490 2856  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:03:45.0491 2856  WmiAcpi - ok
16:03:45.0522 2856  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:03:45.0523 2856  wmiApSrv - ok
16:03:45.0537 2856  WMPNetworkSvc - ok
16:03:45.0552 2856  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:03:45.0554 2856  WPCSvc - ok
16:03:45.0569 2856  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:03:45.0571 2856  WPDBusEnum - ok
16:03:45.0575 2856  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:03:45.0576 2856  ws2ifsl - ok
16:03:45.0599 2856  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
16:03:45.0601 2856  wscsvc - ok
16:03:45.0604 2856  WSearch - ok
16:03:45.0649 2856  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:03:45.0662 2856  wuauserv - ok
16:03:45.0706 2856  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:03:45.0707 2856  WudfPf - ok
16:03:45.0724 2856  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:03:45.0728 2856  WUDFRd - ok
16:03:45.0750 2856  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:03:45.0754 2856  wudfsvc - ok
16:03:45.0771 2856  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:03:45.0775 2856  WwanSvc - ok
16:03:45.0783 2856  ZTEusbmdm6k - ok
16:03:45.0791 2856  ZTEusbnmea - ok
16:03:45.0797 2856  ZTEusbser6k - ok
16:03:45.0824 2856  ================ Scan global ===============================
16:03:45.0839 2856  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:03:45.0862 2856  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
16:03:45.0868 2856  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
16:03:45.0892 2856  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:03:45.0928 2856  [ B19E55DAB115B40651C7C5742325D059 ] C:\Windows\system32\services.exe
16:03:45.0935 2856  Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: B19E55DAB115B40651C7C5742325D059
16:03:45.0938 2856  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
16:03:45.0938 2856  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
16:03:45.0939 2856  ================ Scan MBR ==================================
16:03:45.0951 2856  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:03:46.0306 2856  \Device\Harddisk0\DR0 - ok
16:03:46.0306 2856  ================ Scan VBR ==================================
16:03:46.0309 2856  [ FB8976C99F9E9272DB00B33163107FCF ] \Device\Harddisk0\DR0\Partition1
16:03:46.0310 2856  \Device\Harddisk0\DR0\Partition1 - ok
16:03:46.0313 2856  [ D6C73222494E4EAFAB8F66E423E99DA9 ] \Device\Harddisk0\DR0\Partition2
16:03:46.0314 2856  \Device\Harddisk0\DR0\Partition2 - ok
16:03:46.0315 2856  ============================================================
16:03:46.0315 2856  Scan finished
16:03:46.0315 2856  ============================================================
16:03:46.0325 1432  Detected object count: 1
16:03:46.0325 1432  Actual detected object count: 1
16:08:55.0656 1432  C:\Windows\system32\services.exe - copied to quarantine
16:08:55.0695 1432  C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
16:08:55.0696 1432  C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
16:08:55.0701 1432  C:\Users\Bienchen\AppData\Local\{8cc6811e-b549-d4c0-9030-e98abec83f99}\@ - copied to quarantine
16:08:57.0061 1432  Backup copy not found, trying to cure infected file..
16:08:57.0062 1432  Cure success, using it..
16:08:59.0818 1432  C:\Windows\system32\services.exe - processing error
16:08:59.0818 1432  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure

Cure fails...

ComboFix:

ComboFix 12-09-15.02 - Bienchen 16.09.2012  14:40:22.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.8190.5444 [GMT -4:00]
ausgeführt von:: c:\users\Bienchen\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{8cc6811e-b549-d4c0-9030-e98abec83f99}\@
c:\windows\Installer\{8cc6811e-b549-d4c0-9030-e98abec83f99}\L\00000004.@
c:\windows\Installer\{8cc6811e-b549-d4c0-9030-e98abec83f99}\U\00000004.@
c:\windows\Installer\{8cc6811e-b549-d4c0-9030-e98abec83f99}\U\00000008.@
c:\windows\Installer\{8cc6811e-b549-d4c0-9030-e98abec83f99}\U\000000cb.@
c:\windows\Installer\{8cc6811e-b549-d4c0-9030-e98abec83f99}\U\80000000.@
c:\windows\Installer\{8cc6811e-b549-d4c0-9030-e98abec83f99}\U\80000032.@
c:\windows\Installer\{8cc6811e-b549-d4c0-9030-e98abec83f99}\U\80000064.@
c:\windows\SysWow64\BDSSR.dll
c:\windows\SysWow64\BDSSR160.dll
c:\windows\SysWow64\wpcap.dll
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-16 bis 2012-09-16  ))))))))))))))))))))))))))))))
.
.
2012-09-16 18:48 . 2012-09-16 18:48	--------	dc----w-	c:\users\Public\AppData\Local\temp
2012-09-16 18:48 . 2012-09-16 18:48	--------	dc----w-	c:\users\neuronet\AppData\Local\temp
2012-09-16 18:48 . 2012-09-16 18:48	--------	dc----w-	c:\users\Default\AppData\Local\temp
2012-09-16 18:28 . 2012-09-16 18:28	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Malwarebytes
2012-09-16 18:27 . 2012-09-16 18:27	--------	dc----w-	c:\programdata\Malwarebytes
2012-09-16 18:27 . 2012-09-16 18:27	--------	dc----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-16 18:27 . 2012-09-07 21:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-16 18:24 . 2012-09-16 18:24	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\SUPERAntiSpyware.com
2012-09-16 18:23 . 2012-09-16 18:24	--------	dc----w-	c:\program files\SUPERAntiSpyware
2012-09-16 18:23 . 2012-09-16 18:23	--------	dc----w-	c:\programdata\SUPERAntiSpyware.com
2012-09-16 18:20 . 2012-09-16 18:20	331776	----a-w-	c:\windows\system32\tskA7A9.tmp
2012-09-16 18:19 . 2012-09-16 18:19	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-09-16 15:18 . 2012-09-16 15:18	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Adobe Mini Bridge CS5
2012-09-16 15:18 . 2012-09-16 15:18	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-16 15:04 . 2012-09-16 15:04	--------	dc----w-	c:\program files\Adobe
2012-09-16 15:01 . 2012-09-16 15:04	--------	dc----w-	c:\program files\Common Files\Adobe
2012-09-16 14:59 . 2012-09-16 14:59	--------	dc----w-	c:\program files (x86)\Adobe Media Player
2012-09-16 14:57 . 2012-09-16 14:57	--------	dc----w-	c:\program files (x86)\Common Files\Adobe AIR
2012-09-15 18:13 . 2012-09-15 18:13	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Smtp Client
2012-09-15 13:40 . 2012-09-15 13:40	--------	d-----w-	c:\windows\SysWow64\Log Files
2012-09-15 01:33 . 2012-09-15 01:33	--------	dc----w-	c:\program files (x86)\Common Files\Java
2012-09-15 01:32 . 2012-09-15 01:32	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-15 01:32 . 2012-09-15 01:32	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 21:34 . 2012-08-22 15:19	1589248	----a-w-	c:\windows\SysWow64\libmysql_d.dll
2012-09-13 21:34 . 2012-09-13 21:34	--------	dc----w-	c:\program files (x86)\PremiumSoft
2012-09-13 21:24 . 2012-09-13 21:24	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\MySQL
2012-09-13 21:21 . 2012-09-13 21:21	--------	dc----w-	c:\program files (x86)\MySQL
2012-09-13 21:10 . 2012-09-13 21:10	--------	d-----w-	C:\VMWARE
2012-09-13 15:16 . 2012-09-13 18:37	--------	d-----w-	C:\Casino
2012-09-13 01:29 . 2012-09-13 01:29	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2011 R3
2012-09-12 23:34 . 2012-09-12 23:51	--------	dc----w-	c:\program files (x86)\LogicNP Software
2012-09-12 23:02 . 2012-09-12 23:02	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
2012-09-12 23:01 . 2012-09-12 23:01	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2012-09-12 22:59 . 2012-09-12 22:59	--------	dc----w-	c:\users\Bienchen\AppData\Local\SkinSoft
2012-09-12 03:12 . 2012-09-12 03:21	--------	d-----w-	C:\Phising
2012-09-12 03:12 . 2012-09-12 03:12	--------	dc----w-	c:\program files\WinHTTrack
2012-09-11 23:18 . 2012-09-11 23:18	--------	dc----w-	c:\program files (x86)\ITSecTeam
2012-09-10 22:02 . 2012-09-10 23:41	--------	d-----w-	C:\TIDY_BACKUP
2012-09-09 14:02 . 2012-09-09 14:05	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\PacificPoker
2012-09-09 14:02 . 2012-09-09 14:02	--------	dc----w-	c:\program files (x86)\PacificPoker
2012-09-09 13:43 . 2012-09-09 13:43	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Mozilla-Cache
2012-09-09 13:43 . 2012-09-09 13:45	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Party
2012-09-09 13:43 . 2012-09-09 13:43	--------	d-----w-	C:\Programs
2012-09-09 00:30 . 2012-09-09 00:30	--------	dc----w-	c:\program files (x86)\Red Gate
2012-09-09 00:29 . 2012-09-09 00:29	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\ICSharpCode
2012-09-05 15:25 . 2010-06-21 22:07	29288	----a-w-	c:\windows\system32\nvhdap64.dll
2012-09-05 15:25 . 2010-06-21 22:07	255592	----a-w-	c:\windows\system32\nvcohda6.dll
2012-09-05 15:25 . 2010-06-21 22:07	131688	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2012-09-05 15:25 . 2012-09-05 15:25	--------	d-----w-	C:\NVIDIA
2012-09-05 15:24 . 2012-09-16 18:49	--------	dc----w-	c:\programdata\NVIDIA
2012-09-05 15:24 . 2012-09-05 15:37	--------	dc----w-	c:\program files (x86)\NVIDIA Corporation
2012-09-05 15:23 . 2012-09-05 15:23	--------	dc----w-	c:\programdata\NVIDIA Corporation
2012-09-05 15:23 . 2012-09-05 15:24	--------	dc----w-	c:\program files\NVIDIA Corporation
2012-09-03 16:34 . 2012-09-03 16:45	--------	d-----w-	C:\ao-tools server kopie
2012-09-02 18:19 . 2012-09-02 18:32	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\TortoiseSVN
2012-09-02 17:30 . 2012-09-16 18:48	--------	dc----w-	c:\users\Bienchen\AppData\Local\TSVNCache
2012-09-02 14:28 . 2012-09-02 14:28	--------	dc----w-	c:\program files (x86)\Common Files\TortoiseOverlays
2012-09-02 14:28 . 2012-09-02 14:28	--------	dc----w-	c:\program files\TortoiseSVN
2012-09-02 14:28 . 2012-09-02 14:28	--------	dc----w-	c:\program files\Common Files\TortoiseOverlays
2012-09-02 05:26 . 2010-03-07 15:22	1849344	----a-w-	c:\windows\system32\Qt4Pas5.dll
2012-09-02 05:06 . 2012-09-02 05:26	--------	d-----w-	C:\lazarus
2012-09-02 04:57 . 2012-09-02 12:48	--------	dc----w-	c:\users\Bienchen\AppData\Local\lazarus
2012-09-02 04:06 . 2012-09-02 04:06	--------	dc----w-	c:\program files (x86)\Cheat Engine 6.2
2012-09-01 00:51 . 2012-09-16 18:20	--------	d-----w-	C:\Download
2012-08-31 21:54 . 2012-08-31 21:56	--------	dc-h--w-	c:\programdata\{16DDC977-28D8-44E8-8358-8BBFBEE97FE7}
2012-08-31 21:46 . 2012-08-31 22:14	--------	dc----w-	c:\programdata\Embarcadero
2012-08-31 21:46 . 2012-08-31 21:46	--------	dc----w-	c:\program files (x86)\Common Files\CodeGear Shared
2012-08-31 21:46 . 2012-08-31 21:46	--------	dc----w-	c:\program files (x86)\Embarcadero
2012-08-31 21:46 . 2012-08-31 21:46	--------	dc----w-	c:\program files (x86)\Common Files\Borland Shared
2012-08-31 21:41 . 2012-08-31 21:53	--------	d--h--w-	c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-08-31 21:36 . 2012-08-31 21:36	--------	dc----w-	c:\program files (x86)\Elaborate Bytes
2012-08-28 20:53 . 2011-08-22 21:07	62064	----a-w-	c:\windows\system32\drivers\vmx86.sys
2012-08-28 20:53 . 2011-08-22 21:07	354416	----a-w-	c:\windows\SysWow64\vmnetdhcp.exe
2012-08-28 20:53 . 2011-08-22 21:06	432752	----a-w-	c:\windows\SysWow64\vmnat.exe
2012-08-28 20:53 . 2011-08-22 21:06	30320	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2012-08-28 20:53 . 2011-08-22 21:07	942192	----a-w-	c:\windows\system32\vnetlib64.dll
2012-08-28 20:52 . 2011-08-22 03:11	39024	----a-w-	c:\windows\system32\drivers\hcmon.sys
2012-08-28 20:52 . 2012-08-28 20:52	--------	dc----w-	c:\program files (x86)\VMware
2012-08-28 20:52 . 2012-08-28 20:52	--------	dc----w-	c:\program files (x86)\Common Files\VMware
2012-08-28 20:51 . 2012-08-28 20:51	--------	dc----w-	c:\program files\Common Files\VMware
2012-08-26 20:08 . 2012-08-26 20:08	--------	dc----w-	c:\program files (x86)\AutoHideIP
2012-08-26 19:08 . 2012-09-09 00:18	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Free Download Manager
2012-08-26 19:08 . 2012-09-08 23:46	--------	dc----w-	c:\program files (x86)\Free Download Manager
2012-08-26 18:59 . 2012-08-26 19:02	--------	d-----w-	C:\Baby Need Space
2012-08-26 18:34 . 2012-08-26 18:34	--------	d-----r-	C:\acroldr
2012-08-26 18:18 . 2012-08-26 18:18	994912	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-08-26 18:18 . 2012-08-26 18:18	211552	----a-w-	c:\windows\system32\drivers\vididr.sys
2012-08-26 18:18 . 2012-08-26 18:18	146528	----a-w-	c:\windows\system32\drivers\vsflt67.sys
2012-08-26 18:18 . 2012-08-26 18:18	320096	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-08-26 18:18 . 2012-08-26 18:18	137312	----a-w-	c:\windows\system32\drivers\fltsrv.sys
2012-08-26 18:17 . 2012-08-26 18:17	--------	dc----w-	c:\program files (x86)\Acronis
2012-08-21 18:44 . 2012-09-09 00:16	--------	dc----w-	c:\program files\CCleaner
2012-08-21 16:48 . 2012-08-21 16:48	--------	dc----w-	c:\programdata\Nexon
2012-08-19 02:22 . 2012-08-19 02:22	--------	dc----w-	c:\program files (x86)\FinalWire
2012-08-19 01:51 . 2012-08-19 01:51	556032	----a-w-	C:\VS_EXPBSLN_x64_deu.MSI
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 01:32 . 2012-04-15 18:03	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-21 18:42 . 2012-04-03 11:32	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 18:42 . 2012-03-04 00:22	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-19 02:13 . 2012-08-10 03:47	113440	-c--a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-08-16 03:25 . 2012-08-16 03:25	119120	-c--a-w-	c:\windows\dxsdkuninst.exe
2012-08-15 23:32 . 2012-08-15 23:34	3724568	----a-w-	c:\windows\system32\d3dx9d_32.dll
2012-08-13 04:55 . 2012-08-10 00:59	20360	----a-w-	c:\windows\system32\drivers\Dbgv.sys
2012-08-10 01:03 . 2012-08-10 01:03	27016	----a-w-	c:\windows\SysWow64\drivers\PROCEXP141.SYS
2012-08-04 19:15 . 2012-08-04 19:12	188896	-c--a-w-	c:\programdata\Microsoft\VCSExpress\10.0\1031\ResourceCache.dll
2012-07-18 22:04 . 2012-08-06 19:30	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-18 22:04 . 2012-08-06 19:30	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-18 22:04 . 2012-08-06 19:30	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-01 12:19 . 2012-07-01 12:19	116096	----a-w-	c:\windows\system32\drivers\avmaudio.sys
2012-07-01 12:19 . 2012-07-01 12:19	32256	----a-w-	c:\windows\system32\MiniInstaller.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:39 . !HASH: COULD NOT OPEN FILE !!!!! . 329216 . . [------] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 PORTMON;PORTMON;c:\users\Bienchen\Downloads\SysinternalsSuite\PORTMSYS.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
R4 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-08-26 137312]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-08-26 146528]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-29 248936]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-07-01 116096]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task acc620a5-cdac-4627-aaa7-8e65e8f74959.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-16 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ceea96c2-fb6d-44c5-85f4-189bdca25d08.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 205.151.67.2 205.151.67.6
FF - ProfilePath - c:\users\Bienchen\AppData\Roaming\Mozilla\Firefox\Profiles\09we6att.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - goolge.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.0&q=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{72FC9DEA-4803-4D67-9989-3B5C5BDB0A66} - c:\users\Bienchen\AppData\Local\{B1FA7970-52B3-450F-B0CB-4E6D539E1B31}\HexEditPro4_0.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-16  14:55:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-16 18:55
ComboFix2.txt  2012-08-07 00:04
.
Vor Suchlauf: 26 Verzeichnis(se), 860.316.868.608 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 860.167.557.120 Bytes frei
.
- - End Of File - - BC8205D310702C099C3CB2640224FAA2


OTL Report:
OTL logfile created on: 16.09.2012 15:34:36 - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Users\Bienchen\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 74,57% Memory free
15,99 Gb Paging File | 14,11 Gb Available in Paging File | 88,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 803,17 Gb Free Space | 86,23% Space Free | Partition Type: NTFS
Drive Z: | 452,53 Gb Total Space | 164,79 Gb Free Space | 36,42% Space Free | Partition Type: NTFS
 
Computer Name: BIENCHEN-PC | User Name: Bienchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.09.16 15:16:01 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Bienchen\Downloads\OTL.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.10 18:10:34 | 001,261,568 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\iron.exe
PRC - [2011.08.22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.08.22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.08.30 19:01:28 | 000,070,536 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\libsasl32.dll
MOD - [2012.06.28 12:31:26 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libegl.dll
MOD - [2012.06.28 12:27:34 | 000,648,704 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libglesv2.dll
MOD - [2012.06.27 23:33:32 | 001,126,926 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avcodec-54.dll
MOD - [2012.06.27 23:33:32 | 000,213,518 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avformat-54.dll
MOD - [2012.06.27 23:33:32 | 000,134,670 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avutil-51.dll
MOD - [2012.01.08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009.07.13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2012.08.24 07:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.31 17:49:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.15 13:29:42 | 000,014,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.08.22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.08.22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.08.22 16:34:52 | 011,837,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011.08.22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.21 23:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012.08.26 14:18:28 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67)
DRV:[b]64bit:[/b] - [2012.08.26 14:18:19 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:[b]64bit:[/b] - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2012.07.01 08:19:51 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:[b]64bit:[/b] - [2011.12.15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2011.08.22 17:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:[b]64bit:[/b] - [2011.08.22 17:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:[b]64bit:[/b] - [2011.08.22 15:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:[b]64bit:[/b] - [2011.08.22 15:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:[b]64bit:[/b] - [2011.08.21 23:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:[b]64bit:[/b] - [2011.08.21 23:01:22 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:[b]64bit:[/b] - [2011.08.11 02:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:[b]64bit:[/b] - [2011.01.15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2010.12.16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010.06.25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:[b]64bit:[/b] - [2010.06.21 18:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2010.06.14 04:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:[b]64bit:[/b] - [2009.12.21 21:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2009.07.13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009.07.13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009.07.13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009.07.13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009.07.13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.07.13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009.06.10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:[b]64bit:[/b] - [2008.07.26 09:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:[b]64bit:[/b] - [2008.07.26 09:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:[b]64bit:[/b] - [2008.07.26 09:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:[b]64bit:[/b] - [2008.07.26 09:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2010.06.14 04:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 F7 01 C9 1F 29 CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "goolge.de"
FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.0&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bienchen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:49:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.03.03 20:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bienchen\AppData\Roaming\mozilla\Extensions
[2012.09.08 19:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bienchen\AppData\Roaming\mozilla\Firefox\Profiles\09we6att.default\extensions
[2012.08.26 19:29:05 | 000,004,530 | ---- | M] () (No name found) -- C:\Users\Bienchen\AppData\Roaming\mozilla\firefox\profiles\09we6att.default\extensions\[email protected]
[2012.03.03 20:17:15 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Bienchen\AppData\Roaming\mozilla\firefox\profiles\09we6att.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2012.09.12 11:52:41 | 000,000,950 | ---- | M] () -- C:\Users\Bienchen\AppData\Roaming\mozilla\firefox\profiles\09we6att.default\searchplugins\icqplugin-1.xml
[2012.07.31 14:57:00 | 000,001,056 | ---- | M] () -- C:\Users\Bienchen\AppData\Roaming\mozilla\firefox\profiles\09we6att.default\searchplugins\icqplugin.xml
[2012.04.26 08:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.31 17:49:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 07:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 06:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 07:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 07:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 07:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 07:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.16 14:49:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.151.67.2 205.151.67.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1801B813-F00D-4F61-9D33-3307B398BED3}: DhcpNameServer = 217.20.115.1 217.20.116.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69AB14F8-2B7C-49A7-AF52-BE9E4A8D918A}: DhcpNameServer = 205.151.67.2 205.151.67.6
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.26 11:12:08 | 000,000,000 | ---D | M] - Z:\Autogrinder Development -- [ NTFS ]
O32 - AutoRun File - [2012.08.06 18:00:58 | 000,000,000 | ---D | M] - Z:\AutoGrinder_0_6_B_IntAO_3_20_45 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.09.16 14:55:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.16 14:51:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.16 14:36:14 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Bienchen\Desktop\ComboFix.exe
[2012.09.16 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Malwarebytes
[2012.09.16 14:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.16 14:24:08 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\SUPERAntiSpyware.com
[2012.09.16 14:19:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.09.16 11:18:32 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Adobe Mini Bridge CS5
[2012.09.16 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.09.16 11:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.09.16 11:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.09.16 10:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012.09.16 10:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012.09.16 10:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.09.16 09:50:32 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Desktop\AutoGrinder_0_6_D_ALL
[2012.09.16 09:42:27 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Desktop\AutoGrinder_0_6_B_IntAO_3_21_15
[2012.09.15 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Desktop\ScreenShot
[2012.09.15 14:13:10 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Smtp Client
[2012.09.15 09:40:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Log Files
[2012.09.14 21:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.14 21:32:47 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.14 21:32:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.14 21:32:36 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.14 21:32:36 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.14 21:32:36 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.13 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Navicat
[2012.09.13 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2012.09.13 17:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2012.09.13 17:24:01 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\MySQL
[2012.09.13 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySQL
[2012.09.13 17:10:47 | 000,000,000 | ---D | C] -- C:\VMWARE
[2012.09.13 11:16:05 | 000,000,000 | ---D | C] -- C:\Casino
[2012.09.12 23:54:11 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Desktop\Neuer Ordner
[2012.09.12 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2011 R3
[2012.09.12 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogicNP Software
[2012.09.12 19:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogicNP Software
[2012.09.12 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
[2012.09.12 19:01:57 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012.09.12 18:59:00 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Local\SkinSoft
[2012.09.11 23:12:43 | 000,000,000 | ---D | C] -- C:\Phising
[2012.09.11 23:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2012.09.11 23:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2012.09.11 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Phising
[2012.09.11 19:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ITSecTeam
[2012.09.10 18:02:53 | 000,000,000 | ---D | C] -- C:\TIDY_BACKUP
[2012.09.09 10:02:55 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
[2012.09.09 10:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2012.09.09 10:02:37 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\PacificPoker
[2012.09.09 10:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker
[2012.09.09 09:43:57 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Mozilla-Cache
[2012.09.09 09:43:35 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Party
[2012.09.09 09:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2012.09.09 09:43:03 | 000,000,000 | ---D | C] -- C:\Programs
[2012.09.08 20:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Gate
[2012.09.08 20:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Gate
[2012.09.08 20:29:32 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\ICSharpCode
[2012.09.08 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Start Menu
[2012.09.08 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Application Data
[2012.09.08 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\888poker
[2012.09.07 14:51:02 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Visual Studio 2008
[2012.09.05 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\NEW_AutoGrinder
[2012.09.05 16:46:57 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_E_ALL
[2012.09.05 11:25:18 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcohda6.dll
[2012.09.05 11:25:18 | 000,131,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.09.05 11:25:18 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.09.05 11:25:17 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.09.05 11:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.09.05 11:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.09.05 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.09.05 11:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.09.05 11:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.09.04 10:32:46 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_IndoAO_3_16_60
[2012.09.04 10:32:44 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_EuroAO_3_19_08
[2012.09.03 21:07:40 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_ALL
[2012.09.03 12:34:22 | 000,000,000 | ---D | C] -- C:\ao-tools server kopie
[2012.09.02 14:19:33 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\TortoiseSVN
[2012.09.02 14:19:11 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Lazarus
[2012.09.02 13:30:51 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Local\TSVNCache
[2012.09.02 10:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2012.09.02 10:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays
[2012.09.02 10:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2012.09.02 10:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012.09.02 01:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
[2012.09.02 01:06:19 | 000,000,000 | ---D | C] -- C:\lazarus
[2012.09.02 00:57:38 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Local\lazarus
[2012.09.02 00:06:57 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\My Cheat Tables
[2012.09.02 00:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012.09.02 00:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2012.08.31 20:51:50 | 000,000,000 | ---D | C] -- C:\Download
[2012.08.31 17:58:00 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\RAD Studio
[2012.08.31 17:54:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{16DDC977-28D8-44E8-8358-8BBFBEE97FE7}
[2012.08.31 17:54:45 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Rad_Studio_XE2_Upd6_Help_Downloads
[2012.08.31 17:46:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RAD Studio XE2
[2012.08.31 17:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Embarcadero
[2012.08.31 17:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Embarcadero
[2012.08.31 17:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CodeGear Shared
[2012.08.31 17:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2012.08.31 17:43:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RAD Studio
[2012.08.31 17:41:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}
[2012.08.31 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012.08.31 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.08.30 14:59:44 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Virtual Machines
[2012.08.28 16:53:43 | 000,062,064 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012.08.28 16:53:11 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012.08.28 16:53:06 | 000,432,752 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012.08.28 16:53:05 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012.08.28 16:53:01 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012.08.28 16:52:51 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012.08.28 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.08.28 16:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2012.08.28 16:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012.08.28 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2012.08.28 16:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.08.26 17:24:56 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gemscool
[2012.08.26 16:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Hide IP
[2012.08.26 16:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHideIP
[2012.08.26 15:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012.08.26 15:10:02 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.08.26 15:08:38 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Free Download Manager
[2012.08.26 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2012.08.26 14:59:45 | 000,000,000 | ---D | C] -- C:\Baby Need Space
[2012.08.26 14:34:56 | 000,000,000 | R--D | C] -- C:\acroldr
[2012.08.26 14:20:25 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Acronis
[2012.08.26 14:18:44 | 000,994,912 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2012.08.26 14:18:36 | 000,211,552 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\vididr.sys
[2012.08.26 14:18:28 | 000,146,528 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\vsflt67.sys
[2012.08.26 14:18:23 | 000,320,096 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2012.08.26 14:18:19 | 000,137,312 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys
[2012.08.26 14:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2012.08.22 20:46:22 | 015,901,696 | ---- | C] (NDoors Co,Ltd.) -- C:\Users\Bienchen\Desktop\Atlantica_V32108.exe
[2012.08.22 09:46:46 | 016,263,680 | ---- | C] (NDoors Co,Ltd.) -- C:\Users\Bienchen\Desktop\Atlantica_EU_old.exe
[2012.08.21 14:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.08.21 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.21 12:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012.08.18 22:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2012.08.18 22:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.09.16 15:28:13 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 15:28:13 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 15:13:15 | 001,621,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.16 15:13:15 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.16 15:13:15 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.16 15:13:15 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.16 15:13:15 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.16 15:08:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.16 15:08:38 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 14:49:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.16 14:36:16 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Bienchen\Desktop\ComboFix.exe
[2012.09.16 10:46:04 | 001,714,006 | ---- | M] () -- C:\Users\Bienchen\Desktop\autogrinders_US.rar
[2012.09.16 09:52:51 | 000,001,394 | ---- | M] () -- C:\Users\Bienchen\SciTE.session
[2012.09.15 22:12:02 | 000,024,826 | ---- | M] () -- C:\Users\Bienchen\AppData\Local\recently-used.xbel
[2012.09.14 21:32:16 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.14 21:32:16 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.14 21:32:16 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.14 21:32:16 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.14 21:32:16 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.14 21:32:16 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.14 18:50:31 | 000,007,593 | ---- | M] () -- C:\Users\Bienchen\AppData\Local\resmon.resmoncfg
[2012.09.14 10:25:03 | 004,918,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.13 17:34:18 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\Navicat for MySQL.lnk
[2012.09.11 23:12:03 | 000,000,780 | ---- | M] () -- C:\Users\Bienchen\Desktop\HTTrack Website Copier.lnk
[2012.09.09 10:02:55 | 000,002,031 | ---- | M] () -- C:\Users\Bienchen\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2012.09.09 10:02:55 | 000,002,013 | ---- | M] () -- C:\Users\Bienchen\Desktop\888poker.lnk
[2012.09.09 09:43:25 | 000,001,695 | ---- | M] () -- C:\Users\Bienchen\Desktop\PartyPoker.lnk
[2012.09.08 20:16:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.07 10:36:26 | 000,243,988 | ---- | M] () -- C:\Users\Bienchen\Desktop\cogeco-bill.pdf
[2012.09.06 19:03:03 | 000,054,727 | ---- | M] () -- C:\Users\Bienchen\Desktop\inscription.pdf
[2012.09.04 10:41:02 | 000,942,361 | ---- | M] () -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_ALL.rar
[2012.09.03 21:29:11 | 000,000,512 | ---- | M] () -- C:\Users\Public\Desktop\PPTP Network Auto Dialer (64-Bit) - Verknüpfung.lnk
[2012.09.02 01:26:28 | 000,001,504 | ---- | M] () -- C:\Users\Bienchen\Desktop\Lazarus.lnk
[2012.09.02 00:06:15 | 000,001,089 | ---- | M] () -- C:\Users\Bienchen\Desktop\Cheat Engine.lnk
[2012.08.31 18:13:54 | 000,005,168 | ---- | M] () -- C:\Users\Bienchen\Desktop\RADStudioXE2.slip
[2012.08.31 17:54:45 | 000,000,026 | ---- | M] () -- C:\Users\Bienchen\Documents\Rad_Studio_XE2_Upd6_Help_Downloadsversion.ini
[2012.08.30 12:37:23 | 001,828,896 | ---- | M] () -- C:\Users\Bienchen\Documents\Antonia,Dario,Dina,Guiliana und Cinah 1.JPG
[2012.08.29 10:44:15 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.08.28 16:52:47 | 000,001,024 | ---- | M] () -- C:\Users\Bienchen\.rnd
[2012.08.28 16:52:43 | 001,641,400 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.28 16:52:40 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012.08.27 15:00:16 | 001,025,295 | ---- | M] () -- C:\Users\Bienchen\Desktop\IMAG0365.jpg
[2012.08.27 14:59:54 | 000,001,456 | ---- | M] () -- C:\Users\Bienchen\Desktop\PersoBuilder-c#.lnk
[2012.08.27 14:59:54 | 000,001,235 | ---- | M] () -- C:\Users\Bienchen\Desktop\Downloads - Verknüpfung.lnk
[2012.08.27 14:11:05 | 000,364,915 | ---- | M] () -- C:\Users\Bienchen\Documents\mels.xcf
[2012.08.26 20:04:37 | 000,001,638 | ---- | M] () -- C:\Users\Bienchen\Desktop\Atlantica Online.lnk
[2012.08.26 16:08:13 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Auto Hide IP.lnk
[2012.08.26 14:18:44 | 000,994,912 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2012.08.26 14:18:36 | 000,211,552 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\vididr.sys
[2012.08.26 14:18:28 | 000,146,528 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\vsflt67.sys
[2012.08.26 14:18:23 | 000,320,096 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2012.08.26 14:18:19 | 000,137,312 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\fltsrv.sys
[2012.08.26 11:49:18 | 000,953,543 | ---- | M] () -- C:\Users\Bienchen\Desktop\IMAG0366.jpg
[2012.08.25 18:37:32 | 000,782,820 | ---- | M] () -- C:\Users\Bienchen\Desktop\IMAG0364.jpg
[2012.08.23 15:02:03 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2012.08.22 11:19:54 | 001,589,248 | ---- | M] () -- C:\Windows\SysWow64\libmysql_d.dll
[2012.08.21 14:48:39 | 000,015,544 | ---- | M] () -- C:\Users\Bienchen\Documents\cc_20120821_144836.reg
[2012.08.21 14:48:21 | 000,194,076 | ---- | M] () -- C:\Users\Bienchen\Documents\cc_20120821_144806.reg
[2012.08.21 14:42:46 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.21 14:42:46 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.18 21:51:07 | 002,089,325 | ---- | M] () -- C:\VS_EXPBSLN_x64_deu.CAB
[2012.08.18 21:51:03 | 000,556,032 | ---- | M] () -- C:\VS_EXPBSLN_x64_deu.MSI
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.09.16 11:04:20 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2012.09.16 11:03:37 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012.09.16 11:01:16 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012.09.16 11:00:34 | 000,001,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012.09.16 10:58:04 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012.09.16 10:57:45 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.09.16 10:57:08 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.09.16 10:46:04 | 001,714,006 | ---- | C] () -- C:\Users\Bienchen\Desktop\autogrinders_US.rar
[2012.09.15 22:12:02 | 000,024,826 | ---- | C] () -- C:\Users\Bienchen\AppData\Local\recently-used.xbel
[2012.09.13 17:34:18 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\Navicat for MySQL.lnk
[2012.09.13 17:34:16 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2012.09.11 23:12:03 | 000,000,780 | ---- | C] () -- C:\Users\Bienchen\Desktop\HTTrack Website Copier.lnk
[2012.09.11 18:44:34 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.09.11 18:44:34 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.09.11 18:44:34 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.09.09 10:02:55 | 000,002,031 | ---- | C] () -- C:\Users\Bienchen\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2012.09.09 10:02:55 | 000,002,013 | ---- | C] () -- C:\Users\Bienchen\Desktop\888poker.lnk
[2012.09.09 09:43:24 | 000,001,695 | ---- | C] () -- C:\Users\Bienchen\Desktop\PartyPoker.lnk
[2012.09.08 20:26:33 | 004,918,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.08 20:16:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.07 10:36:26 | 000,243,988 | ---- | C] () -- C:\Users\Bienchen\Desktop\cogeco-bill.pdf
[2012.09.06 19:03:03 | 000,054,727 | ---- | C] () -- C:\Users\Bienchen\Desktop\inscription.pdf
[2012.09.05 11:23:48 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.09.04 10:41:02 | 000,942,361 | ---- | C] () -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_ALL.rar
[2012.09.03 21:29:11 | 000,000,512 | ---- | C] () -- C:\Users\Public\Desktop\PPTP Network Auto Dialer (64-Bit) - Verknüpfung.lnk
[2012.09.02 01:26:28 | 000,001,504 | ---- | C] () -- C:\Users\Bienchen\Desktop\Lazarus.lnk
[2012.09.02 01:26:27 | 001,849,344 | ---- | C] () -- C:\Windows\SysNative\Qt4Pas5.dll
[2012.08.31 18:13:54 | 000,005,168 | ---- | C] () -- C:\Users\Bienchen\Desktop\RADStudioXE2.slip
[2012.08.31 17:54:45 | 000,000,026 | ---- | C] () -- C:\Users\Bienchen\Documents\Rad_Studio_XE2_Upd6_Help_Downloadsversion.ini
[2012.08.29 10:44:15 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.08.29 10:44:15 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.08.28 16:52:47 | 000,001,024 | ---- | C] () -- C:\Users\Bienchen\.rnd
[2012.08.28 16:52:40 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012.08.27 14:59:51 | 001,025,295 | ---- | C] () -- C:\Users\Bienchen\Desktop\IMAG0365.jpg
[2012.08.27 14:59:51 | 000,953,543 | ---- | C] () -- C:\Users\Bienchen\Desktop\IMAG0366.jpg
[2012.08.27 14:59:51 | 000,782,820 | ---- | C] () -- C:\Users\Bienchen\Desktop\IMAG0364.jpg
[2012.08.26 17:24:56 | 000,001,638 | ---- | C] () -- C:\Users\Bienchen\Desktop\Atlantica Online.lnk
[2012.08.26 16:08:13 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Auto Hide IP.lnk
[2012.08.22 01:59:30 | 000,002,114 | ---- | C] () -- C:\Users\Bienchen\Desktop\[Autoit] - 027 - Antwortvideo Timer  Counter.au3
[2012.08.21 14:48:38 | 000,015,544 | ---- | C] () -- C:\Users\Bienchen\Documents\cc_20120821_144836.reg
[2012.08.21 14:48:10 | 000,194,076 | ---- | C] () -- C:\Users\Bienchen\Documents\cc_20120821_144806.reg
[2012.08.19 22:33:32 | 000,273,920 | ---- | C] () -- C:\Users\Bienchen\Desktop\Vpntraffic.exe
[2012.08.18 21:51:07 | 002,089,325 | ---- | C] () -- C:\VS_EXPBSLN_x64_deu.CAB
[2012.08.18 21:51:03 | 000,556,032 | ---- | C] () -- C:\VS_EXPBSLN_x64_deu.MSI
[2012.08.17 10:55:50 | 000,000,227 | ---- | C] () -- C:\Users\Bienchen\_netrc
[2012.08.15 23:34:12 | 000,000,347 | ---- | C] () -- C:\Users\Bienchen\AppData\Roaming\Digital Clock_Settings.ini
[2012.08.10 09:58:22 | 000,000,177 | ---- | C] () -- C:\Windows\w32demo8.ini
[2012.08.06 19:43:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.08.06 19:43:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.08.06 19:43:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.08.06 19:43:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.08.06 19:43:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.08.06 19:07:11 | 000,000,132 | ---- | C] () -- C:\Users\Bienchen\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.08.06 15:23:04 | 000,000,496 | ---- | C] () -- C:\Users\Bienchen\AppData\Local\.molebox.d9308ce138674bcc832cd28091c5a197.lic
[2012.08.04 14:58:27 | 001,641,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.02 20:25:32 | 000,007,593 | ---- | C] () -- C:\Users\Bienchen\AppData\Local\resmon.resmoncfg
[2012.07.11 04:28:58 | 000,000,269 | ---- | C] () -- C:\Users\Bienchen\index.html
[2012.07.01 08:25:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.05.27 06:07:53 | 000,000,321 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI
[2012.05.15 17:37:36 | 000,544,941 | ---- | C] () -- C:\Users\Bienchen\Atlantica_20120515_173616465.jpg
[2012.05.15 17:37:36 | 000,544,787 | ---- | C] () -- C:\Users\Bienchen\Atlantica_20120515_173608044.jpg
[2012.05.15 10:39:58 | 000,000,600 | ---- | C] () -- C:\Users\Bienchen\AppData\Roaming\winscp.rnd
[2012.05.12 15:47:41 | 000,000,600 | ---- | C] () -- C:\Users\Bienchen\AppData\Local\PUTTY.RND
[2012.05.05 04:50:31 | 000,001,394 | ---- | C] () -- C:\Users\Bienchen\SciTE.session
[2012.05.04 10:55:28 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2012.04.18 10:52:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.04 02:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.29 07:40:20 | 000,000,018 | ---- | C] () -- C:\Users\Bienchen\abbrev.properties
[2010.03.27 11:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Bienchen\au3abbrev.properties
[2009.07.13 19:22:13 | 000,002,048 | -HS- | C] () -- C:\Users\Bienchen\AppData\Local\{8cc6811e-b549-d4c0-9030-e98abec83f99}\@
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:5A437AC3

< End of report >

Thanks for your help in advance...

Yours

neuronet

Edited by neuronet, 16 September 2012 - 02:09 PM.

  • 0

Advertisements

#2
Essexboy
Posted 16 September 2012 - 03:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi first thing we need to do is locate a new services file

  • Run OTL.. Only one log will be produced this time .
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    /md5stop
    %systemdrive%\$Recycle.Bin|@;true;true;true
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
neuronet
Posted 16 September 2012 - 03:18 PM

neuronet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Extras.Txt

OTL Extras logfile created on: 16.09.2012 15:34:36 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Bienchen\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 74,57% Memory free
15,99 Gb Paging File | 14,11 Gb Available in Paging File | 88,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 803,17 Gb Free Space | 86,23% Space Free | Partition Type: NTFS
Drive Z: | 452,53 Gb Total Space | 164,79 Gb Free Space | 36,42% Space Free | Partition Type: NTFS

Computer Name: BIENCHEN-PC | User Name: Bienchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- Reg Error: Key error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = txtfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EBAE01C-BF40-4F7B-8A1F-695B19D746C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0C2D416-6D10-4B50-91CF-89BF9D346F3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets
"{5D762D74-E92F-4E95-9255-D85312617E4D}" = TortoiseSVN 1.7.9.23248 (64 bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.0
"Lazarus_is1" = Lazarus 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1 (x64)
"WinRAR archiver" = WinRAR 4.11 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21C448B9-5137-49F3-B364-270E3C88124A}" = .NET Reflector Desktop
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{52CABE63-3144-4BEC-8968-38CFEB22F6C8}" = Embarcadero RAD Studio XE2
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68180B21-DE6B-41AE-9826-3D65A1B3EF2C}" = Embarcadero Delphi and C++Builder XE2 Help System
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version SRWare Iron 20.0.1150.1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E966F0CC-76B3-11D3-945B-00C04FB1760A}" = BDE_ENT
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"5513-1208-7298-9440" = JDownloader 0.9
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.00
"Atlantica" = Atlantica
"AutoHideIP" = Auto Hide IP
"AutoItv3" = AutoIt v3.3.8.1
"AutoItv3beta" = AutoIt v3.3.9.4 (Beta)
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crypto Obfuscator For .Net_is1" = Crypto Obfuscator For .Net 2012 R2
"Embarcadero Delphi and C++Builder XE2 Help System" = Embarcadero Delphi and C++Builder XE2 Help System
"Embarcadero RAD Studio XE2" = Embarcadero RAD Studio XE2
"FileZilla Client" = FileZilla Client 3.5.3
"IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1_is1" = IDA Pro Advanced v5.5 with Hex-Rays Decompiler v1.1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nbi-nb-base-7.2.0.0.201207301726" = NetBeans IDE 7.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenVPN" = OpenVPN 2.2.2
"PartyPoker" = PartyPoker
"PE Explorer_is1" = PE Explorer 1.99 R6
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 3.2.1-1
"PremiumSoft Navicat for MySQL_is1" = PremiumSoft Navicat 10.1 for MySQL
"PuTTY_is1" = PuTTY version 0.62
"SciTE4AutoIt3" = SciTE4AutoIt3 12/29/2011
"TeamViewer 7" = TeamViewer 7
"UseNeXT_is1" = UseNeXT
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"VMware_Workstation" = VMware Workstation
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.1 (64-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:12:05 | Computer Name = Bienchen-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 16.09.2012 15:28:46 | Computer Name = Bienchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0x13c Startzeit der fehlerhaften Anwendung: 0x01cd94417d18fc85
Pfad
der fehlerhaften Anwendung: C:\Users\Bienchen\AppData\Local\Temp\Rar$EXa0.117\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Users\Bienchen\AppData\Local\Temp\Rar$EXa0.117\RootkitRevealer.exe
Berichtskennung:
bb2e43f1-0034-11e2-926a-005056c00008

Error - 16.09.2012 15:29:02 | Computer Name = Bienchen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0,
Zeitstempel: 0x44e255aa Name des fehlerhaften Moduls: RootkitRevealer.exe, Version:
1.71.0.0, Zeitstempel: 0x44e255aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000040cd
ID
des fehlerhaften Prozesses: 0x988 Startzeit der fehlerhaften Anwendung: 0x01cd944186b07423
Pfad
der fehlerhaften Anwendung: C:\Users\Bienchen\Downloads\RootkitRevealer\RootkitRevealer.exe
Pfad
des fehlerhaften Moduls: C:\Users\Bienchen\Downloads\RootkitRevealer\RootkitRevealer.exe
Berichtskennung:
c48efbe9-0034-11e2-926a-005056c00008

[ System Events ]
Error - 16.09.2012 15:06:40 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16.09.2012 15:06:40 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 16.09.2012 15:06:40 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 16.09.2012 15:06:42 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 16.09.2012 15:06:43 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 16.09.2012 15:06:43 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 16.09.2012 15:06:43 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 16.09.2012 15:06:43 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 16.09.2012 15:06:43 | Computer Name = Bienchen-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 16.09.2012 15:08:42 | Computer Name = Bienchen-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?09.?2012 um 15:05:49 unerwartet heruntergefahren.


< End of report >
[/code]

OTL.Txt

[code=auto:0]OTL logfile created on: 16.09.2012 17:11:59 - Run 2
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Bienchen\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,44 Gb Available Physical Memory | 68,05% Memory free
15,99 Gb Paging File | 13,46 Gb Available in Paging File | 84,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 802,05 Gb Free Space | 86,11% Space Free | Partition Type: NTFS
Drive Z: | 452,53 Gb Total Space | 164,79 Gb Free Space | 36,42% Space Free | Partition Type: NTFS

Computer Name: BIENCHEN-PC | User Name: Bienchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.16 15:16:01 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Bienchen\Downloads\OTL.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.10 18:10:34 | 001,261,568 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\iron.exe
PRC - [2012.06.29 09:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2012.06.24 15:30:12 | 002,461,184 | ---- | M] () -- c:\xampp\xampp-control.exe
PRC - [2012.06.06 08:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2012.06.06 08:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2011.08.22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.08.22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.30 19:01:28 | 000,070,536 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\libsasl32.dll
MOD - [2012.08.21 14:42:46 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012.06.29 09:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
MOD - [2012.06.28 12:31:26 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libegl.dll
MOD - [2012.06.28 12:27:34 | 000,648,704 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libglesv2.dll
MOD - [2012.06.27 23:33:32 | 001,126,926 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avcodec-54.dll
MOD - [2012.06.27 23:33:32 | 000,213,518 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avformat-54.dll
MOD - [2012.06.27 23:33:32 | 000,134,670 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avutil-51.dll
MOD - [2012.06.24 15:30:12 | 002,461,184 | ---- | M] () -- c:\xampp\xampp-control.exe
MOD - [2012.06.14 13:21:42 | 000,025,088 | ---- | M] () -- C:\xampp\php\php5apache2_4.dll
MOD - [2012.05.10 09:16:14 | 000,108,032 | ---- | M] () -- c:\xampp\apache\bin\pcre.dll
MOD - [2012.01.08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009.07.13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009.07.13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Services (SafeList) ==========

SRV - [2012.08.24 07:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.31 17:49:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.07 13:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.15 13:29:42 | 000,014,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.08.22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.08.22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.08.22 16:34:52 | 011,837,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011.08.22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.21 23:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010.07.29 17:57:34 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.08.26 14:18:28 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67)
DRV:64bit: - [2012.08.26 14:18:19 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.07.01 08:19:51 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.12.15 13:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.08.22 17:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.08.22 17:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.08.22 15:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.08.22 15:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.08.21 23:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.21 23:01:22 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011.08.11 02:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.01.15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.06.25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.21 18:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.06.14 04:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009.12.21 21:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.07.26 09:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 09:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008.07.26 09:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.07.26 09:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2010.06.14 04:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 F7 01 C9 1F 29 CD 01 [binary data]
IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.co...erms}&ch_id=osd
IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "goolge.de"
FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.icq.co...b_ver=1.5.0&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bienchen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 17:49:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.03.03 20:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bienchen\AppData\Roaming\mozilla\Extensions
[2012.09.08 19:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bienchen\AppData\Roaming\mozilla\Firefox\Profiles\09we6att.default\extensions
[2012.08.26 19:29:05 | 000,004,530 | ---- | M] () (No name found) -- C:\Users\Bienchen\AppData\Roaming\mozilla\firefox\profiles\09we6att.default\extensions\[email protected]
[2012.03.03 20:17:15 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Bienchen\AppData\Roaming\mozilla\firefox\profiles\09we6att.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2012.09.12 11:52:41 | 000,000,950 | ---- | M] () -- C:\Users\Bienchen\AppData\Roaming\mozilla\firefox\profiles\09we6att.default\searchplugins\icqplugin-1.xml
[2012.07.31 14:57:00 | 000,001,056 | ---- | M] () -- C:\Users\Bienchen\AppData\Roaming\mozilla\firefox\profiles\09we6att.default\searchplugins\icqplugin.xml
[2012.04.26 08:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.31 17:49:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 07:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 06:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 07:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 07:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 07:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 07:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.09.16 14:49:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2359550263-3173066360-1583243296-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.151.67.2 205.151.67.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1801B813-F00D-4F61-9D33-3307B398BED3}: DhcpNameServer = 217.20.115.1 217.20.116.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69AB14F8-2B7C-49A7-AF52-BE9E4A8D918A}: DhcpNameServer = 205.151.67.2 205.151.67.6
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.26 11:12:08 | 000,000,000 | ---D | M] - Z:\Autogrinder Development -- [ NTFS ]
O32 - AutoRun File - [2012.08.06 18:00:58 | 000,000,000 | ---D | M] - Z:\AutoGrinder_0_6_B_IntAO_3_20_45 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.09.16 16:57:10 | 000,000,000 | ---D | C] -- C:\xampp
[2012.09.16 14:55:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.16 14:51:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.16 14:36:14 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Bienchen\Desktop\ComboFix.exe
[2012.09.16 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Malwarebytes
[2012.09.16 14:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.16 14:24:08 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\SUPERAntiSpyware.com
[2012.09.16 14:19:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.09.16 11:18:32 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Adobe Mini Bridge CS5
[2012.09.16 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.09.16 11:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.09.16 11:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.09.16 10:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012.09.16 10:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012.09.16 10:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.09.16 09:50:32 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Desktop\AutoGrinder_0_6_D_ALL
[2012.09.16 09:42:27 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Desktop\AutoGrinder_0_6_B_IntAO_3_21_15
[2012.09.15 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Desktop\ScreenShot
[2012.09.15 14:13:10 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Smtp Client
[2012.09.15 09:40:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Log Files
[2012.09.14 21:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.13 17:38:18 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Navicat
[2012.09.13 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2012.09.13 17:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2012.09.13 17:24:01 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\MySQL
[2012.09.13 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySQL
[2012.09.13 17:10:47 | 000,000,000 | ---D | C] -- C:\VMWARE
[2012.09.13 11:16:05 | 000,000,000 | ---D | C] -- C:\Casino
[2012.09.12 23:54:11 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Desktop\Neuer Ordner
[2012.09.12 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2011 R3
[2012.09.12 19:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogicNP Software
[2012.09.12 19:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogicNP Software
[2012.09.12 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
[2012.09.12 19:01:57 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012.09.12 18:59:00 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Local\SkinSoft
[2012.09.11 23:12:43 | 000,000,000 | ---D | C] -- C:\Phising
[2012.09.11 23:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
[2012.09.11 23:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2012.09.11 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Phising
[2012.09.11 19:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ITSecTeam
[2012.09.10 18:02:53 | 000,000,000 | ---D | C] -- C:\TIDY_BACKUP
[2012.09.09 10:02:55 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
[2012.09.09 10:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2012.09.09 10:02:37 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\PacificPoker
[2012.09.09 10:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker
[2012.09.09 09:43:57 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Mozilla-Cache
[2012.09.09 09:43:35 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Party
[2012.09.09 09:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2012.09.09 09:43:03 | 000,000,000 | ---D | C] -- C:\Programs
[2012.09.08 20:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Gate
[2012.09.08 20:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Gate
[2012.09.08 20:29:32 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\ICSharpCode
[2012.09.08 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Start Menu
[2012.09.08 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Application Data
[2012.09.08 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\888poker
[2012.09.07 14:51:02 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Visual Studio 2008
[2012.09.05 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\NEW_AutoGrinder
[2012.09.05 16:46:57 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_E_ALL
[2012.09.05 11:25:17 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.09.05 11:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.09.05 11:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.09.05 11:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.09.05 11:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.09.05 11:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.09.04 10:32:46 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_IndoAO_3_16_60
[2012.09.04 10:32:44 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_EuroAO_3_19_08
[2012.09.03 21:07:40 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_ALL
[2012.09.03 12:34:22 | 000,000,000 | ---D | C] -- C:\ao-tools server kopie
[2012.09.02 14:19:33 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\TortoiseSVN
[2012.09.02 14:19:11 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Lazarus
[2012.09.02 13:30:51 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Local\TSVNCache
[2012.09.02 10:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2012.09.02 10:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays
[2012.09.02 10:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2012.09.02 10:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012.09.02 01:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazarus
[2012.09.02 01:06:19 | 000,000,000 | ---D | C] -- C:\lazarus
[2012.09.02 00:57:38 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Local\lazarus
[2012.09.02 00:06:57 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\My Cheat Tables
[2012.09.02 00:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2012.09.02 00:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2012.08.31 20:51:50 | 000,000,000 | ---D | C] -- C:\Download
[2012.08.31 17:58:00 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\RAD Studio
[2012.08.31 17:54:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{16DDC977-28D8-44E8-8358-8BBFBEE97FE7}
[2012.08.31 17:54:45 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Rad_Studio_XE2_Upd6_Help_Downloads
[2012.08.31 17:46:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RAD Studio XE2
[2012.08.31 17:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Embarcadero
[2012.08.31 17:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Embarcadero
[2012.08.31 17:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CodeGear Shared
[2012.08.31 17:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2012.08.31 17:43:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RAD Studio
[2012.08.31 17:41:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}
[2012.08.31 17:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2012.08.31 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.08.30 14:59:44 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\Documents\Virtual Machines
[2012.08.28 16:53:43 | 000,062,064 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012.08.28 16:53:11 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012.08.28 16:53:06 | 000,432,752 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012.08.28 16:53:05 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012.08.28 16:53:01 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012.08.28 16:52:51 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012.08.28 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012.08.28 16:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2012.08.28 16:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012.08.28 16:52:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2012.08.28 16:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012.08.26 17:24:56 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gemscool
[2012.08.26 16:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Hide IP
[2012.08.26 16:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHideIP
[2012.08.26 15:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012.08.26 15:10:02 | 000,000,000 | ---D | C] -- C:\Downloads
[2012.08.26 15:08:38 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Free Download Manager
[2012.08.26 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2012.08.26 14:59:45 | 000,000,000 | ---D | C] -- C:\Baby Need Space
[2012.08.26 14:34:56 | 000,000,000 | R--D | C] -- C:\acroldr
[2012.08.26 14:20:25 | 000,000,000 | ---D | C] -- C:\Users\Bienchen\AppData\Roaming\Acronis
[2012.08.26 14:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2012.08.22 20:46:22 | 015,901,696 | ---- | C] (NDoors Co,Ltd.) -- C:\Users\Bienchen\Desktop\Atlantica_V32108.exe
[2012.08.22 09:46:46 | 016,263,680 | ---- | C] (NDoors Co,Ltd.) -- C:\Users\Bienchen\Desktop\Atlantica_EU_old.exe
[2012.08.21 14:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.08.21 14:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.21 12:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012.08.18 22:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire
[2012.08.18 22:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalWire
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.16 17:05:12 | 000,000,606 | ---- | M] () -- C:\Users\Bienchen\Desktop\XAMPP Control Panel.lnk
[2012.09.16 15:28:13 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 15:28:13 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 15:13:15 | 001,621,508 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.16 15:13:15 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.16 15:13:15 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.16 15:13:15 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.16 15:13:15 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.16 15:08:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.16 15:08:38 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 14:49:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.16 14:36:16 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Bienchen\Desktop\ComboFix.exe
[2012.09.16 10:46:04 | 001,714,006 | ---- | M] () -- C:\Users\Bienchen\Desktop\autogrinders_US.rar
[2012.09.16 09:52:51 | 000,001,394 | ---- | M] () -- C:\Users\Bienchen\SciTE.session
[2012.09.15 22:12:02 | 000,024,826 | ---- | M] () -- C:\Users\Bienchen\AppData\Local\recently-used.xbel
[2012.09.14 18:50:31 | 000,007,593 | ---- | M] () -- C:\Users\Bienchen\AppData\Local\resmon.resmoncfg
[2012.09.14 10:25:03 | 004,918,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.13 17:34:18 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\Navicat for MySQL.lnk
[2012.09.11 23:12:03 | 000,000,780 | ---- | M] () -- C:\Users\Bienchen\Desktop\HTTrack Website Copier.lnk
[2012.09.09 10:02:55 | 000,002,031 | ---- | M] () -- C:\Users\Bienchen\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2012.09.09 10:02:55 | 000,002,013 | ---- | M] () -- C:\Users\Bienchen\Desktop\888poker.lnk
[2012.09.09 09:43:25 | 000,001,695 | ---- | M] () -- C:\Users\Bienchen\Desktop\PartyPoker.lnk
[2012.09.08 20:16:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.07 10:36:26 | 000,243,988 | ---- | M] () -- C:\Users\Bienchen\Desktop\cogeco-bill.pdf
[2012.09.06 19:03:03 | 000,054,727 | ---- | M] () -- C:\Users\Bienchen\Desktop\inscription.pdf
[2012.09.04 10:41:02 | 000,942,361 | ---- | M] () -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_ALL.rar
[2012.09.03 21:29:11 | 000,000,512 | ---- | M] () -- C:\Users\Public\Desktop\PPTP Network Auto Dialer (64-Bit) - Verknüpfung.lnk
[2012.09.02 01:26:28 | 000,001,504 | ---- | M] () -- C:\Users\Bienchen\Desktop\Lazarus.lnk
[2012.09.02 00:06:15 | 000,001,089 | ---- | M] () -- C:\Users\Bienchen\Desktop\Cheat Engine.lnk
[2012.08.31 18:13:54 | 000,005,168 | ---- | M] () -- C:\Users\Bienchen\Desktop\RADStudioXE2.slip
[2012.08.31 17:54:45 | 000,000,026 | ---- | M] () -- C:\Users\Bienchen\Documents\Rad_Studio_XE2_Upd6_Help_Downloadsversion.ini
[2012.08.30 12:37:23 | 001,828,896 | ---- | M] () -- C:\Users\Bienchen\Documents\Antonia,Dario,Dina,Guiliana und Cinah 1.JPG
[2012.08.29 10:44:15 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.08.28 16:52:47 | 000,001,024 | ---- | M] () -- C:\Users\Bienchen\.rnd
[2012.08.28 16:52:43 | 001,641,400 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.28 16:52:40 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012.08.27 15:00:16 | 001,025,295 | ---- | M] () -- C:\Users\Bienchen\Desktop\IMAG0365.jpg
[2012.08.27 14:59:54 | 000,001,456 | ---- | M] () -- C:\Users\Bienchen\Desktop\PersoBuilder-c#.lnk
[2012.08.27 14:59:54 | 000,001,235 | ---- | M] () -- C:\Users\Bienchen\Desktop\Downloads - Verknüpfung.lnk
[2012.08.27 14:11:05 | 000,364,915 | ---- | M] () -- C:\Users\Bienchen\Documents\mels.xcf
[2012.08.26 20:04:37 | 000,001,638 | ---- | M] () -- C:\Users\Bienchen\Desktop\Atlantica Online.lnk
[2012.08.26 16:08:13 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Auto Hide IP.lnk
[2012.08.26 11:49:18 | 000,953,543 | ---- | M] () -- C:\Users\Bienchen\Desktop\IMAG0366.jpg
[2012.08.25 18:37:32 | 000,782,820 | ---- | M] () -- C:\Users\Bienchen\Desktop\IMAG0364.jpg
[2012.08.23 15:02:03 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2012.08.22 11:19:54 | 001,589,248 | ---- | M] () -- C:\Windows\SysWow64\libmysql_d.dll
[2012.08.21 14:48:39 | 000,015,544 | ---- | M] () -- C:\Users\Bienchen\Documents\cc_20120821_144836.reg
[2012.08.21 14:48:21 | 000,194,076 | ---- | M] () -- C:\Users\Bienchen\Documents\cc_20120821_144806.reg
[2012.08.18 21:51:07 | 002,089,325 | ---- | M] () -- C:\VS_EXPBSLN_x64_deu.CAB
[2012.08.18 21:51:03 | 000,556,032 | ---- | M] () -- C:\VS_EXPBSLN_x64_deu.MSI
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.16 17:05:12 | 000,000,606 | ---- | C] () -- C:\Users\Bienchen\Desktop\XAMPP Control Panel.lnk
[2012.09.16 11:04:20 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2012.09.16 11:03:37 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012.09.16 11:01:16 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012.09.16 11:00:34 | 000,001,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012.09.16 10:58:04 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012.09.16 10:57:45 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.09.16 10:57:08 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.09.16 10:46:04 | 001,714,006 | ---- | C] () -- C:\Users\Bienchen\Desktop\autogrinders_US.rar
[2012.09.15 22:12:02 | 000,024,826 | ---- | C] () -- C:\Users\Bienchen\AppData\Local\recently-used.xbel
[2012.09.13 17:34:18 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\Navicat for MySQL.lnk
[2012.09.13 17:34:16 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2012.09.11 23:12:03 | 000,000,780 | ---- | C] () -- C:\Users\Bienchen\Desktop\HTTrack Website Copier.lnk
[2012.09.11 18:44:34 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.09.11 18:44:34 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.09.11 18:44:34 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.09.09 10:02:55 | 000,002,031 | ---- | C] () -- C:\Users\Bienchen\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2012.09.09 10:02:55 | 000,002,013 | ---- | C] () -- C:\Users\Bienchen\Desktop\888poker.lnk
[2012.09.09 09:43:24 | 000,001,695 | ---- | C] () -- C:\Users\Bienchen\Desktop\PartyPoker.lnk
[2012.09.08 20:26:33 | 004,918,800 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.08 20:16:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.07 10:36:26 | 000,243,988 | ---- | C] () -- C:\Users\Bienchen\Desktop\cogeco-bill.pdf
[2012.09.06 19:03:03 | 000,054,727 | ---- | C] () -- C:\Users\Bienchen\Desktop\inscription.pdf
[2012.09.05 11:23:48 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.09.04 10:41:02 | 000,942,361 | ---- | C] () -- C:\Users\Bienchen\Documents\AutoGrinder_0_6_D_ALL.rar
[2012.09.03 21:29:11 | 000,000,512 | ---- | C] () -- C:\Users\Public\Desktop\PPTP Network Auto Dialer (64-Bit) - Verknüpfung.lnk
[2012.09.02 01:26:28 | 000,001,504 | ---- | C] () -- C:\Users\Bienchen\Desktop\Lazarus.lnk
[2012.09.02 01:26:27 | 001,849,344 | ---- | C] () -- C:\Windows\SysNative\Qt4Pas5.dll
[2012.08.31 18:13:54 | 000,005,168 | ---- | C] () -- C:\Users\Bienchen\Desktop\RADStudioXE2.slip
[2012.08.31 17:54:45 | 000,000,026 | ---- | C] () -- C:\Users\Bienchen\Documents\Rad_Studio_XE2_Upd6_Help_Downloadsversion.ini
[2012.08.30 12:37:11 | 001,828,896 | ---- | C] () -- C:\Users\Bienchen\Documents\Antonia,Dario,Dina,Guiliana und Cinah 1.JPG
[2012.08.29 10:44:15 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.08.29 10:44:15 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.08.28 16:52:47 | 000,001,024 | ---- | C] () -- C:\Users\Bienchen\.rnd
[2012.08.28 16:52:40 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012.08.27 14:59:51 | 001,025,295 | ---- | C] () -- C:\Users\Bienchen\Desktop\IMAG0365.jpg
[2012.08.27 14:59:51 | 000,953,543 | ---- | C] () -- C:\Users\Bienchen\Desktop\IMAG0366.jpg
[2012.08.27 14:59:51 | 000,782,820 | ---- | C] () -- C:\Users\Bienchen\Desktop\IMAG0364.jpg
[2012.08.27 14:11:05 | 000,364,915 | ---- | C] () -- C:\Users\Bienchen\Documents\mels.xcf
[2012.08.26 17:24:56 | 000,001,638 | ---- | C] () -- C:\Users\Bienchen\Desktop\Atlantica Online.lnk
[2012.08.26 16:08:13 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Auto Hide IP.lnk
[2012.08.22 01:59:30 | 000,002,114 | ---- | C] () -- C:\Users\Bienchen\Desktop\[Autoit] - 027 - Antwortvideo Timer Counter.au3
[2012.08.21 14:48:38 | 000,015,544 | ---- | C] () -- C:\Users\Bienchen\Documents\cc_20120821_144836.reg
[2012.08.21 14:48:10 | 000,194,076 | ---- | C] () -- C:\Users\Bienchen\Documents\cc_20120821_144806.reg
[2012.08.19 22:33:32 | 000,273,920 | ---- | C] () -- C:\Users\Bienchen\Desktop\Vpntraffic.exe
[2012.08.18 21:51:07 | 002,089,325 | ---- | C] () -- C:\VS_EXPBSLN_x64_deu.CAB
[2012.08.18 21:51:03 | 000,556,032 | ---- | C] () -- C:\VS_EXPBSLN_x64_deu.MSI
[2012.08.17 10:55:50 | 000,000,227 | ---- | C] () -- C:\Users\Bienchen\_netrc
[2012.08.15 23:34:12 | 000,000,347 | ---- | C] () -- C:\Users\Bienchen\AppData\Roaming\Digital Clock_Settings.ini
[2012.08.10 09:58:22 | 000,000,177 | ---- | C] () -- C:\Windows\w32demo8.ini
[2012.08.06 19:43:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.08.06 19:43:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.08.06 19:43:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.08.06 19:43:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.08.06 19:43:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.08.06 19:07:11 | 000,000,132 | ---- | C] () -- C:\Users\Bienchen\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2012.08.06 15:23:04 | 000,000,496 | ---- | C] () -- C:\Users\Bienchen\AppData\Local\.molebox.d9308ce138674bcc832cd28091c5a197.lic
[2012.08.04 14:58:27 | 001,641,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.02 20:25:32 | 000,007,593 | ---- | C] () -- C:\Users\Bienchen\AppData\Local\resmon.resmoncfg
[2012.07.11 04:28:58 | 000,000,269 | ---- | C] () -- C:\Users\Bienchen\index.html
[2012.07.01 08:25:07 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.05.27 06:07:53 | 000,000,321 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI
[2012.05.15 17:37:36 | 000,544,941 | ---- | C] () -- C:\Users\Bienchen\Atlantica_20120515_173616465.jpg
[2012.05.15 17:37:36 | 000,544,787 | ---- | C] () -- C:\Users\Bienchen\Atlantica_20120515_173608044.jpg
[2012.05.15 10:39:58 | 000,000,600 | ---- | C] () -- C:\Users\Bienchen\AppData\Roaming\winscp.rnd
[2012.05.12 15:47:41 | 000,000,600 | ---- | C] () -- C:\Users\Bienchen\AppData\Local\PUTTY.RND
[2012.05.05 04:50:31 | 000,001,394 | ---- | C] () -- C:\Users\Bienchen\SciTE.session
[2012.05.04 10:55:28 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2012.04.18 10:52:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.03.04 02:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.29 07:40:20 | 000,000,018 | ---- | C] () -- C:\Users\Bienchen\abbrev.properties
[2010.03.27 11:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Bienchen\au3abbrev.properties
[2009.07.13 19:22:13 | 000,002,048 | -HS- | C] () -- C:\Users\Bienchen\AppData\Local\{8cc6811e-b549-d4c0-9030-e98abec83f99}\@

========== LOP Check ==========

[2012.09.16 14:47:06 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\.purple
[2012.08.26 14:20:25 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Acronis
[2012.08.21 12:25:33 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Ahnenblatt
[2012.07.31 21:41:56 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\AutoHideIP
[2012.03.03 20:31:04 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Awem
[2012.05.22 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Canneverbe Limited
[2012.08.04 21:41:25 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.09.12 21:29:48 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2011 R3
[2012.09.12 19:02:39 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
[2012.08.09 21:53:45 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Datarescue
[2012.08.21 12:27:18 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\DesktopIconForAmazon
[2012.08.08 00:48:11 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\e
[2012.08.31 17:46:41 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Embarcadero
[2012.09.15 18:11:14 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\FileZilla
[2012.09.08 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Free Download Manager
[2012.06.12 15:21:19 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\GHISLER
[2012.07.08 07:49:26 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Greenshot
[2012.09.12 20:48:44 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\gtk-2.0
[2012.08.11 23:08:42 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Hex-Rays
[2012.07.05 16:56:39 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\ICQ Search
[2012.09.08 20:29:32 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\ICSharpCode
[2012.09.03 14:39:01 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Mumble
[2012.09.13 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\MySQL
[2012.08.08 02:45:17 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\NetBeans
[2012.05.15 09:56:11 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Nvu
[2012.05.30 07:24:17 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\OpenOffice.org
[2012.09.09 10:05:22 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\PacificPoker
[2012.09.09 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Party
[2012.08.04 22:15:14 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\PDAppFlex
[2012.06.21 06:40:40 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\PDF Writer
[2012.08.10 10:20:27 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\PE Explorer
[2012.05.04 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Samsung
[2012.09.15 14:13:59 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Smtp Client
[2012.09.16 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.13 00:00:48 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Subversion
[2012.07.08 11:28:06 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\TeamViewer
[2012.06.12 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Telefónica
[2012.08.02 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Telerik
[2012.08.21 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\TS3Client
[2012.05.29 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Unity
[2012.09.16 10:50:00 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\UseNeXT
[2012.09.08 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\uTorrent
[2012.08.09 18:32:15 | 000,000,000 | ---D | M] -- C:\Users\Bienchen\AppData\Roaming\Wireshark
[2012.09.16 15:06:38 | 000,028,098 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009.07.13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009.07.13 21:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009.07.13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009.07.13 21:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009.07.13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009.07.13 21:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009.07.13 21:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009.07.13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009.07.13 21:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009.07.13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.13 21:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.13 21:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009.07.13 21:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009.07.13 21:41:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2009.07.13 21:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009.07.13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009.07.13 21:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009.07.13 21:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009.07.13 21:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009.07.13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2009.07.13 21:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009.07.13 21:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009.07.13 21:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2009.07.13 21:41:53 | 001,104,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009.07.13 21:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.13 21:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.13 21:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009.07.13 21:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009.07.13 21:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009.07.13 21:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009.07.13 21:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2009.07.13 21:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009.07.13 21:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009.07.13 21:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009.07.13 21:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009.07.13 21:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2009.07.13 21:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009.07.13 21:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009.07.13 21:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: SERVICES >
[2009.06.10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2012.07.23 15:38:30 | 002,494,126 | ---- | M] () MD5=FB77288A98FDC022F84FA0B9CBDD9A36 -- C:\Program Files\Wireshark\services

< MD5 for: SERVICES.ASFX >
[2012.07.27 16:51:40 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.ASFX22 >
[2011.06.06 06:55:32 | 000,000,627 | R--- | M] () MD5=C25DC0D9A0098C3677CBC8AACADA1472 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\services.asfx22

< MD5 for: SERVICES.CFG >
[2012.07.27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011.06.06 06:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009.07.13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009.07.13 21:39:37 | 000,329,216 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009.07.14 13:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\SysNative\de-DE\services.exe.mui
[2009.07.14 13:58:12 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=F0E13F46C1944FCE489C9A18372C3ED8 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui

< MD5 for: SERVICES.H >
[2012.06.29 08:48:38 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\xampp\mysql\include\mysql\services.h

< MD5 for: SERVICES.JSM >
[2011.10.27 14:45:22 | 000,006,317 | ---- | M] () MD5=C698274FE1590498B56DEDB947AEFF16 -- C:\Users\Bienchen\Downloads\Havij 1.15+Tor+XCodeXploitScanner\Tor Browser\FirefoxPortable\App\Firefox\modules\Services.jsm

< MD5 for: SERVICES.LNK >
[2009.07.14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009.06.10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.06.10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.06.10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.06.10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009.07.14 13:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysNative\de-DE\services.msc
[2009.07.14 13:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\SysWOW64\de-DE\services.msc
[2009.07.14 13:58:11 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_574332b12731c296\services.msc
[2009.07.14 13:58:12 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2012.04.19 02:43:10 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012.04.19 02:43:10 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012.04.13 00:55:44 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SERVICES.SETTINGS >
[2012.09.15 09:31:04 | 000,001,620 | ---- | M] () MD5=58E880AC4375798E68777417729B119B -- C:\Users\Bienchen\AppData\Roaming\NetBeans\7.2\config\Windows2Local\Components\services.settings

< MD5 for: SERVICES.WSTCGRP >
[2012.09.15 09:31:05 | 000,000,224 | ---- | M] () MD5=4C0234F9B3F49A3484CE64025050D7A7 -- C:\Users\Bienchen\AppData\Roaming\NetBeans\7.2\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
[2012.09.15 09:31:05 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Users\Bienchen\AppData\Roaming\NetBeans\7.2\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp

< MD5 for: SERVICES.WSTCREF >
[2012.09.15 09:31:04 | 000,000,129 | ---- | M] () MD5=73E5717A2B2C3FF0F7ED6EFDD0A658B3 -- C:\Users\Bienchen\AppData\Roaming\NetBeans\7.2\config\Windows2Local\Modes\explorer\services.wstcref

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:5A437AC3

< End of report >
  • 0

#4
Essexboy
Posted 16 September 2012 - 03:32 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try this
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe|c:\windows\system32\services.exe

Folder::
C:\Users\Bienchen\AppData\Local\{8cc6811e-b549-d4c0-9030-e98abec83f99}

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#5
neuronet
Posted 16 September 2012 - 03:42 PM

neuronet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix Log:

ComboFix 12-09-15.02 - Bienchen 16.09.2012  17:35:37.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.8190.5684 [GMT -4:00]
ausgeführt von:: c:\users\Bienchen\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bienchen\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bienchen\AppData\Local\{8cc6811e-b549-d4c0-9030-e98abec83f99}
c:\users\Bienchen\AppData\Local\{8cc6811e-b549-d4c0-9030-e98abec83f99}\@
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-16 bis 2012-09-16  ))))))))))))))))))))))))))))))
.
.
2012-09-16 21:39 . 2012-09-16 21:39	--------	dc----w-	c:\users\Public\AppData\Local\temp
2012-09-16 21:39 . 2012-09-16 21:39	--------	dc----w-	c:\users\neuronet\AppData\Local\temp
2012-09-16 21:39 . 2012-09-16 21:39	--------	dc----w-	c:\users\Default\AppData\Local\temp
2012-09-16 20:57 . 2012-09-16 21:26	--------	d-----w-	C:\xampp
2012-09-16 20:08 . 2012-09-16 20:08	331776	----a-w-	c:\windows\system32\tsk6622.tmp
2012-09-16 19:02 . 2012-09-16 19:10	69000	-c--a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F70A8C1-B978-4C64-9D4D-8E2A2E9CE8BC}\offreg.dll
2012-09-16 18:28 . 2012-09-16 18:28	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Malwarebytes
2012-09-16 18:27 . 2012-09-16 18:27	--------	dc----w-	c:\programdata\Malwarebytes
2012-09-16 18:24 . 2012-09-16 18:24	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\SUPERAntiSpyware.com
2012-09-16 18:20 . 2012-09-16 18:20	331776	----a-w-	c:\windows\system32\tskA7A9.tmp
2012-09-16 18:19 . 2012-09-16 20:08	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-09-16 15:18 . 2012-09-16 15:18	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Adobe Mini Bridge CS5
2012-09-16 15:18 . 2012-09-16 15:18	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-09-16 15:04 . 2012-09-16 15:04	--------	dc----w-	c:\program files\Adobe
2012-09-16 15:01 . 2012-09-16 15:04	--------	dc----w-	c:\program files\Common Files\Adobe
2012-09-16 14:59 . 2012-09-16 14:59	--------	dc----w-	c:\program files (x86)\Adobe Media Player
2012-09-16 14:57 . 2012-09-16 14:57	--------	dc----w-	c:\program files (x86)\Common Files\Adobe AIR
2012-09-15 18:13 . 2012-09-15 18:13	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Smtp Client
2012-09-15 13:40 . 2012-09-15 13:40	--------	d-----w-	c:\windows\SysWow64\Log Files
2012-09-15 01:33 . 2012-09-15 01:33	--------	dc----w-	c:\program files (x86)\Common Files\Java
2012-09-15 01:32 . 2012-09-15 01:32	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-15 01:32 . 2012-09-15 01:32	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-13 21:34 . 2012-08-22 15:19	1589248	----a-w-	c:\windows\SysWow64\libmysql_d.dll
2012-09-13 21:34 . 2012-09-13 21:34	--------	dc----w-	c:\program files (x86)\PremiumSoft
2012-09-13 21:24 . 2012-09-13 21:24	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\MySQL
2012-09-13 21:21 . 2012-09-13 21:21	--------	dc----w-	c:\program files (x86)\MySQL
2012-09-13 21:10 . 2012-09-13 21:10	--------	d-----w-	C:\VMWARE
2012-09-13 15:16 . 2012-09-13 18:37	--------	d-----w-	C:\Casino
2012-09-13 01:29 . 2012-09-13 01:29	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2011 R3
2012-09-12 23:34 . 2012-09-12 23:51	--------	dc----w-	c:\program files (x86)\LogicNP Software
2012-09-12 23:02 . 2012-09-12 23:02	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
2012-09-12 23:01 . 2012-09-12 23:01	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2012-09-12 22:59 . 2012-09-12 22:59	--------	dc----w-	c:\users\Bienchen\AppData\Local\SkinSoft
2012-09-12 03:12 . 2012-09-12 03:21	--------	d-----w-	C:\Phising
2012-09-12 03:12 . 2012-09-12 03:12	--------	dc----w-	c:\program files\WinHTTrack
2012-09-11 23:18 . 2012-09-11 23:18	--------	dc----w-	c:\program files (x86)\ITSecTeam
2012-09-10 22:02 . 2012-09-10 23:41	--------	d-----w-	C:\TIDY_BACKUP
2012-09-09 14:02 . 2012-09-09 14:05	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\PacificPoker
2012-09-09 14:02 . 2012-09-09 14:02	--------	dc----w-	c:\program files (x86)\PacificPoker
2012-09-09 13:43 . 2012-09-09 13:43	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Mozilla-Cache
2012-09-09 13:43 . 2012-09-09 13:45	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Party
2012-09-09 13:43 . 2012-09-09 13:43	--------	d-----w-	C:\Programs
2012-09-09 00:30 . 2012-09-09 00:30	--------	dc----w-	c:\program files (x86)\Red Gate
2012-09-09 00:29 . 2012-09-09 00:29	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\ICSharpCode
2012-09-05 15:25 . 2010-06-21 22:07	29288	----a-w-	c:\windows\system32\nvhdap64.dll
2012-09-05 15:25 . 2010-06-21 22:07	255592	----a-w-	c:\windows\system32\nvcohda6.dll
2012-09-05 15:25 . 2010-06-21 22:07	131688	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2012-09-05 15:25 . 2012-09-05 15:25	--------	d-----w-	C:\NVIDIA
2012-09-05 15:24 . 2012-09-16 19:08	--------	dc----w-	c:\programdata\NVIDIA
2012-09-05 15:24 . 2012-09-05 15:37	--------	dc----w-	c:\program files (x86)\NVIDIA Corporation
2012-09-05 15:23 . 2012-09-05 15:23	--------	dc----w-	c:\programdata\NVIDIA Corporation
2012-09-05 15:23 . 2012-09-05 15:24	--------	dc----w-	c:\program files\NVIDIA Corporation
2012-09-03 16:34 . 2012-09-03 16:45	--------	d-----w-	C:\ao-tools server kopie
2012-09-02 18:19 . 2012-09-02 18:32	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\TortoiseSVN
2012-09-02 17:30 . 2012-09-16 19:01	--------	dc----w-	c:\users\Bienchen\AppData\Local\TSVNCache
2012-09-02 14:28 . 2012-09-02 14:28	--------	dc----w-	c:\program files (x86)\Common Files\TortoiseOverlays
2012-09-02 14:28 . 2012-09-02 14:28	--------	dc----w-	c:\program files\TortoiseSVN
2012-09-02 14:28 . 2012-09-02 14:28	--------	dc----w-	c:\program files\Common Files\TortoiseOverlays
2012-09-02 05:26 . 2010-03-07 15:22	1849344	----a-w-	c:\windows\system32\Qt4Pas5.dll
2012-09-02 05:06 . 2012-09-02 05:26	--------	d-----w-	C:\lazarus
2012-09-02 04:57 . 2012-09-02 12:48	--------	dc----w-	c:\users\Bienchen\AppData\Local\lazarus
2012-09-02 04:06 . 2012-09-02 04:06	--------	dc----w-	c:\program files (x86)\Cheat Engine 6.2
2012-09-01 00:51 . 2012-09-16 18:20	--------	d-----w-	C:\Download
2012-08-31 21:54 . 2012-08-31 21:56	--------	dc-h--w-	c:\programdata\{16DDC977-28D8-44E8-8358-8BBFBEE97FE7}
2012-08-31 21:46 . 2012-08-31 22:14	--------	dc----w-	c:\programdata\Embarcadero
2012-08-31 21:46 . 2012-08-31 21:46	--------	dc----w-	c:\program files (x86)\Common Files\CodeGear Shared
2012-08-31 21:46 . 2012-08-31 21:46	--------	dc----w-	c:\program files (x86)\Embarcadero
2012-08-31 21:46 . 2012-08-31 21:46	--------	dc----w-	c:\program files (x86)\Common Files\Borland Shared
2012-08-31 21:41 . 2012-08-31 21:53	--------	d--h--w-	c:\programdata\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-08-31 21:36 . 2012-08-31 21:36	--------	dc----w-	c:\program files (x86)\Elaborate Bytes
2012-08-28 20:53 . 2011-08-22 21:07	62064	----a-w-	c:\windows\system32\drivers\vmx86.sys
2012-08-28 20:53 . 2011-08-22 21:07	354416	----a-w-	c:\windows\SysWow64\vmnetdhcp.exe
2012-08-28 20:53 . 2011-08-22 21:06	432752	----a-w-	c:\windows\SysWow64\vmnat.exe
2012-08-28 20:53 . 2011-08-22 21:06	30320	----a-w-	c:\windows\system32\drivers\vmnetuserif.sys
2012-08-28 20:53 . 2011-08-22 21:07	942192	----a-w-	c:\windows\system32\vnetlib64.dll
2012-08-28 20:52 . 2011-08-22 03:11	39024	----a-w-	c:\windows\system32\drivers\hcmon.sys
2012-08-28 20:52 . 2012-08-28 20:52	--------	dc----w-	c:\program files (x86)\VMware
2012-08-28 20:52 . 2012-08-28 20:52	--------	dc----w-	c:\program files (x86)\Common Files\VMware
2012-08-28 20:51 . 2012-08-28 20:51	--------	dc----w-	c:\program files\Common Files\VMware
2012-08-26 20:08 . 2012-08-26 20:08	--------	dc----w-	c:\program files (x86)\AutoHideIP
2012-08-26 19:08 . 2012-09-09 00:18	--------	dc----w-	c:\users\Bienchen\AppData\Roaming\Free Download Manager
2012-08-26 19:08 . 2012-09-08 23:46	--------	dc----w-	c:\program files (x86)\Free Download Manager
2012-08-26 18:59 . 2012-08-26 19:02	--------	d-----w-	C:\Baby Need Space
2012-08-26 18:34 . 2012-08-26 18:34	--------	d-----r-	C:\acroldr
2012-08-26 18:18 . 2012-08-26 18:18	994912	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-08-26 18:18 . 2012-08-26 18:18	211552	----a-w-	c:\windows\system32\drivers\vididr.sys
2012-08-26 18:18 . 2012-08-26 18:18	146528	----a-w-	c:\windows\system32\drivers\vsflt67.sys
2012-08-26 18:18 . 2012-08-26 18:18	320096	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-08-26 18:18 . 2012-08-26 18:18	137312	----a-w-	c:\windows\system32\drivers\fltsrv.sys
2012-08-26 18:17 . 2012-08-26 18:17	--------	dc----w-	c:\program files (x86)\Acronis
2012-08-21 18:44 . 2012-09-09 00:16	--------	dc----w-	c:\program files\CCleaner
2012-08-21 16:48 . 2012-08-21 16:48	--------	dc----w-	c:\programdata\Nexon
2012-08-19 02:22 . 2012-08-19 02:22	--------	dc----w-	c:\program files (x86)\FinalWire
2012-08-19 01:51 . 2012-08-19 01:51	556032	----a-w-	C:\VS_EXPBSLN_x64_deu.MSI
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 01:32 . 2012-04-15 18:03	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-21 18:42 . 2012-04-03 11:32	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 18:42 . 2012-03-04 00:22	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-19 02:13 . 2012-08-10 03:47	113440	-c--a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-08-16 03:25 . 2012-08-16 03:25	119120	-c--a-w-	c:\windows\dxsdkuninst.exe
2012-08-15 23:32 . 2012-08-15 23:34	3724568	----a-w-	c:\windows\system32\d3dx9d_32.dll
2012-08-13 04:55 . 2012-08-10 00:59	20360	----a-w-	c:\windows\system32\drivers\Dbgv.sys
2012-08-10 01:03 . 2012-08-10 01:03	27016	----a-w-	c:\windows\SysWow64\drivers\PROCEXP141.SYS
2012-08-04 19:15 . 2012-08-04 19:12	188896	-c--a-w-	c:\programdata\Microsoft\VCSExpress\10.0\1031\ResourceCache.dll
2012-07-18 22:04 . 2012-08-06 19:30	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-18 22:04 . 2012-08-06 19:30	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-18 22:04 . 2012-08-06 19:30	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-01 12:19 . 2012-07-01 12:19	116096	----a-w-	c:\windows\system32\drivers\avmaudio.sys
2012-07-01 12:19 . 2012-07-01 12:19	32256	----a-w-	c:\windows\system32\MiniInstaller.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-09-16_18.49.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-15 12:27 . 2012-09-16 19:10	43756              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-16 19:10	37070              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-04 00:14 . 2012-09-16 19:10	11588              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2359550263-3173066360-1583243296-1000_UserData.bin
- 2012-03-04 07:07 . 2012-09-15 01:19	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-04 07:07 . 2012-09-16 19:09	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-09-16 19:23	80672              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-09-09 00:34	80672              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-04 07:07 . 2012-09-15 01:19	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-04 07:07 . 2012-09-16 19:09	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-04 07:07 . 2012-09-15 01:19	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-04 07:07 . 2012-09-16 19:09	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-04 06:08 . 2012-09-15 01:19	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-04 06:08 . 2012-09-16 19:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-04 06:08 . 2012-09-16 19:09	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-04 06:08 . 2012-09-15 01:19	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-16 18:49 . 2012-09-16 18:49	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 19:00 . 2012-09-16 19:08	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-16 19:00 . 2012-09-16 19:08	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-16 18:49 . 2012-09-16 18:49	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-09-16 19:13	654872              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-15 01:23	654872              c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-09-15 01:23	699554              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-09-16 19:13	699554              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-09-16 19:13	122330              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-15 01:23	122330              c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-09-15 01:23	149376              c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-09-16 19:13	149376              c:\windows\system32\perfc007.dat
- 2009-07-14 04:45 . 2012-09-09 00:25	3799596              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-09-16 18:53	3799596              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	64792	-c--a-w-	c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 PORTMON;PORTMON;c:\users\Bienchen\Downloads\SysinternalsSuite\PORTMSYS.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
R4 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-08-26 137312]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-08-26 146528]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-29 248936]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-07-01 116096]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 45786506
*NewlyCreated* - 71808062
*Deregistered* - 45786506
*Deregistered* - 71808062
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20	75544	-c--a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-09 12666984]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 205.151.67.2 205.151.67.6
FF - ProfilePath - c:\users\Bienchen\AppData\Roaming\Mozilla\Firefox\Profiles\09we6att.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - goolge.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.0&q=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-16  17:41:18
ComboFix-quarantined-files.txt  2012-09-16 21:41
ComboFix2.txt  2012-09-16 18:55
ComboFix3.txt  2012-08-07 00:04
.
Vor Suchlauf: 28 Verzeichnis(se), 861.058.252.800 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 860.860.911.616 Bytes frei
.
- - End Of File - - EBF59FEA54BEF23452E6F0A279122297

  • 0

#6
Essexboy
Posted 16 September 2012 - 03:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks to have got it.. How is the computer behaving now ?
  • 0

#7
neuronet
Posted 16 September 2012 - 03:49 PM

neuronet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

AWESOME!!! YOU ARE GENIUS!!!

Posted Image


Thank you very much!!!

Be sure.. on 1st when i get my salery i WILL DONATE!!!




PS: Where can i learn how to do such awesome work?
  • 0

#8
Essexboy
Posted 16 September 2012 - 03:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:rofl: I guess you mean all is OK

PS: Where can i learn how to do such awesome work?

Have a look here

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#9
neuronet
Posted 16 September 2012 - 04:11 PM

neuronet

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All done...

(except hiding hidden files cause i need to see them for Software Development Reasons where i "Hide" files too)

Thanks again for your great and fast help...

I will read through the link you gave me, I will learn and hopefully i will one day also be able to assist other ppl having this problems...

Thanks a lot again man...

Thumbs up!


Oh yeah.. finally...

SYSTEM IS RUNNING AS IT SHOULD!!! 'hourra
  • 0

#10
Essexboy
Posted 17 September 2012 - 06:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP