Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware?

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 02.06.2012, 23:41   #1
Black Lion
 
(xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware? - Standard

(xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware?



Hallo,

mir ist heute bei einem zufälligen Blick in den Taskmanager aufgefallen, dass die explorer.exe 5 mal gestartet war. Der Dateipfad verwies bei allen immer auf das korrekte Verzeichnis. Nach einem Neusstart war nur noch ein Prozess da, allerdings laufen auch folgende teilweise 2x:

csrss.exe
nvvsvc.exe
takehost.exe


Ich habe mal von der c't Desinfect Live-CD Avira, Bitdefender und clamav über meine Systempartition laufen lassen, keine Funde. Da mich das Ganze aber beunruhigt, will ich es genau wissen.

Daher zunächst einmal das OTL-Log:

OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 02.06.2012 23:22:14 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = H:\Anwendungen\Sicherheit
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,06 Gb Available Physical Memory | 76,55% Memory free
8,00 Gb Paging File | 7,03 Gb Available in Paging File | 87,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 57,57 Gb Free Space | 51,50% Space Free | Partition Type: NTFS
Drive F: | 13,97 Gb Total Space | 1,39 Gb Free Space | 9,92% Space Free | Partition Type: NTFS
Drive G: | 172,30 Gb Total Space | 37,50 Gb Free Space | 21,76% Space Free | Partition Type: NTFS
Drive H: | 279,40 Gb Total Space | 56,17 Gb Free Space | 20,10% Space Free | Partition Type: NTFS
Drive I: | 465,66 Gb Total Space | 27,45 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive J: | 931,68 Gb Total Space | 241,17 Gb Free Space | 25,89% Space Free | Partition Type: NTFS
Drive T: | 2794,39 Gb Total Space | 1987,51 Gb Free Space | 71,13% Space Free | Partition Type: NTFS
 
Computer Name: BLACKLION-PC | User Name: Black Lion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.02 23:19:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- H:\Anwendungen\Sicherheit\OTL.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.10.05 10:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.05 10:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.05 10:17:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.08.21 11:54:46 | 005,493,736 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.01.12 08:15:52 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.13 13:29:26 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a742cb2e77b47300756506d52c96a8d1\IAStorUtil.ni.dll
MOD - [2012.05.13 13:29:26 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012.05.13 11:21:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.13 11:20:49 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.13 11:20:44 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.13 11:20:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.13 11:20:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 11:20:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 11:20:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 11:20:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.06.06 17:12:22 | 000,036,160 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010.11.21 05:24:36 | 001,743,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\sysmain.dll -- (SysMain)
SRV:64bit: - [2009.07.14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\uxsms.dll -- (UxSms)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:37 | 000,593,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
SRV:64bit: - [2009.06.05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.04.24 18:10:56 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.10.05 10:18:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.05 10:17:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.24 22:03:55 | 003,975,088 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.06.06 17:16:20 | 002,026,304 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.06.06 17:12:18 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.08.21 11:55:58 | 001,079,512 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.07.14 03:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.01.12 08:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.15 18:05:52 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.25 19:48:26 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.09.25 19:48:26 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.09.15 23:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.24 22:11:17 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.06.24 22:03:55 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011.06.24 22:03:55 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.06.24 22:03:54 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.06.24 22:03:54 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.06.24 21:34:03 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.03.03 09:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008.01.21 11:45:00 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.06.06 17:07:20 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC FF FA 82 FF 33 CC 01  [binary data]
IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.readmore.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.5
FF - prefs.js..extensions.enabledItems: {46868735-c3fa-47ce-8ce7-cce51a66aceb}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {fd2f951f-77ea-4938-9493-0c892c027a13}:0.9.8
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9051
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8118
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.24 18:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 19:07:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.06.24 21:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Extensions
[2010.12.05 20:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.29 17:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Firefox\Profiles\slldeahe.default\extensions
[2011.06.24 21:16:08 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Firefox\Profiles\slldeahe.default\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2012.05.17 22:12:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Firefox\Profiles\slldeahe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.18 13:03:34 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Black Lion\AppData\Roaming\mozilla\Firefox\Profiles\slldeahe.default\extensions\ich@maltegoetz.de
[2012.05.31 22:45:09 | 000,002,102 | ---- | M] () -- C:\Users\Black Lion\AppData\Roaming\Mozilla\Firefox\Profiles\slldeahe.default\searchplugins\wot-safe-search.xml
[2011.06.24 21:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.13 20:05:14 | 000,060,243 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\{45D8FF86-D909-11DB-9705-005056C00008}.XPI
[2012.05.29 17:10:39 | 000,524,866 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.06 12:21:12 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.30 12:56:16 | 000,129,271 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\CHECKPLACES@ANDYHALFORD.COM.XPI
[2011.05.29 14:10:46 | 000,001,703 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\F6@MERIKE.PRI.EE.XPI
[2012.04.24 18:10:57 | 000,159,870 | ---- | M] () (No name found) -- C:\USERS\BLACK LION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SLLDEAHE.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012.04.24 18:10:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKU\S-1-5-21-2712221221-3655037957-805285431-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1000..\Run: [HotSwap! Applet] C:\Program Files\Hot Swap\HotSwap!.EXE (Kazuyuki Nakayama)
O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2712221221-3655037957-805285431-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Mit Mipony herunterladen - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Mit Mipony herunterladen - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DC40972-B79A-46DB-A318-0011CAA65C4D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.15 17:13:09 | 000,000,000 | ---D | C] -- C:\Users\Black Lion\Documents\Diablo III
[2012.05.15 16:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012.05.15 16:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.02 23:16:16 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 23:16:16 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.02 23:09:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.31 16:47:44 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.31 16:47:44 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.31 16:47:44 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.31 16:47:44 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.31 16:47:44 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.30 18:38:17 | 000,000,999 | ---- | M] () -- C:\Users\Black Lion\Desktop\MiPony.lnk
[2012.05.18 13:32:57 | 000,023,791 | ---- | M] () -- C:\Users\Black Lion\Desktop\RG421600.pdf
[2012.05.18 13:11:48 | 000,042,758 | ---- | M] () -- C:\Users\Black Lion\Desktop\schufa.pdf
[2012.05.15 17:09:50 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.05.15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.13 11:19:55 | 000,337,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.28 02:54:22 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.18 13:32:57 | 000,023,791 | ---- | C] () -- C:\Users\Black Lion\Desktop\RG421600.pdf
[2012.05.18 13:11:48 | 000,042,758 | ---- | C] () -- C:\Users\Black Lion\Desktop\schufa.pdf
[2012.05.15 16:57:20 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.02.13 19:07:31 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.11 01:55:27 | 000,003,584 | ---- | C] () -- C:\Users\Black Lion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.10 21:27:11 | 000,001,057 | ---- | C] () -- C:\Users\Black Lion\AppData\Roaming\vso_ts_preview.xml
[2011.08.28 16:29:47 | 000,059,423 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.07.24 01:39:47 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011.06.26 13:10:30 | 000,000,648 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.26 12:06:20 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe
[2011.06.26 12:06:20 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll
[2011.06.24 22:08:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== LOP Check ==========
 
[2011.06.24 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Acronis
[2011.08.29 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Canneverbe Limited
[2011.06.24 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\DAEMON Tools Lite
[2012.04.30 17:59:33 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\EPSON
[2011.07.06 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Foxit Software
[2011.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\IrfanView
[2011.08.10 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Leadertech
[2012.06.02 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Mipony
[2012.03.04 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Miranda
[2012.01.24 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\pdfforge
[2011.06.24 21:52:41 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Thunderbird
[2011.06.25 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TrueCrypt
[2012.02.20 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TS3Client
[2011.07.11 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TuneUp Software
[2012.06.02 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\uTorrent
[2011.11.13 15:24:59 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Vso
[2012.05.28 15:51:43 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.24 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Acronis
[2011.06.24 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Adobe
[2011.10.14 16:03:25 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Avira
[2011.08.29 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Canneverbe Limited
[2011.06.24 21:38:19 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\DAEMON Tools Lite
[2011.10.09 22:22:12 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\dvdcss
[2012.04.30 17:59:33 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\EPSON
[2011.07.06 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Foxit Software
[2011.06.24 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Identities
[2011.06.24 20:38:36 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\InstallShield
[2011.06.24 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Intel Corporation
[2011.11.13 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\IrfanView
[2011.08.10 19:55:06 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Leadertech
[2011.06.24 23:09:05 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Macromedia
[2010.11.21 09:00:26 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Media Center Programs
[2011.06.24 22:33:37 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Media Player Classic
[2012.04.26 11:24:52 | 000,000,000 | --SD | M] -- C:\Users\Black Lion\AppData\Roaming\Microsoft
[2012.06.02 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Mipony
[2012.03.04 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Miranda
[2011.06.24 21:16:08 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Mozilla
[2011.09.25 19:55:45 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\NVIDIA
[2012.01.24 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\pdfforge
[2012.03.10 00:19:32 | 000,000,000 | RH-D | M] -- C:\Users\Black Lion\AppData\Roaming\SecuROM
[2011.06.24 21:52:41 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Thunderbird
[2011.06.25 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TrueCrypt
[2012.02.20 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TS3Client
[2011.07.11 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\TuneUp Software
[2012.06.02 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\uTorrent
[2012.06.02 23:20:42 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\vlc
[2011.11.13 15:24:59 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\Vso
[2011.06.24 21:28:40 | 000,000,000 | ---D | M] -- C:\Users\Black Lion\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
--- --- ---

--- --- ---

[/code]

Für eine Interpretation reicht mein Wissen leider nicht, daher hoffe ich auf Hilfe und bedanke mich schonmal im Voraus dafür =)


edit: Quick Scan mit Malwarebytes Anti-Malware:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.02.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Black Lion :: BLACKLION-PC [Administrator]

Schutz: Aktiviert

02.06.2012 23:46:25
mbam-log-2012-06-02 (23-46-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219545
Laufzeit: 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
edit 2: gerade gelsesen, dass man die "Extras.txt" von OTL auch posten soll:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.06.2012 23:22:14 - Run 1
OTL by OldTimer - Version 3.2.45.0     Folder = H:\Anwendungen\Sicherheit
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,06 Gb Available Physical Memory | 76,55% Memory free
8,00 Gb Paging File | 7,03 Gb Available in Paging File | 87,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 57,57 Gb Free Space | 51,50% Space Free | Partition Type: NTFS
Drive F: | 13,97 Gb Total Space | 1,39 Gb Free Space | 9,92% Space Free | Partition Type: NTFS
Drive G: | 172,30 Gb Total Space | 37,50 Gb Free Space | 21,76% Space Free | Partition Type: NTFS
Drive H: | 279,40 Gb Total Space | 56,17 Gb Free Space | 20,10% Space Free | Partition Type: NTFS
Drive I: | 465,66 Gb Total Space | 27,45 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive J: | 931,68 Gb Total Space | 241,17 Gb Free Space | 25,89% Space Free | Partition Type: NTFS
Drive T: | 2794,39 Gb Total Space | 1987,51 Gb Free Space | 71,13% Space Free | Partition Type: NTFS
 
Computer Name: BLACKLION-PC | User Name: Black Lion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4939AB-FA9E-409A-8EA1-E22EBB647A26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1812A50F-283F-4D3F-9816-2146E2903692}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1ED2D5AE-026D-4010-BD94-F5E3BFEC9D24}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3DF210D8-9583-4DB3-9562-8197FE554AF1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52269F83-F7A0-438E-9E04-78BFCB75E27C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5409EFEF-6CDF-4E56-BB87-BDB369E620A0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{60799948-DB18-46B1-9566-70BFE50BD213}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{69E74FC1-5A68-40DD-A9AE-CE079D9BDCAF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{792B571C-C532-4B5F-ACDE-ECEAB770833F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A215DD4E-4824-49DC-862D-FCC32595090E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ADD4D701-1B26-4BA7-A11C-31FD358D23D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6E7A4B2-551F-4DD6-BE9E-467AD2CEFC2A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BBB8D7A5-FA54-461A-A3BB-9DB89EAB8692}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C34BD51A-36D7-496D-A6B5-95AF1A8499B8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C6669D91-77A4-4D0C-BEDA-D5AE609DD486}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CC6A287D-39A6-45BA-AD9E-259690CEBBFB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D90A2763-0C1A-48B1-93F2-1F39ECAF3438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DAD55A70-C2A9-4792-BADE-6EB5BF33A2ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DEF21219-E2AF-4A82-82D0-363F0AFD03A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA028628-93CD-4785-8A51-C73D425B5BC9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FD825CC5-5884-46EA-9832-E117F318948F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046A8569-8B31-4C5A-9AC5-29CCEC8F2980}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0953BB04-CF2E-47AD-93C7-678BCFC3A436}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A9F946E-245C-4FBB-A3D6-A0C5C341D782}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{1720C9C5-D199-40D1-9C26-DA0DD29E84ED}" = protocol=6 | dir=out | app=system | 
"{190DD76A-CDA4-45CE-A46F-DAA945A05385}" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | 
"{249AA2F1-7BA3-464A-9760-D0DA34213687}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2905E164-7AD8-4CC1-9C2F-1195DBB8EA04}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{302444B8-F091-4B42-B50C-383B89872588}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32D422B6-95DD-46BC-9AF0-7BB97DF48DE9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{33CDB276-2896-47C5-B926-1716C6BDAF1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3DF3C0B4-F184-4843-9472-DA208CCF8EA8}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{41AF2B5F-7A6B-4DB1-B579-C528AE105664}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4AD26BFC-830E-4C32-9FE7-D4B69462724E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{5EBAB4B3-5910-4274-83A4-DF987450DB19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{692C300E-5D04-465E-960D-D0D424DA088D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{71658FCE-EBE0-4955-8F07-07A3A696A39A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{89194E97-1F67-490D-85B6-46AB73AFFDF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8BFF5276-F907-4430-A9D9-FAD3663D1885}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{8EFDF3FE-93D4-4C0B-81C1-3AAD81A58F3F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{94C488FA-18F0-439E-AD09-91921FAF8916}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98B0AE87-80D0-4D19-AD5C-72EB1164A5AB}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{9C617684-526D-475C-98C8-9BB10C96951A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9DD2EA77-5B3E-48A0-A9E7-F7D0C0CCE361}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{A6D74A22-9F8C-4C2C-844D-ADE6AFB52418}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{AAD8B3CD-7A46-4D44-B07E-8B5B0AB0AC0F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{B9EBCF19-FA78-4CD2-AD7A-6E454FBBA7EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C165DDAE-2604-4293-80B2-FAA9DA2C1820}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB0D1511-C160-4D1B-8A2F-706D6DC2A3EF}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{CB830140-6B19-4D84-AAD5-991E6AD9A5C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D75D4F46-E3A1-464A-9CF9-A9E18BE71D42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DDDED967-33D0-4DD6-BA2E-2CCC1A464731}" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe | 
"{DFB78F47-2E12-4F88-806C-A0C7F4899F2D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F8883E17-2F55-4314-8AF3-4A6B85B9C030}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{10E7518D-6239-4050-B959-469208E06937}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{307F6F9F-3514-4309-B7DD-A62F79C7D4B5}F:\warcraft 3 replays und taktiken\wtvclient0.97.02\wtvclient.exe" = protocol=6 | dir=in | app=f:\warcraft 3 replays und taktiken\wtvclient0.97.02\wtvclient.exe | 
"TCP Query User{35A5FF45-50D5-4B55-AFEB-1A68620E0E65}C:\program files (x86)\utorrent\utorrent 1.8.1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent 1.8.1.exe | 
"TCP Query User{3D13050E-E9E4-4CA4-A171-1B747D7D26D4}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{44332B56-46FA-42CC-9154-43B2344A4425}C:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe | 
"TCP Query User{54257C8E-E44D-424C-B704-1B524DFBC563}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{5585D3D2-7C20-4C75-8694-8DEAFD24EBB0}H:\images\diablo iii\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=h:\images\diablo iii\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{56A0A3E6-F634-4F58-9B6A-7AD169998F52}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{636CBCA9-B1A6-4E9F-89BB-2879E9A884FE}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe | 
"TCP Query User{69631DCC-2669-46C4-AB90-91B784A75D7C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{77E7CB7A-C4E0-48BA-A807-0EEF21382FD3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{7E0FE337-CDF4-4698-9CDC-BBD46BC221A3}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{848A67DC-5980-4830-949B-5D1BCB3F147D}C:\program files (x86)\2brightsparks\syncbackpro\syncbackpro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2brightsparks\syncbackpro\syncbackpro.exe | 
"TCP Query User{8EF06876-007C-473E-AAA9-1075B456DE54}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{0EBF9E6A-6AC9-4637-BD46-34A26A5B3050}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{1D162128-9946-4A63-AFD8-DC1BB9514454}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{6E598F2B-0AC8-41D8-ABDB-D99BCCD6FA41}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{82753B8A-F679-4249-8D65-B261DB29FB99}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{8EE12DF1-89F3-44FD-B708-BF22CF109453}C:\program files (x86)\2brightsparks\syncbackpro\syncbackpro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2brightsparks\syncbackpro\syncbackpro.exe | 
"UDP Query User{A1D2C790-A0B7-451B-AEC2-BFC8D6D15290}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe | 
"UDP Query User{B29061D7-BC13-4786-8F38-573733837E5C}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{B525CFBA-1200-4B68-AD2F-40EF18BA1BFC}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{C25A7095-3204-49FD-9B5B-5F374C4DEDE1}H:\images\diablo iii\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=h:\images\diablo iii\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{D7D6FF6C-15D5-42E1-9DF7-B58B3D11F288}C:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe | 
"UDP Query User{E2BC0F28-BD20-4A8F-84F6-66677817D484}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{EA578B69-1369-460F-9E27-24F7908C5E6D}F:\warcraft 3 replays und taktiken\wtvclient0.97.02\wtvclient.exe" = protocol=17 | dir=in | app=f:\warcraft 3 replays und taktiken\wtvclient0.97.02\wtvclient.exe | 
"UDP Query User{F7321E21-540E-4A6F-B6D1-F5BFB9576E5A}C:\program files (x86)\utorrent\utorrent 1.8.1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent 1.8.1.exe | 
"UDP Query User{FA48CC3B-B801-4957-8E59-8E4B0C5E6E37}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5A2565D0-A773-4C69-A66D-7AAF2039E985}" = Classic Shell
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8AB541B4-ADAC-4981-A635-02C15B01779D}" = SSDlife Free
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"AC3Filter_is1" = AC3Filter 1.63b
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"Cockatrice" = Cockatrice
"DAEMON Tools Lite" = DAEMON Tools Lite
"DCoder Image Source" = DCoder Image Source (remove only)
"Diablo III" = Diablo III
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Foxit Reader_is1" = Foxit Reader 5.0
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Gaming Mouse 3" = Gaming Mouse
"HaaliMkx" = Haali Media Splitter
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"IrfanView" = IrfanView (remove only)
"MiPony" = MiPony 1.6.4
"Miranda IM" = Miranda IM 0.9.47
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealMedia" = RealMedia (remove only)
"SyncBackPro_is1" = SyncBackPro
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 2.0.1
"Warcraft III" = Warcraft III
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player deutsche Sprachdateien (entfernen)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2712221221-3655037957-805285431-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2012 11:36:40 | Computer Name = BlackLion-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.05.2012 10:40:17 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.05.2012 10:56:41 | Computer Name = BlackLion-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 30.05.2012 10:41:48 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.05.2012 12:23:27 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.05.2012 10:36:47 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.06.2012 09:17:21 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2012 09:53:51 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2012 15:52:33 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.06.2012 17:10:54 | Computer Name = BlackLion-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 27.05.2012 12:57:43 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 28.05.2012 09:51:49 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 29.05.2012 10:38:36 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 30.05.2012 10:40:06 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 30.05.2012 12:21:45 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 31.05.2012 10:35:05 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 01.06.2012 09:15:39 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 02.06.2012 09:52:09 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 02.06.2012 15:50:51 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
Error - 02.06.2012 17:09:13 | Computer Name = BlackLion-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   VDiskBus
 
 
< End of report >
         
--- --- ---

[/code

Geändert von Black Lion (03.06.2012 um 00:02 Uhr)

Alt 05.06.2012, 15:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
(xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware? - Böse

(xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware?



Crossposting!!! => explorer.exe und andere Prozesse mehrfach vorhanden
__________________

__________________

 

Themen zu (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware?
4d36e972-e325-11ce-bfc1-08002be10318, antivir, avira, battle.net, bho, dateisystem, defender, desktop, document, firefox, format, heuristiks/extra, heuristiks/shuriken, install.exe, langs, logfile, malware, microsoft, microsoft office word, mipony, mozilla, nvidia, nvidia update, nvstor.sys, opera, programme, prozess, prozesse, registry, richtlinie, rundll, scan, searchscopes, software, taskmanager, windows, winlogon, winlogon.exe, wsearch



Ähnliche Themen: (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware?


  1. Prozesse conhost.exe svchost.exe reg.exe mehrmals vorhanden. Verdacht auf Infektion
    Log-Analyse und Auswertung - 08.11.2015 (4)
  2. Windows 7: Avira liefert täglich mehrfach Trojaner/Malware Meldungen
    Log-Analyse und Auswertung - 12.04.2015 (11)
  3. Windows 7: AVIRA liefert täglich mehrfach Viren/Trojaner/Malware Meldungen
    Log-Analyse und Auswertung - 09.04.2015 (15)
  4. Explorer.exe öffnet sich mehrfach automatisch (Virus?)
    Plagegeister aller Art und deren Bekämpfung - 29.12.2014 (1)
  5. Teamspeak und andere Prozesse geben aufeinmal keine Rückmeldung
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (13)
  6. Windows 7: Scans und andere Prozesse werden nicht abgeschlossen
    Log-Analyse und Auswertung - 20.09.2013 (9)
  7. Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?
    Log-Analyse und Auswertung - 02.04.2013 (25)
  8. rundll32.exe und andere seltsame Prozesse, IE startet immer wieder mit leerer Seite
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (4)
  9. Ungewöhnliche Prozesse nach Abwesenheit vom PC. (Malware?)
    Log-Analyse und Auswertung - 15.07.2011 (1)
  10. Malware noch vorhanden?
    Log-Analyse und Auswertung - 13.05.2011 (4)
  11. Internet explorer läuft mehrfach im hintergrund
    Log-Analyse und Auswertung - 12.05.2011 (36)
  12. Audio HD Driver und mehrfach Explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 22.03.2011 (11)
  13. Trojaner entpackt yw1.exe, ypyzea.exe und andere Prozesse...
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  14. Notebook friert immer wieder ein!!! mögliche malware
    Plagegeister aller Art und deren Bekämpfung - 06.11.2009 (23)
  15. WinSpywareProtect entfernt - andere Malware noch vorhanden
    Log-Analyse und Auswertung - 21.05.2008 (11)
  16. unnötige prozesse vorhanden?
    Log-Analyse und Auswertung - 11.07.2007 (1)
  17. Merkwürdige Prozesse und andere Probleme...
    Mülltonne - 21.02.2007 (2)

Zum Thema (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware? - Hallo, mir ist heute bei einem zufälligen Blick in den Taskmanager aufgefallen, dass die explorer.exe 5 mal gestartet war. Der Dateipfad verwies bei allen immer auf das korrekte Verzeichnis. Nach - (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware?...
Archiv
Du betrachtest: (xposting) explorer.exe und andere Prozesse mehrfach vorhanden, mögliche Malware? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.