Hallo,
das Thema wurde hier schon behandelt, allerdings steht auch immer dabei, dass man nicht einfach diesen Schritten folgen sollte, da das Vorgehen bei jedem anders aussehen kann.
Deshalb hier meine Beschreibung:
Mein PC:
HP ProBook 4710
mit
Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Mein Problem:
Seit einigen Wochen erscheinen einzelne Worte auf Internetseiten als Links, unter denen dann unzüchtige Bilder (offensichtlich Links) aufgehen, oder der Text:
"Click to Continue > DownloadNSave"
Beispiel:



Ich habe diese Links noch nicht angeklickt, und das Programm ist offenbar nicht weiter bösartig, aber die Links machen es mir schwer, die echten von den Fakes zu unterscheiden.
Auch das Beurteilen der eigenen Homepage fällt mit all diesen Veränderungen schwer.
Ich hatte zuerst den Shockwave Flash in Verdacht, denn sobald ich diesen deaktiviere, sind auch die Links weg, aber wahrscheinlich nutzen diese nur die Flash-Technik.
Ich habe die drei Schritte durchlaufen, die Ihr vorab empfehlt, und hier sind die Ergebnisse:
1.Defogger
scheint nichts gefunden zu haben - es gab keine Fehlermeldung und in der defogger_disable.log steht nur "d"

2.1. OLT.Txt (im Anhang)

2.2. (OLT) Extras.Txt (im Anhang)

3. GMER.log (im Anhang)

Ich hoffe, das war alles Wichtige und ich habs richtig gemacht,
und ich würde mich freuen, wenn mir jemand helfen kann.
Bis die Tage!
Vielen Dank im Voraus!
Walterle

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
  
  
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  
  
• Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
  
  
• Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
  
  
• Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Zitat:

Mein Problem:
Seit einigen Wochen erscheinen einzelne Worte auf Internetseiten als Links, unter denen dann unzüchtige Bilder (offensichtlich Links) aufgehen, oder der Text:
"Click to Continue > DownloadNSave"

Und in welchen Browsern passiert das? Nur in einem oder in allen?

Schon irgendwelche Scans mit anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Hallo cosinus,
zu Deiner 1. Frage:
der Fehler taucht nur bei Firefox (10.0.1) auf, im IE (9.0.11) ist nichts davon zu sehen (andere Browser hab ich nicht).
2.
Ich habe Scans mit den Tools gemacht, die zu Anfang empfohlen werden (Defogger, OTL & GMER), diese jedoch als ZIP angehängt, weil der Text fürs Board zu lang war (Fehlermeldung).
Evtl. könnte ich schauen, ob sie einzeln reinpassen, wenn das hilfreich sein sollte.
Desweiteren habe ich noch Norton Interner Security laufen, der hat jedoch nichts gefunden.
Sonst habe ich noch nichts unternommen und auch am System nichts geändert.
Schöne Grüße
Walterle

Zitat:

der Fehler taucht nur bei Firefox (10.0.1)

Firefox 10 oder Firefox ESR? Aktuell ist Firefox 16.0.2!

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

• Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Hallo cosinus,
mir war gar nicht bewusst, dass es einen neueren Firefox gibt - aber meiner ist tatsächlich 10.0.1
Ich poste hier zuerst den aswMBR-Scan, weiter unten das Ergebnis des TDSS-Killer:

Zitat:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 21:53:36
-----------------------------
21:53:36.655 OS Version: Windows 6.1.7601 Service Pack 1
21:53:36.655 Number of processors: 2 586 0x170A
21:53:36.655 ComputerName: ***-NOTEBOOK UserName: ***
21:53:40.274 Initialize success
21:57:10.765 AVAST engine defs: 12111900
21:57:16.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:57:16.561 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 3
21:57:16.577 Disk 0 MBR read successfully
21:57:16.593 Disk 0 MBR scan
21:57:16.608 Disk 0 Windows 7 default MBR code
21:57:16.608 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:57:16.624 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100000 MB offset 206848
21:57:16.639 Disk 0 Partition - 00 05 Extended 376838 MB offset 205006848
21:57:16.655 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 93050 MB offset 205008896
21:57:16.655 Disk 0 Partition - 00 05 Extended 92157 MB offset 395575296
21:57:16.671 Disk 0 scanning sectors +976771072
21:57:16.764 Disk 0 scanning C:\Windows\system32\drivers
21:57:28.901 Service scanning
21:57:49.988 Modules scanning
21:57:57.439 Disk 0 trace - called modules:
21:57:57.459 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:57:57.469 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bc4a00]
21:57:57.469 3 CLASSPNP.SYS[8c39159e] -> nt!IofCallDriver -> [0x86bc3230]
21:57:57.479 5 hpdskflt.sys[8c342f92] -> nt!IofCallDriver -> [0x86ae83e0]
21:57:57.479 7 ACPI.sys[8b8a53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d26610]
21:57:58.179 AVAST engine scan C:\Windows
21:58:00.679 AVAST engine scan C:\Windows\system32
22:00:46.174 AVAST engine scan C:\Windows\system32\drivers
22:00:58.936 AVAST engine scan C:\Users\***
22:13:39.745 AVAST engine scan C:\ProgramData
22:15:43.603 Scan finished successfully
22:18:23.326 Disk 0 MBR has been saved successfully to "E:\Download\Neu\TrojanerSoftware\MBR.dat"
22:18:23.326 The log file has been saved successfully to "E:\Download\Neu\TrojanerSoftware\aswMBR.txt"

Zitat:

22:26:02.0946 4396 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:26:02.0966 4396 ============================================================
22:26:02.0966 4396 Current date / time: 2012/11/19 22:26:02.0966
22:26:02.0966 4396 SystemInfo:
22:26:02.0966 4396
22:26:02.0966 4396 OS Version: 6.1.7601 ServicePack: 1.0
22:26:02.0966 4396 Product type: Workstation
22:26:02.0966 4396 ComputerName: HARALD-NOTEBOOK
22:26:02.0966 4396 UserName: Harald
22:26:02.0966 4396 Windows directory: C:\Windows
22:26:02.0966 4396 System windows directory: C:\Windows
22:26:02.0966 4396 Processor architecture: Intel x86
22:26:02.0966 4396 Number of processors: 2
22:26:02.0966 4396 Page size: 0x1000
22:26:02.0966 4396 Boot type: Normal boot
22:26:02.0966 4396 ============================================================
22:26:05.0176 4396 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:26:05.0176 4396 ============================================================
22:26:05.0176 4396 \Device\Harddisk0\DR0:
22:26:05.0176 4396 MBR partitions:
22:26:05.0176 4396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:26:05.0176 4396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC350000
22:26:05.0196 4396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC383000, BlocksNum 0xB5BD000
22:26:05.0206 4396 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x17940800, BlocksNum 0xB3FE000
22:26:05.0226 4396 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x22D3F000, BlocksNum 0xC9AF800
22:26:05.0246 4396 \Device\Harddisk0\DR0\Partition6: MBR, Type 0x7, StartLBA 0x2F6EF000, BlocksNum 0xAC96800
22:26:05.0246 4396 ============================================================
22:26:05.0296 4396 C: <-> \Device\Harddisk0\DR0\Partition2
22:26:05.0326 4396 D: <-> \Device\Harddisk0\DR0\Partition3
22:26:05.0366 4396 E: <-> \Device\Harddisk0\DR0\Partition4
22:26:05.0396 4396 F: <-> \Device\Harddisk0\DR0\Partition5
22:26:05.0416 4396 S: <-> \Device\Harddisk0\DR0\Partition6
22:26:05.0416 4396 ============================================================
22:26:05.0416 4396 Initialize success
22:26:05.0416 4396 ============================================================
22:26:38.0945 5732 ============================================================
22:26:38.0945 5732 Scan started
22:26:38.0945 5732 Mode: Manual; SigCheck; TDLFS;
22:26:38.0945 5732 ============================================================
22:26:39.0506 5732 ================ Scan system memory ========================
22:26:39.0506 5732 System memory - ok
22:26:39.0506 5732 ================ Scan services =============================
22:26:39.0664 5732 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:26:39.0774 5732 1394ohci - ok
22:26:39.0834 5732 [ 080A40550FB95A328917512F3F5A0409 ] 5U876UVC C:\Windows\system32\DRIVERS\5U876.sys
22:26:39.0904 5732 5U876UVC - ok
22:26:39.0954 5732 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
22:26:39.0964 5732 Accelerometer - ok
22:26:40.0004 5732 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:26:40.0054 5732 ACPI - ok
22:26:40.0084 5732 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:26:40.0234 5732 AcpiPmi - ok
22:26:40.0404 5732 [ 97E4F91B996420B253FBEC98B817E29F ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
22:26:40.0494 5732 AcrSch2Svc - ok
22:26:40.0564 5732 [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
22:26:40.0644 5732 ADIHdAudAddService - ok
22:26:40.0764 5732 [ 63AB43534CBF5D7F3EB81DFDC8161490 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
22:26:40.0804 5732 AdobeActiveFileMonitor5.0 - ok
22:26:40.0934 5732 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:26:40.0994 5732 AdobeFlashPlayerUpdateSvc - ok
22:26:41.0024 5732 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:26:41.0094 5732 adp94xx - ok
22:26:41.0134 5732 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:26:41.0184 5732 adpahci - ok
22:26:41.0204 5732 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:26:41.0224 5732 adpu320 - ok
22:26:41.0284 5732 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
22:26:41.0344 5732 AEADIFilters - ok
22:26:41.0404 5732 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:26:41.0874 5732 AeLookupSvc - ok
22:26:41.0934 5732 [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
22:26:41.0964 5732 afcdp - ok
22:26:42.0234 5732 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
22:26:42.0324 5732 afcdpsrv - ok
22:26:42.0384 5732 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:26:42.0504 5732 AFD - ok
22:26:42.0584 5732 [ 48091A2374A69F473273C44951195452 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
22:26:42.0604 5732 AgereModemAudio - ok
22:26:42.0694 5732 [ C6FA08A8CCA9001F3197525B07331715 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
22:26:42.0824 5732 AgereSoftModem - ok
22:26:42.0884 5732 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:26:42.0904 5732 agp440 - ok
22:26:42.0954 5732 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:26:42.0974 5732 aic78xx - ok
22:26:43.0004 5732 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:26:43.0094 5732 ALG - ok
22:26:43.0134 5732 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:26:43.0154 5732 aliide - ok
22:26:43.0234 5732 [ A236CEE2BF90381E981EBB870429FA9B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:26:43.0384 5732 AMD External Events Utility - ok
22:26:43.0434 5732 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:26:43.0481 5732 amdagp - ok
22:26:43.0528 5732 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:26:43.0544 5732 amdide - ok
22:26:43.0575 5732 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:26:43.0637 5732 AmdK8 - ok
22:26:43.0700 5732 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:26:43.0762 5732 AmdPPM - ok
22:26:43.0793 5732 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:26:43.0856 5732 amdsata - ok
22:26:43.0902 5732 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:26:43.0934 5732 amdsbs - ok
22:26:43.0965 5732 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:26:43.0980 5732 amdxata - ok
22:26:44.0012 5732 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:26:44.0105 5732 AppID - ok
22:26:44.0152 5732 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:26:44.0214 5732 AppIDSvc - ok
22:26:44.0261 5732 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:26:44.0324 5732 Appinfo - ok
22:26:44.0448 5732 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:26:44.0495 5732 Apple Mobile Device - ok
22:26:44.0511 5732 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:26:44.0526 5732 arc - ok
22:26:44.0573 5732 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:26:44.0604 5732 arcsas - ok
22:26:44.0776 5732 [ 9D1A9B5DA7D2DC540DBFF2073C38D032 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:26:44.0823 5732 aspnet_state - ok
22:26:44.0838 5732 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:26:44.0934 5732 AsyncMac - ok
22:26:44.0954 5732 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:26:44.0964 5732 atapi - ok
22:26:44.0994 5732 [ E2398389648B5D44DC63CA43FDD5B3F8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:26:45.0014 5732 AtiHdmiService - ok
22:26:45.0114 5732 [ A4252328D2B1520571102992EF0B0E5C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:26:45.0264 5732 atikmdag - ok
22:26:45.0304 5732 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:26:45.0354 5732 AudioEndpointBuilder - ok
22:26:45.0364 5732 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:26:45.0394 5732 Audiosrv - ok
22:26:45.0424 5732 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:26:45.0464 5732 AxInstSV - ok
22:26:45.0494 5732 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:26:45.0534 5732 b06bdrv - ok
22:26:45.0554 5732 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:26:45.0594 5732 b57nd60x - ok
22:26:45.0624 5732 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:26:45.0664 5732 BDESVC - ok
22:26:45.0684 5732 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:26:45.0734 5732 Beep - ok
22:26:45.0764 5732 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:26:45.0824 5732 BFE - ok
22:26:45.0924 5732 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121106.001\BHDrvx86.sys
22:26:45.0974 5732 BHDrvx86 - ok
22:26:46.0014 5732 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:26:46.0071 5732 BITS - ok
22:26:46.0102 5732 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:26:46.0133 5732 blbdrive - ok
22:26:46.0180 5732 [ 61CC3E8FE7A041630EC8C701A2594A36 ] BlueletSCOAudio C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
22:26:46.0211 5732 BlueletSCOAudio - ok
22:26:46.0289 5732 [ 941E435E5A903CC60E50E72037FA39D0 ] BlueSoleilCS C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
22:26:46.0336 5732 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - warning
22:26:46.0336 5732 BlueSoleilCS - detected UnsignedFile.Multi.Generic (1)
22:26:46.0398 5732 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:26:46.0414 5732 Bonjour Service - ok
22:26:46.0430 5732 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:26:46.0476 5732 bowser - ok
22:26:46.0492 5732 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:26:46.0554 5732 BrFiltLo - ok
22:26:46.0570 5732 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:26:46.0586 5732 BrFiltUp - ok
22:26:46.0617 5732 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:26:46.0664 5732 Browser - ok
22:26:46.0788 5732 [ A3333663E400B6327E0A0B98CAD20A24 ] Browser Manager C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
22:26:46.0882 5732 Browser Manager - ok
22:26:46.0929 5732 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:26:46.0960 5732 Brserid - ok
22:26:46.0976 5732 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:26:47.0007 5732 BrSerWdm - ok
22:26:47.0022 5732 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:26:47.0038 5732 BrUsbMdm - ok
22:26:47.0054 5732 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:26:47.0085 5732 BrUsbSer - ok
22:26:47.0132 5732 [ 6986302B57BFFC135414488FA67464F1 ] BsHelpCS C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
22:26:47.0147 5732 BsHelpCS ( UnsignedFile.Multi.Generic ) - warning
22:26:47.0147 5732 BsHelpCS - detected UnsignedFile.Multi.Generic (1)
22:26:47.0163 5732 [ 33A331BD56AEAEF290E175E926D52C57 ] BT C:\Windows\system32\DRIVERS\btnetdrv.sys
22:26:47.0194 5732 BT - ok
22:26:47.0225 5732 [ 56203C02F2AAE703C3D42044A00E7280 ] Btcsrusb C:\Windows\system32\Drivers\btcusb.sys
22:26:47.0241 5732 Btcsrusb - ok
22:26:47.0272 5732 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:26:47.0350 5732 BthEnum - ok
22:26:47.0366 5732 [ 3629728DF25C7752E13AFBED6EE5D074 ] BtHidBus C:\Windows\system32\Drivers\BtHidBus.sys
22:26:47.0381 5732 BtHidBus - ok
22:26:47.0397 5732 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:26:47.0428 5732 BTHMODEM - ok
22:26:47.0459 5732 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:26:47.0490 5732 BthPan - ok
22:26:47.0506 5732 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:26:47.0537 5732 BTHPORT - ok
22:26:47.0553 5732 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:26:47.0600 5732 bthserv - ok
22:26:47.0631 5732 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:26:47.0662 5732 BTHUSB - ok
22:26:47.0678 5732 [ 912AE3FEC6E832F829B2B0C111D5D38E ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys
22:26:47.0693 5732 btnetBUs - ok
22:26:47.0740 5732 [ 0D223C6F208C303E1AEFFC392BBEC46C ] bxShield C:\Windows\system32\Drivers\bxShield.sys
22:26:47.0756 5732 bxShield ( UnsignedFile.Multi.Generic ) - warning
22:26:47.0756 5732 bxShield - detected UnsignedFile.Multi.Generic (1)
22:26:47.0818 5732 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1309000.009\ccSetx86.sys
22:26:47.0834 5732 ccSet_NIS - ok
22:26:47.0849 5732 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:26:47.0896 5732 cdfs - ok
22:26:47.0927 5732 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:26:47.0943 5732 cdrom - ok
22:26:47.0958 5732 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:26:48.0005 5732 CertPropSvc - ok
22:26:48.0036 5732 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:26:48.0083 5732 circlass - ok
22:26:48.0099 5732 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:26:48.0130 5732 CLFS - ok
22:26:48.0161 5732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:48.0177 5732 clr_optimization_v2.0.50727_32 - ok
22:26:48.0208 5732 [ 1EBE1854D94B704D1C0EEFAEF4711151 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:26:48.0255 5732 clr_optimization_v4.0.30319_32 - ok
22:26:48.0270 5732 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:26:48.0286 5732 CmBatt - ok
22:26:48.0317 5732 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:26:48.0333 5732 cmdide - ok
22:26:48.0364 5732 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:26:48.0411 5732 CNG - ok
22:26:48.0458 5732 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:26:48.0473 5732 Com4QLBEx - ok
22:26:48.0504 5732 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:26:48.0520 5732 Compbatt - ok
22:26:48.0536 5732 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:26:48.0582 5732 CompositeBus - ok
22:26:48.0582 5732 COMSysApp - ok
22:26:48.0598 5732 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:26:48.0614 5732 crcdisk - ok
22:26:48.0645 5732 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:26:48.0676 5732 CryptSvc - ok
22:26:48.0707 5732 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:26:48.0770 5732 DcomLaunch - ok
22:26:48.0801 5732 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:26:48.0863 5732 defragsvc - ok
22:26:48.0879 5732 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:26:48.0926 5732 DfsC - ok
22:26:48.0941 5732 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:26:48.0972 5732 Dhcp - ok
22:26:49.0004 5732 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:26:49.0050 5732 discache - ok
22:26:49.0066 5732 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:26:49.0082 5732 Disk - ok
22:26:49.0113 5732 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:26:49.0144 5732 Dnscache - ok
22:26:49.0175 5732 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:26:49.0222 5732 dot3svc - ok
22:26:49.0238 5732 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:26:49.0269 5732 Dot4 - ok
22:26:49.0284 5732 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:26:49.0316 5732 Dot4Print - ok
22:26:49.0331 5732 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:26:49.0362 5732 dot4usb - ok
22:26:49.0394 5732 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:26:49.0440 5732 DPS - ok
22:26:49.0503 5732 [ 22D5D590C612F2DBBCC004891E5775B5 ] DragonSvc C:\Program Files\Common Files\Nuance\dgnsvc.exe
22:26:49.0518 5732 DragonSvc - ok
22:26:49.0534 5732 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:26:49.0565 5732 drmkaud - ok
22:26:49.0596 5732 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:26:49.0628 5732 DXGKrnl - ok
22:26:49.0659 5732 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:26:49.0706 5732 EapHost - ok
22:26:49.0768 5732 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:26:49.0877 5732 ebdrv - ok
22:26:49.0924 5732 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:26:49.0955 5732 eeCtrl - ok
22:26:49.0971 5732 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:26:50.0018 5732 EFS - ok
22:26:50.0064 5732 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:26:50.0111 5732 ehRecvr - ok
22:26:50.0142 5732 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:26:50.0174 5732 ehSched - ok
22:26:50.0205 5732 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:26:50.0236 5732 elxstor - ok
22:26:50.0252 5732 [ 2D77C535D32688D5FD6CD05C04E27948 ] emaudsv C:\Windows\system32\emaudsv.exe
22:26:50.0283 5732 emaudsv - ok
22:26:50.0298 5732 [ 0407B78FAAA9437FFCCD6C393D483309 ] emusba10 C:\Windows\system32\DRIVERS\emusba10.sys
22:26:50.0314 5732 emusba10 - ok
22:26:50.0392 5732 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:26:50.0408 5732 EraserUtilRebootDrv - ok
22:26:50.0439 5732 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:26:50.0454 5732 ErrDev - ok
22:26:50.0486 5732 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:26:50.0532 5732 EventSystem - ok
22:26:50.0564 5732 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:26:50.0610 5732 exfat - ok
22:26:50.0626 5732 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:26:50.0673 5732 fastfat - ok
22:26:50.0704 5732 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:26:50.0751 5732 Fax - ok
22:26:50.0782 5732 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:26:50.0813 5732 fdc - ok
22:26:50.0813 5732 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:26:50.0876 5732 fdPHost - ok
22:26:50.0876 5732 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:26:50.0922 5732 FDResPub - ok
22:26:50.0938 5732 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:26:50.0954 5732 FileInfo - ok
22:26:50.0969 5732 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:26:51.0016 5732 Filetrace - ok
22:26:51.0016 5732 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:26:51.0047 5732 flpydisk - ok
22:26:51.0063 5732 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:26:51.0094 5732 FltMgr - ok
22:26:51.0125 5732 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
22:26:51.0188 5732 FontCache - ok
22:26:51.0234 5732 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:26:51.0266 5732 FontCache3.0.0.0 - ok
22:26:51.0281 5732 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:26:51.0297 5732 FsDepends - ok
22:26:51.0328 5732 [ ECF92C0596E8390FE629FACB59FE38B3 ] FSService C:\Program Files\Folder Shield\FSService.exe
22:26:51.0344 5732 FSService - ok
22:26:51.0375 5732 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:26:51.0390 5732 Fs_Rec - ok
22:26:51.0406 5732 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:26:51.0453 5732 fvevol - ok
22:26:51.0468 5732 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:26:51.0484 5732 gagp30kx - ok
22:26:51.0500 5732 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:26:51.0515 5732 GEARAspiWDM - ok
22:26:51.0562 5732 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:26:51.0624 5732 gpsvc - ok
22:26:51.0671 5732 gupdate - ok
22:26:51.0671 5732 gupdatem - ok
22:26:51.0734 5732 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:26:51.0765 5732 gusvc - ok
22:26:51.0780 5732 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:26:51.0812 5732 hcw85cir - ok
22:26:51.0843 5732 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:26:51.0874 5732 HdAudAddService - ok
22:26:51.0905 5732 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:26:51.0968 5732 HDAudBus - ok
22:26:51.0983 5732 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:26:52.0092 5732 HidBatt - ok
22:26:52.0108 5732 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:26:52.0139 5732 HidBth - ok
22:26:52.0139 5732 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:26:52.0170 5732 HidIr - ok
22:26:52.0202 5732 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:26:52.0242 5732 hidserv - ok
22:26:52.0262 5732 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:26:52.0292 5732 HidUsb - ok
22:26:52.0322 5732 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:26:52.0372 5732 hkmsvc - ok
22:26:52.0402 5732 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:26:52.0432 5732 HomeGroupListener - ok
22:26:52.0472 5732 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:26:52.0502 5732 HomeGroupProvider - ok
22:26:52.0532 5732 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
22:26:52.0552 5732 hpdskflt - ok
22:26:52.0602 5732 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:26:52.0612 5732 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:26:52.0612 5732 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:26:52.0632 5732 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:26:52.0652 5732 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:26:52.0652 5732 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:26:52.0672 5732 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:26:52.0712 5732 HpqKbFiltr - ok
22:26:52.0742 5732 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:26:52.0762 5732 hpqwmiex - ok
22:26:52.0792 5732 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:26:52.0812 5732 HpSAMD - ok
22:26:52.0832 5732 [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:26:52.0862 5732 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:26:52.0862 5732 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:26:52.0882 5732 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\Windows\system32\Hpservice.exe
22:26:52.0892 5732 hpsrv - ok
22:26:52.0932 5732 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
22:26:52.0962 5732 HTCAND32 - ok
22:26:53.0002 5732 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
22:26:53.0022 5732 htcnprot - ok
22:26:53.0052 5732 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:26:53.0107 5732 HTTP - ok
22:26:53.0123 5732 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:26:53.0138 5732 hwpolicy - ok
22:26:53.0154 5732 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:26:53.0185 5732 i8042prt - ok
22:26:53.0216 5732 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:26:53.0232 5732 iaStorV - ok
22:26:53.0279 5732 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:26:53.0294 5732 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:26:53.0294 5732 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:26:53.0341 5732 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:26:53.0388 5732 idsvc - ok
22:26:53.0435 5732 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121116.001\IDSvix86.sys
22:26:53.0466 5732 IDSVix86 - ok
22:26:53.0497 5732 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:26:53.0513 5732 iirsp - ok
22:26:53.0544 5732 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:26:53.0606 5732 IKEEXT - ok
22:26:53.0622 5732 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:26:53.0638 5732 intelide - ok
22:26:53.0669 5732 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:26:53.0700 5732 intelppm - ok
22:26:53.0731 5732 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:26:53.0778 5732 IPBusEnum - ok
22:26:53.0794 5732 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:26:53.0825 5732 IpFilterDriver - ok
22:26:53.0856 5732 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:26:53.0918 5732 iphlpsvc - ok
22:26:53.0934 5732 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:26:53.0965 5732 IPMIDRV - ok
22:26:53.0996 5732 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:26:54.0028 5732 IPNAT - ok
22:26:54.0059 5732 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:26:54.0106 5732 iPod Service - ok
22:26:54.0106 5732 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:26:54.0168 5732 IRENUM - ok
22:26:54.0184 5732 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:26:54.0199 5732 isapnp - ok
22:26:54.0230 5732 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:26:54.0246 5732 iScsiPrt - ok
22:26:54.0293 5732 [ 981C005C2389BA1DE8575CDDB2829340 ] IvtBtBUs C:\Windows\system32\Drivers\IvtBtBus.sys
22:26:54.0308 5732 IvtBtBUs - ok
22:26:54.0340 5732 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:26:54.0355 5732 kbdclass - ok
22:26:54.0371 5732 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:26:54.0402 5732 kbdhid - ok
22:26:54.0418 5732 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:26:54.0449 5732 KeyIso - ok
22:26:54.0464 5732 [ 4476FE98AAF505ACDCD3EE6360AABEC1 ] KMWDFILTERx86 C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:26:54.0480 5732 KMWDFILTERx86 - ok
22:26:54.0527 5732 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:26:54.0542 5732 KSecDD - ok
22:26:54.0574 5732 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:26:54.0589 5732 KSecPkg - ok
22:26:54.0620 5732 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:26:54.0652 5732 KtmRm - ok
22:26:54.0683 5732 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:26:54.0730 5732 LanmanServer - ok
22:26:54.0761 5732 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:26:54.0808 5732 LanmanWorkstation - ok
22:26:54.0839 5732 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:26:54.0886 5732 lltdio - ok
22:26:54.0917 5732 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:26:54.0964 5732 lltdsvc - ok
22:26:54.0964 5732 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:26:55.0010 5732 lmhosts - ok
22:26:55.0026 5732 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:26:55.0042 5732 LSI_FC - ok
22:26:55.0057 5732 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:26:55.0073 5732 LSI_SAS - ok
22:26:55.0088 5732 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:26:55.0104 5732 LSI_SAS2 - ok
22:26:55.0120 5732 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:26:55.0135 5732 LSI_SCSI - ok
22:26:55.0151 5732 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:26:55.0182 5732 luafv - ok
22:26:55.0213 5732 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:26:55.0244 5732 Mcx2Svc - ok
22:26:55.0260 5732 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:26:55.0276 5732 megasas - ok
22:26:55.0307 5732 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:26:55.0322 5732 MegaSR - ok
22:26:55.0338 5732 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:26:55.0385 5732 MMCSS - ok
22:26:55.0416 5732 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:26:55.0447 5732 Modem - ok
22:26:55.0463 5732 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:26:55.0478 5732 monitor - ok
22:26:55.0510 5732 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:26:55.0525 5732 mouclass - ok
22:26:55.0556 5732 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:26:55.0572 5732 mouhid - ok
22:26:55.0603 5732 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:26:55.0629 5732 mountmgr - ok
22:26:55.0719 5732 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:26:55.0739 5732 MozillaMaintenance - ok
22:26:55.0759 5732 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:26:55.0779 5732 mpio - ok
22:26:55.0789 5732 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:26:55.0829 5732 mpsdrv - ok
22:26:55.0869 5732 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:26:55.0929 5732 MpsSvc - ok
22:26:55.0949 5732 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:26:55.0989 5732 MRxDAV - ok
22:26:55.0999 5732 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:26:56.0029 5732 mrxsmb - ok
22:26:56.0049 5732 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:26:56.0079 5732 mrxsmb10 - ok
22:26:56.0089 5732 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:26:56.0109 5732 mrxsmb20 - ok
22:26:56.0129 5732 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:26:56.0149 5732 msahci - ok
22:26:56.0179 5732 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:26:56.0209 5732 msdsm - ok
22:26:56.0229 5732 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:26:56.0259 5732 MSDTC - ok
22:26:56.0289 5732 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:26:56.0339 5732 Msfs - ok
22:26:56.0359 5732 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:26:56.0399 5732 mshidkmdf - ok
22:26:56.0409 5732 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:26:56.0429 5732 msisadrv - ok
22:26:56.0449 5732 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:26:56.0489 5732 MSiSCSI - ok
22:26:56.0499 5732 msiserver - ok
22:26:56.0519 5732 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:26:56.0559 5732 MSKSSRV - ok
22:26:56.0569 5732 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:26:56.0609 5732 MSPCLOCK - ok
22:26:56.0619 5732 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:26:56.0659 5732 MSPQM - ok
22:26:56.0679 5732 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:26:56.0699 5732 MsRPC - ok
22:26:56.0719 5732 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:26:56.0739 5732 mssmbios - ok
22:26:56.0749 5732 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:26:56.0789 5732 MSTEE - ok
22:26:56.0799 5732 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:26:56.0819 5732 MTConfig - ok
22:26:56.0839 5732 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:26:56.0859 5732 Mup - ok
22:26:56.0889 5732 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:26:56.0939 5732 napagent - ok
22:26:56.0969 5732 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:26:57.0009 5732 NativeWifiP - ok
22:26:57.0069 5732 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121119.004\NAVENG.SYS
22:26:57.0089 5732 NAVENG - ok
22:26:57.0159 5732 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121119.004\NAVEX15.SYS
22:26:57.0229 5732 NAVEX15 - ok
22:26:57.0259 5732 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:26:57.0299 5732 NDIS - ok
22:26:57.0319 5732 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:26:57.0369 5732 NdisCap - ok
22:26:57.0389 5732 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:26:57.0419 5732 NdisTapi - ok
22:26:57.0439 5732 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:26:57.0489 5732 Ndisuio - ok
22:26:57.0499 5732 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:26:57.0549 5732 NdisWan - ok
22:26:57.0569 5732 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:26:57.0609 5732 NDProxy - ok
22:26:57.0649 5732 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:26:57.0669 5732 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:26:57.0669 5732 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:26:57.0689 5732 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:26:57.0719 5732 NetBIOS - ok
22:26:57.0739 5732 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:26:57.0789 5732 NetBT - ok
22:26:57.0809 5732 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:26:57.0829 5732 Netlogon - ok
22:26:57.0859 5732 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:26:57.0909 5732 Netman - ok
22:26:57.0939 5732 [ F50C405C5FCE480D39C882205EBA26A8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:26:57.0989 5732 NetMsmqActivator - ok
22:26:57.0999 5732 [ F50C405C5FCE480D39C882205EBA26A8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:26:58.0019 5732 NetPipeActivator - ok
22:26:58.0039 5732 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:26:58.0099 5732 netprofm - ok
22:26:58.0109 5732 [ F50C405C5FCE480D39C882205EBA26A8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:26:58.0129 5732 NetTcpActivator - ok
22:26:58.0139 5732 [ F50C405C5FCE480D39C882205EBA26A8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:26:58.0159 5732 NetTcpPortSharing - ok
22:26:58.0289 5732 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
22:26:58.0479 5732 NETw5s32 - ok
22:26:58.0509 5732 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:26:58.0529 5732 nfrd960 - ok
22:26:58.0649 5732 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
22:26:58.0669 5732 NIS - ok
22:26:58.0689 5732 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:26:58.0729 5732 NlaSvc - ok
22:26:58.0759 5732 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:26:58.0799 5732 Npfs - ok
22:26:58.0829 5732 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:26:58.0879 5732 nsi - ok
22:26:58.0889 5732 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:26:58.0939 5732 nsiproxy - ok
22:26:58.0999 5732 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:26:59.0049 5732 Ntfs - ok
22:26:59.0069 5732 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:26:59.0099 5732 Null - ok
22:26:59.0119 5732 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:26:59.0139 5732 nvraid - ok
22:26:59.0159 5732 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:26:59.0189 5732 nvstor - ok
22:26:59.0229 5732 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:26:59.0249 5732 nv_agp - ok
22:26:59.0309 5732 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:26:59.0339 5732 odserv - ok
22:26:59.0359 5732 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:26:59.0389 5732 ohci1394 - ok
22:26:59.0469 5732 [ FD85186C9F1ABE012DDF44C233552129 ] OS Selector C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
22:26:59.0539 5732 OS Selector - ok
22:26:59.0569 5732 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:26:59.0589 5732 ose - ok
22:26:59.0609 5732 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:26:59.0659 5732 p2pimsvc - ok
22:26:59.0689 5732 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:26:59.0739 5732 p2psvc - ok
22:26:59.0769 5732 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:26:59.0789 5732 Parport - ok
22:26:59.0819 5732 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:26:59.0839 5732 partmgr - ok
22:26:59.0849 5732 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:26:59.0879 5732 Parvdm - ok
22:26:59.0929 5732 [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
22:26:59.0939 5732 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
22:26:59.0939 5732 PassThru Service - detected UnsignedFile.Multi.Generic (1)
22:26:59.0959 5732 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:26:59.0999 5732 PcaSvc - ok
22:27:00.0009 5732 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:27:00.0029 5732 pci - ok
22:27:00.0049 5732 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:27:00.0069 5732 pciide - ok
22:27:00.0089 5732 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:27:00.0109 5732 pcmcia - ok
22:27:00.0119 5732 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:27:00.0139 5732 pcw - ok
22:27:00.0159 5732 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:27:00.0229 5732 PEAUTH - ok
22:27:00.0309 5732 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:27:00.0399 5732 pla - ok
22:27:00.0429 5732 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:27:00.0479 5732 PlugPlay - ok
22:27:00.0499 5732 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:27:00.0519 5732 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:27:00.0519 5732 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:27:00.0549 5732 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:27:00.0589 5732 PNRPAutoReg - ok
22:27:00.0599 5732 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:27:00.0629 5732 PNRPsvc - ok
22:27:00.0649 5732 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:27:00.0689 5732 PolicyAgent - ok
22:27:00.0729 5732 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:27:00.0779 5732 Power - ok
22:27:00.0829 5732 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:27:00.0869 5732 PptpMiniport - ok
22:27:00.0889 5732 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:27:00.0919 5732 Processor - ok
22:27:00.0949 5732 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:27:00.0979 5732 ProfSvc - ok
22:27:00.0999 5732 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:27:01.0019 5732 ProtectedStorage - ok
22:27:01.0049 5732 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:27:01.0099 5732 Psched - ok
22:27:01.0129 5732 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
22:27:01.0149 5732 PxHelp20 - ok
22:27:01.0179 5732 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:27:01.0239 5732 ql2300 - ok
22:27:01.0239 5732 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:27:01.0259 5732 ql40xx - ok
22:27:01.0299 5732 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:27:01.0330 5732 QWAVE - ok
22:27:01.0346 5732 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:27:01.0361 5732 QWAVEdrv - ok
22:27:01.0377 5732 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:27:01.0408 5732 RasAcd - ok
22:27:01.0439 5732 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:01.0486 5732 RasAgileVpn - ok
22:27:01.0517 5732 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:27:01.0548 5732 RasAuto - ok
22:27:01.0564 5732 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:01.0611 5732 Rasl2tp - ok
22:27:01.0641 5732 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:27:01.0691 5732 RasMan - ok
22:27:01.0711 5732 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:01.0761 5732 RasPppoe - ok
22:27:01.0781 5732 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:27:01.0821 5732 RasSstp - ok
22:27:01.0851 5732 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:27:01.0901 5732 rdbss - ok
22:27:01.0921 5732 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:27:01.0951 5732 rdpbus - ok
22:27:01.0981 5732 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:02.0021 5732 RDPCDD - ok
22:27:02.0031 5732 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:27:02.0071 5732 RDPENCDD - ok
22:27:02.0091 5732 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:27:02.0131 5732 RDPREFMP - ok
22:27:02.0161 5732 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:27:02.0191 5732 RDPWD - ok
22:27:02.0221 5732 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:27:02.0241 5732 rdyboost - ok
22:27:02.0281 5732 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:27:02.0331 5732 RemoteAccess - ok
22:27:02.0361 5732 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:27:02.0411 5732 RemoteRegistry - ok
22:27:02.0471 5732 [ 9E4C9E7AE092D29F6925691D6F08DFCB ] REN2CAP_DRIVER C:\Windows\system32\drivers\ren2cap.sys
22:27:02.0491 5732 REN2CAP_DRIVER - ok
22:27:02.0521 5732 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:27:02.0541 5732 RFCOMM - ok
22:27:02.0561 5732 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:27:02.0611 5732 RpcEptMapper - ok
22:27:02.0631 5732 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:27:02.0661 5732 RpcLocator - ok
22:27:02.0711 5732 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:27:02.0751 5732 RpcSs - ok
22:27:02.0771 5732 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:27:02.0821 5732 rspndr - ok
22:27:02.0841 5732 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:27:02.0861 5732 SamSs - ok
22:27:02.0891 5732 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:27:02.0911 5732 sbp2port - ok
22:27:02.0931 5732 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:27:02.0991 5732 SCardSvr - ok
22:27:03.0021 5732 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:27:03.0061 5732 scfilter - ok
22:27:03.0101 5732 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:27:03.0171 5732 Schedule - ok
22:27:03.0201 5732 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:27:03.0241 5732 SCPolicySvc - ok
22:27:03.0271 5732 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:27:03.0291 5732 SDRSVC - ok
22:27:03.0321 5732 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:27:03.0361 5732 secdrv - ok
22:27:03.0391 5732 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:27:03.0441 5732 seclogon - ok
22:27:03.0451 5732 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:27:03.0501 5732 SENS - ok
22:27:03.0531 5732 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:27:03.0571 5732 SensrSvc - ok
22:27:03.0571 5732 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:27:03.0591 5732 Serenum - ok
22:27:03.0621 5732 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:27:03.0651 5732 Serial - ok
22:27:03.0671 5732 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:27:03.0691 5732 sermouse - ok
22:27:03.0731 5732 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:27:03.0781 5732 SessionEnv - ok
22:27:03.0801 5732 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:27:03.0841 5732 sffdisk - ok
22:27:03.0851 5732 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:27:03.0881 5732 sffp_mmc - ok
22:27:03.0901 5732 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:27:03.0931 5732 sffp_sd - ok
22:27:03.0941 5732 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:27:03.0971 5732 sfloppy - ok
22:27:04.0011 5732 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:27:04.0051 5732 SharedAccess - ok
22:27:04.0091 5732 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:27:04.0151 5732 ShellHWDetection - ok
22:27:04.0171 5732 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:27:04.0191 5732 sisagp - ok
22:27:04.0201 5732 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:27:04.0221 5732 SiSRaid2 - ok
22:27:04.0241 5732 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:27:04.0261 5732 SiSRaid4 - ok
22:27:04.0321 5732 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:27:04.0331 5732 SkypeUpdate - ok
22:27:04.0341 5732 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:27:04.0391 5732 Smb - ok
22:27:04.0441 5732 [ BD3863C139F3380A9F44FB188FEEFC6E ] snapman C:\Windows\system32\DRIVERS\snapman.sys
22:27:04.0461 5732 snapman - ok
22:27:04.0481 5732 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:27:04.0531 5732 SNMPTRAP - ok
22:27:04.0751 5732 [ 01B4B8B721345692D53F10B584B3D5D8 ] SNP2STD C:\Windows\system32\DRIVERS\snp2sxp.sys
22:27:05.0031 5732 SNP2STD - ok
22:27:05.0061 5732 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:27:05.0081 5732 spldr - ok
22:27:05.0111 5732 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:27:05.0151 5732 Spooler - ok
22:27:05.0231 5732 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:27:05.0343 5732 sppsvc - ok
22:27:05.0359 5732 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:27:05.0406 5732 sppuinotify - ok
22:27:05.0502 5732 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1309000.009\SRTSP.SYS
22:27:05.0532 5732 SRTSP - ok
22:27:05.0552 5732 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1309000.009\SRTSPX.SYS
22:27:05.0572 5732 SRTSPX - ok
22:27:05.0602 5732 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:27:05.0642 5732 srv - ok
22:27:05.0652 5732 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:27:05.0682 5732 srv2 - ok
22:27:05.0692 5732 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:27:05.0712 5732 srvnet - ok
22:27:05.0742 5732 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:27:05.0802 5732 SSDPSRV - ok
22:27:05.0812 5732 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:27:05.0852 5732 SstpSvc - ok
22:27:05.0952 5732 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
22:27:05.0992 5732 StarMoney 8.0 OnlineUpdate - ok
22:27:06.0012 5732 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:27:06.0032 5732 stexstor - ok
22:27:06.0062 5732 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:27:06.0102 5732 StillCam - ok
22:27:06.0142 5732 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:27:06.0182 5732 StiSvc - ok
22:27:06.0212 5732 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:27:06.0232 5732 swenum - ok
22:27:06.0262 5732 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:27:06.0332 5732 swprv - ok
22:27:06.0362 5732 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1309000.009\SYMDS.SYS
22:27:06.0392 5732 SymDS - ok
22:27:06.0442 5732 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS
22:27:06.0482 5732 SymEFA - ok
22:27:06.0512 5732 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
22:27:06.0532 5732 SymEvent - ok
22:27:06.0572 5732 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1309000.009\Ironx86.SYS
22:27:06.0592 5732 SymIRON - ok
22:27:06.0612 5732 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\NIS\1309000.009\SYMNETS.SYS
22:27:06.0642 5732 SymNetS - ok
22:27:06.0672 5732 [ AF9A16163545685856FFD8B17AAA5E0B ] synasusb C:\Windows\system32\Drivers\synasusb.sys
22:27:06.0692 5732 synasusb - ok
22:27:06.0732 5732 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:27:06.0792 5732 SynTP - ok
22:27:06.0842 5732 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:27:06.0902 5732 SysMain - ok
22:27:06.0922 5732 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:27:06.0962 5732 TabletInputService - ok
22:27:06.0992 5732 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:27:07.0052 5732 TapiSrv - ok
22:27:07.0082 5732 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:27:07.0132 5732 TBS - ok
22:27:07.0182 5732 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:27:07.0232 5732 Tcpip - ok
22:27:07.0272 5732 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:27:07.0302 5732 TCPIP6 - ok
22:27:07.0332 5732 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:27:07.0362 5732 tcpipreg - ok
22:27:07.0402 5732 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:27:07.0432 5732 TDPIPE - ok
22:27:07.0472 5732 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
22:27:07.0512 5732 tdrpman273 - ok
22:27:07.0542 5732 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:27:07.0562 5732 TDTCP - ok
22:27:07.0592 5732 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:27:07.0632 5732 tdx - ok
22:27:07.0662 5732 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:27:07.0682 5732 TermDD - ok
22:27:07.0712 5732 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:27:07.0772 5732 TermService - ok
22:27:07.0802 5732 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:27:07.0832 5732 Themes - ok
22:27:07.0862 5732 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:27:07.0892 5732 THREADORDER - ok
22:27:07.0912 5732 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
22:27:07.0942 5732 timounter - ok
22:27:07.0992 5732 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
22:27:08.0012 5732 TomTomHOMEService - ok
22:27:08.0032 5732 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:27:08.0072 5732 TrkWks - ok
22:27:08.0132 5732 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:27:08.0172 5732 TrustedInstaller - ok
22:27:08.0202 5732 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:08.0242 5732 tssecsrv - ok
22:27:08.0262 5732 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:27:08.0292 5732 TsUsbFlt - ok
22:27:08.0452 5732 [ 876A1FE7A7CA957E84C3AF797F2E7FC5 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
22:27:08.0482 5732 TuneUp.UtilitiesSvc - ok
22:27:08.0552 5732 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
22:27:08.0572 5732 TuneUpUtilitiesDrv - ok
22:27:08.0592 5732 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:27:08.0642 5732 tunnel - ok
22:27:08.0662 5732 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:27:08.0682 5732 uagp35 - ok
22:27:08.0702 5732 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:27:08.0752 5732 udfs - ok
22:27:08.0792 5732 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:27:08.0822 5732 UI0Detect - ok
22:27:08.0842 5732 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:27:08.0862 5732 uliagpkx - ok
22:27:08.0892 5732 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:27:08.0922 5732 umbus - ok
22:27:08.0942 5732 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:27:08.0972 5732 UmPass - ok
22:27:08.0992 5732 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:27:09.0062 5732 upnphost - ok
22:27:09.0112 5732 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:27:09.0132 5732 usbaudio - ok
22:27:09.0172 5732 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:09.0192 5732 usbccgp - ok
22:27:09.0222 5732 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:27:09.0252 5732 usbcir - ok
22:27:09.0282 5732 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:27:09.0302 5732 usbehci - ok
22:27:09.0332 5732 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:27:09.0372 5732 usbhub - ok
22:27:09.0392 5732 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:27:09.0432 5732 usbohci - ok
22:27:09.0452 5732 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:27:09.0522 5732 usbprint - ok
22:27:09.0562 5732 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:27:09.0602 5732 usbscan - ok
22:27:09.0652 5732 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:27:09.0702 5732 USBSTOR - ok
22:27:09.0742 5732 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:27:09.0792 5732 usbuhci - ok
22:27:09.0842 5732 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:27:09.0882 5732 usbvideo - ok
22:27:09.0932 5732 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:27:09.0982 5732 UxSms - ok
22:27:10.0062 5732 [ 907C6BCE7A235B128A585040B5E7D319 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
22:27:10.0092 5732 UxTuneUp - ok
22:27:10.0122 5732 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:27:10.0142 5732 VaultSvc - ok
22:27:10.0212 5732 [ 3042933A8C350150A9EF48800746C0A3 ] VComm C:\Windows\system32\DRIVERS\VComm.sys
22:27:10.0232 5732 VComm - ok
22:27:10.0312 5732 [ 882F488458587CBAD92671E45259002A ] VcommMgr C:\Windows\system32\Drivers\VcommMgr.sys
22:27:10.0332 5732 VcommMgr - ok
22:27:10.0352 5732 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:27:10.0372 5732 vdrvroot - ok
22:27:10.0472 5732 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:27:10.0532 5732 vds - ok
22:27:10.0572 5732 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:10.0632 5732 vga - ok
22:27:10.0672 5732 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:27:10.0732 5732 VgaSave - ok
22:27:10.0792 5732 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:27:10.0832 5732 vhdmp - ok
22:27:10.0842 5732 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:27:10.0872 5732 viaagp - ok
22:27:10.0902 5732 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:27:10.0942 5732 ViaC7 - ok
22:27:10.0992 5732 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:27:11.0012 5732 viaide - ok
22:27:11.0032 5732 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:27:11.0062 5732 volmgr - ok
22:27:11.0112 5732 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:27:11.0142 5732 volmgrx - ok
22:27:11.0212 5732 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:27:11.0262 5732 volsnap - ok
22:27:11.0312 5732 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:27:11.0342 5732 vsmraid - ok
22:27:11.0492 5732 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:27:11.0582 5732 VSS - ok
22:27:11.0652 5732 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:27:11.0692 5732 vwifibus - ok
22:27:11.0722 5732 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:27:11.0762 5732 vwififlt - ok
22:27:11.0792 5732 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:27:11.0822 5732 vwifimp - ok
22:27:11.0872 5732 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:27:11.0932 5732 W32Time - ok
22:27:11.0982 5732 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:27:12.0032 5732 WacomPen - ok
22:27:12.0072 5732 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:27:12.0112 5732 WANARP - ok
22:27:12.0122 5732 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:27:12.0152 5732 Wanarpv6 - ok
22:27:12.0302 5732 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:27:12.0382 5732 wbengine - ok
22:27:12.0442 5732 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:27:12.0482 5732 WbioSrvc - ok
22:27:12.0562 5732 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:27:12.0642 5732 wcncsvc - ok
22:27:12.0672 5732 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:27:12.0942 5732 WcsPlugInService - ok
22:27:12.0962 5732 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:27:12.0982 5732 Wd - ok
22:27:13.0082 5732 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:27:13.0132 5732 Wdf01000 - ok
22:27:13.0172 5732 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:27:13.0202 5732 WdiServiceHost - ok
22:27:13.0212 5732 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:27:13.0242 5732 WdiSystemHost - ok
22:27:13.0302 5732 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:27:13.0342 5732 WebClient - ok
22:27:13.0372 5732 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:27:13.0472 5732 Wecsvc - ok
22:27:13.0512 5732 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:27:13.0572 5732 wercplsupport - ok
22:27:13.0592 5732 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:27:13.0692 5732 WerSvc - ok
22:27:13.0722 5732 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:27:13.0762 5732 WfpLwf - ok
22:27:13.0802 5732 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:27:13.0822 5732 WIMMount - ok
22:27:13.0972 5732 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:27:14.0122 5732 WinDefend - ok
22:27:14.0142 5732 WinHttpAutoProxySvc - ok
22:27:14.0332 5732 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:27:14.0392 5732 Winmgmt - ok
22:27:14.0522 5732 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:27:14.0712 5732 WinRM - ok
22:27:14.0821 5732 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:27:14.0852 5732 WinUsb - ok
22:27:15.0008 5732 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:27:15.0133 5732 Wlansvc - ok
22:27:15.0195 5732 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:27:15.0242 5732 WmiAcpi - ok
22:27:15.0304 5732 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:27:15.0367 5732 wmiApSrv - ok
22:27:15.0538 5732 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:27:15.0616 5732 WMPNetworkSvc - ok
22:27:15.0663 5732 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:27:15.0694 5732 WPCSvc - ok
22:27:15.0741 5732 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:27:15.0788 5732 WPDBusEnum - ok
22:27:15.0835 5732 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:27:15.0913 5732 ws2ifsl - ok
22:27:15.0944 5732 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:27:16.0006 5732 wscsvc - ok
22:27:16.0069 5732 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:27:16.0084 5732 WSDPrintDevice - ok
22:27:16.0131 5732 WSearch - ok
22:27:16.0412 5732 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:27:16.0521 5732 wuauserv - ok
22:27:16.0581 5732 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:27:16.0631 5732 WudfPf - ok
22:27:16.0691 5732 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:16.0751 5732 WUDFRd - ok
22:27:16.0791 5732 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:27:16.0841 5732 wudfsvc - ok
22:27:16.0911 5732 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:27:17.0001 5732 WwanSvc - ok
22:27:17.0101 5732 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
22:27:17.0231 5732 yukonw7 - ok
22:27:17.0301 5732 ================ Scan global ===============================
22:27:17.0381 5732 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:27:17.0441 5732 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:27:17.0481 5732 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:27:17.0521 5732 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:27:17.0581 5732 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:27:17.0591 5732 [Global] - ok
22:27:17.0591 5732 ================ Scan MBR ==================================
22:27:17.0611 5732 [ 273EE1C54B713D6A159355940806F408 ] \Device\Harddisk0\DR0
22:27:20.0902 5732 \Device\Harddisk0\DR0 - ok
22:27:20.0902 5732 ================ Scan VBR ==================================
22:27:20.0932 5732 [ 4BCCC702D0052D8988A3D0C6FECB6FBA ] \Device\Harddisk0\DR0\Partition1
22:27:20.0932 5732 \Device\Harddisk0\DR0\Partition1 - ok
22:27:20.0942 5732 [ CCCC354939267BFE3D7DBA74320D7925 ] \Device\Harddisk0\DR0\Partition2
22:27:20.0942 5732 \Device\Harddisk0\DR0\Partition2 - ok
22:27:20.0962 5732 [ D0CDEEB9FAD9543444044FD6A9116327 ] \Device\Harddisk0\DR0\Partition3
22:27:20.0962 5732 \Device\Harddisk0\DR0\Partition3 - ok
22:27:20.0982 5732 [ 9120ADC06DEF47504A3D229A7F6EE2DF ] \Device\Harddisk0\DR0\Partition4
22:27:20.0982 5732 \Device\Harddisk0\DR0\Partition4 - ok
22:27:21.0002 5732 [ 06481FD9FEA09E91906DACBBA0CC38F1 ] \Device\Harddisk0\DR0\Partition5
22:27:21.0002 5732 \Device\Harddisk0\DR0\Partition5 - ok
22:27:21.0022 5732 [ 2937AD95871ADB79D67AF2CCF084A47F ] \Device\Harddisk0\DR0\Partition6
22:27:21.0022 5732 \Device\Harddisk0\DR0\Partition6 - ok
22:27:21.0022 5732 ============================================================
22:27:21.0022 5732 Scan finished
22:27:21.0022 5732 ============================================================
22:27:21.0032 4320 Detected object count: 10
22:27:21.0032 4320 Actual detected object count: 10
22:28:05.0476 4320 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0476 4320 BlueSoleilCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0476 4320 BsHelpCS ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0476 4320 BsHelpCS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0476 4320 bxShield ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0476 4320 bxShield ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0491 4320 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0491 4320 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0491 4320 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0491 4320 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0491 4320 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0491 4320 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0491 4320 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0491 4320 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0491 4320 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0491 4320 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0491 4320 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0491 4320 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:05.0491 4320 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:05.0491 4320 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gruß
Walterle

Bitte CODE-Tags und keine Zitat-Tags für die Logs verwenden!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Suche.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hallo cosinus,
hier ists:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.008 - Datei am 20/11/2012 um 18:03:57 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files\SpecialSavings
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\Codecv
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\***\AppData\Local\Conduit
Ordner Gefunden : C:\Users\***\AppData\Local\Savings Sidekick
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\LocalLow\Codecv
Ordner Gefunden : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\***\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SpecialSavings
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Cr_Installer
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b

-\\ Mozilla Firefox v10.0.1 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\prefs.js

Gefunden : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...]
Gefunden : user_pref("browser.search.selectedEngine", "Claro Search");
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP[...]
Gefunden : user_pref("extensions.4f905a5fb08c2.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=112477");
Gefunden : user_pref("extensions.BabylonToolbar.bbDpng", 22);
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Gefunden : user_pref("extensions.BabylonToolbar.hmpg", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "5e2e6a4a00000000000018a905a1d60b");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15452");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 22);
Gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1715:44:09");
Gefunden : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
Gefunden : user_pref("extensions.BabylonToolbar.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Gefunden : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.propectorlck", 73662391);
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1715:44:09");
Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112477");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "5e2e6a4a00000000000018a905a1d60b");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "5e2e6a4a00000000000018a905a1d60b");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15452");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114508&tt=431[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:44:09");
Gefunden : user_pref("extensions.claro.admin", false);
Gefunden : user_pref("extensions.claro.aflt", "babsst");
Gefunden : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gefunden : user_pref("extensions.claro.dfltLng", "en");
Gefunden : user_pref("extensions.claro.excTlbr", false);
Gefunden : user_pref("extensions.claro.id", "5e2e6a4a00000000000018a905a1d60b");
Gefunden : user_pref("extensions.claro.instlDay", "15637");
Gefunden : user_pref("extensions.claro.instlRef", "sst");
Gefunden : user_pref("extensions.claro.prdct", "claro");
Gefunden : user_pref("extensions.claro.prtnrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrId", "claro");
Gefunden : user_pref("extensions.claro.tlbrSrchUrl", "");
Gefunden : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gefunden : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gefunden : user_pref("extensions.claro_i.smplGrp", "none");
Gefunden : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:01:04");
Gefunden : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114508&tt=4312_7&babsrc=KW_clro&mntrId=[...]

*************************

AdwCleaner[R1].txt - [12766 octets] - [20/11/2012 18:03:57]

########## EOF - C:\AdwCleaner[R1].txt - [12827 octets] ##########
         

Gruß
Walterle

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Löschen.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in CODE-Tags hier in den Thread.

Hallo cosinus,
als erste die Datei nach dem Löschen mit adwCleaner:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.008 - Datei am 20/11/2012 um 20:40:11 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\Program Files\SpecialSavings
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Codecv
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\Savings Sidekick
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Codecv
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Savings Sidekick
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SpecialSavings
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Mozilla Firefox v10.0.1 (de)

Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=114508&tt=4312_6&babsrc=HP[...]
Gelöscht : user_pref("extensions.4f905a5fb08c2.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=112477");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 22);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "5e2e6a4a00000000000018a905a1d60b");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15452");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 22);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1715:44:09");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 73662391);
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1715:44:09");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112477");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "5e2e6a4a00000000000018a905a1d60b");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "5e2e6a4a00000000000018a905a1d60b");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15452");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114508&tt=431[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:44:09");
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "5e2e6a4a00000000000018a905a1d60b");
Gelöscht : user_pref("extensions.claro.instlDay", "15637");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrId", "claro");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.3.10");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.3.10");
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:01:04");
Gelöscht : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114508&tt=4312_7&babsrc=KW_clro&mntrId=[...]

*************************

AdwCleaner[R1].txt - [12897 octets] - [20/11/2012 18:03:57]
AdwCleaner[S1].txt - [12454 octets] - [20/11/2012 20:40:11]

########## EOF - C:\AdwCleaner[S1].txt - [12515 octets] ##########
         

dann die OTL.txt:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 20.11.12 20:48:52 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,97 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,13% Memory free
5,93 Gb Paging File | 4,67 Gb Available in Paging File | 78,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 43,14 Gb Free Space | 44,17% Space Free | Partition Type: NTFS
Drive D: | 90,87 Gb Total Space | 69,61 Gb Free Space | 76,61% Space Free | Partition Type: NTFS
Drive E: | 90,00 Gb Total Space | 27,58 Gb Free Space | 30,65% Space Free | Partition Type: NTFS
Drive F: | 100,84 Gb Total Space | 73,30 Gb Free Space | 72,69% Space Free | Partition Type: NTFS
Drive S: | 86,29 Gb Total Space | 63,28 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
 
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Programme\Folder Shield\FSService.exe ()
PRC - C:\Programme\Folder Shield\fsp.exe ()
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\tsnp2std.exe (SONIX)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Windows\System32\emaudsv.exe (E-MU Systems)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll ()
MOD - C:\Programme\NORTON INTERNET SECURITY\ENGINE\20.1.1.2\wincfi39.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.18374__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.18350__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.18446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.18369__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.18360__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.18427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.18360__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.18419__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.18472__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.18470__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.18406__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.18409__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.18377__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.18439__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3503.18363__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3503.18402__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.18383__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.18382__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.18478__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.18344__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.18356__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.18368__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.18465__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.18463__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.18348__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.18347__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.18464__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3503.18346__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.18345__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Folder Shield\fsp.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DragonSvc) -- C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (odserv) -- C:\Programme\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (OS Selector) -- C:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (FSService) -- C:\Programme\Folder Shield\FSService.exe ()
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (emaudsv) -- C:\Windows\System32\emaudsv.exe (E-MU Systems)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (ose) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121119.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121119.022\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121119.022\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1401010.002\SRTSP.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1401010.002\SYMEFA.SYS (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1401010.002\ccSetx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1401010.002\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1401010.002\Ironx86.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\Drivers\NIS\1401010.002\SYMNETS.SYS (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1401010.002\SRTSPX.SYS (Symantec Corporation)
DRV - (REN2CAP_DRIVER) -- C:\Windows\System32\drivers\ren2cap.sys ()
DRV - (afcdp) -- C:\Windows\System32\DRIVERS\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\DRIVERS\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\DRIVERS\snapman.sys (Acronis)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (hpdskflt) -- C:\Windows\System32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\tsusbflt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation)
DRV - (synasusb) -- C:\Windows\System32\Drivers\synasusb.sys (Steinberg Media Technologies GmbH)
DRV - (htcnprot) -- C:\Windows\System32\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (bxShield) -- C:\Windows\System32\Drivers\bxShield.sys (Alfa Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys (LSI Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\DRIVERS\NETw5s32.sys (Intel Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (yukonw7) -- C:\Windows\System32\DRIVERS\yk62x86.sys ()
DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\Windows\System32\Drivers\btnetBus.sys ()
DRV - (IvtBtBUs) -- C:\Windows\System32\Drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys (IVT Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\DRIVERS\vwifimp.sys (Microsoft Corporation)
DRV - (5U876UVC) -- C:\Windows\System32\DRIVERS\5U876.sys (Ricoh co.,Ltd.)
DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\DRIVERS\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (HpqKbFiltr) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SNP2STD) -- C:\Windows\System32\DRIVERS\snp2sxp.sys ()
DRV - (emusba10) -- C:\Windows\System32\DRIVERS\emusba10.sys (E-MU Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F E2 0E 26 70 6D CC 01  [binary data]
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4312_6&babsrc=SP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: organize-search-engines@maltekraus.de:1.7
FF - prefs.js..extensions.enabledAddons: 4f905a5fb08bc@4f905a5fb08bd.info:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.08 13:42:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012.11.20 20:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.02 19:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012.07.18 19:36:36 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.20 08:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.16 20:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 13:07:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 19:28:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.08 13:42:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\extensions\firejump@firejump.net
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 19:28:47 | 000,000,000 | ---D | M]
 
[2011.12.05 07:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.12.05 07:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.08 17:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions
[2012.07.10 17:41:46 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66}
[2012.10.31 17:54:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.22 14:46:07 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\4f905a5fb08bc@4f905a5fb08bd.info
[2012.10.02 09:18:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\foxmarks@kei.com
[2012.10.31 13:02:22 | 000,000,000 | ---D | M] (Winstripe Toolbar Icons) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\winstripe@largrizzly
[2012.02.06 19:53:17 | 000,263,348 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\langpack-de@firefox.mozilla.org.xpi
[2012.03.12 21:59:19 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\organize-search-engines@maltekraus.de.xpi
[2012.10.31 13:02:22 | 000,065,701 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\winstripe@largrizzly.xpi
[2012.07.25 06:09:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.11.16 18:44:04 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi
[2012.09.13 19:57:33 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.11.07 22:37:24 | 000,001,276 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\ixquick-https---deutsch.xml
[2012.11.07 20:57:04 | 000,002,217 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\s-amazon-de.xml
[2012.11.07 22:37:24 | 000,003,712 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\youtube.xml
[2012.09.13 13:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions
[2012.09.13 13:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.01.02 19:13:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.13 13:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.07 22:37:24 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.07 22:37:24 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.07 22:37:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.07 22:37:24 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.07 20:57:04 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.07 22:37:24 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Programme\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [ClocX] C:\Programme\ClocX\ClocX.exe (BonSoft)
O4 - HKLM..\Run: [fsp] C:\Programme\Folder Shield\fsp.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX)
O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [E-MU USB Audio Control Panel] C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems)
O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MICROS~2\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {45FE4418-F85F-45F0-BCAA-68C334FA6E08} file:///C:/Users/***/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/AGEphoneGadget.gadget/sipd.ocx (Sipd Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D71AEE-4623-4841-BCCE-C4AE71CF4057}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE4E7D4B-DE9B-47A5-82DE-258588830B07}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | -HS- | M] () - S:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{95355816-d954-11e0-adea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95355816-d954-11e0-adea-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.17 09:46:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.17 09:08:15 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.17 09:08:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.17 09:07:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.17 09:07:22 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.17 09:07:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.17 09:04:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.17 09:04:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.17 09:04:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.17 09:04:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.17 09:04:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.17 09:04:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.17 09:04:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.17 09:04:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.17 09:00:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.17 09:00:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.17 09:00:52 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.17 09:00:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.17 09:00:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.17 09:00:46 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.17 09:00:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 15:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012.11.12 22:19:44 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.11.12 22:19:44 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.11.11 16:37:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\bluesoleil
[2012.11.11 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation
[2012.11.10 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth
[2012.11.09 15:06:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.11.09 15:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.09 15:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.09 15:06:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.09 15:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.07 22:37:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2012.11.07 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DVDVideoSoft_Ltd
[2012.11.07 20:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.11.07 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.11.07 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.11.07 20:57:07 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2012.11.07 20:57:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.11.07 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS
[2012.11.06 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Catalog
[2012.11.02 17:35:02 | 000,000,000 | ---D | C] -- C:\tmp
[2012.11.02 12:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Catalog
[2012.11.02 12:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Catalog
[2012.11.02 11:56:45 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.11.02 11:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2012.11.02 11:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2012.10.31 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Free
[2012.10.31 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\test01
[2012.10.31 15:02:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\cef_data
[2012.10.31 14:47:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\iSpring Solutions
[2012.10.31 14:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Converter
[2012.10.31 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iSpring Solutions
[2012.10.31 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\iSpring
[2012.10.30 10:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2012.10.30 10:08:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 6
[2012.10.29 19:49:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\VoipCheapCom
[2012.10.29 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.28 18:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012.10.28 18:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23Live
[2012.10.28 18:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\No23Live
[2012.10.28 17:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.28 17:28:41 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.28 17:28:41 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.28 17:28:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.28 17:28:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.28 17:28:03 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.28 13:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2012.10.27 21:36:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2012.10.26 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools
[2012.10.26 15:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTools
[2012.10.26 15:57:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SmartTools
[2012.10.25 18:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\QsDriveInfo
[2012.10.25 07:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Z-Manufaktur
[2012.10.25 07:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z-Cron
[2012.10.25 07:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Z-Cron
[2012.10.24 20:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje Sevenbar
[2012.10.24 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.10.24 11:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit
[2012.10.24 11:06:31 | 000,000,000 | ---D | C] -- C:\MP3Toolkit
[2012.10.23 19:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012.10.23 19:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2012.10.23 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ODUI
[2012.10.23 16:35:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Stardock
[2012.10.23 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Stardock
[2012.10.23 16:35:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Stardock
[2012.10.23 16:35:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2012.10.23 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012.10.23 16:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2012.10.23 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
[2012.10.22 19:05:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KeePass
[2012.10.22 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.20 20:50:44 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 20:50:44 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 20:44:32 | 000,005,063 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2012.11.20 20:43:18 | 000,000,931 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2012.11.20 20:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 20:42:55 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 19:17:21 | 000,712,954 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.20 19:17:21 | 000,657,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.20 19:17:21 | 000,153,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.20 19:17:21 | 000,125,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.20 18:00:19 | 000,543,531 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.20 08:46:42 | 001,442,879 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\Cat.DB
[2012.11.20 08:46:12 | 000,013,946 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\VT20121114.016
[2012.11.20 08:44:33 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.11.20 08:44:33 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.11.20 08:44:33 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.11.18 16:20:09 | 000,000,344 | -H-- | M] () -- C:\Users\***\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
[2012.11.18 16:20:09 | 000,000,344 | -H-- | M] () -- C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c
[2012.11.17 18:37:06 | 000,000,107 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2012.11.17 10:05:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.17 09:57:14 | 000,413,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.16 10:01:03 | 000,043,008 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.11 18:25:48 | 000,000,208 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2012.11.11 17:02:50 | 000,003,475 | ---- | M] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT
[2012.11.11 16:44:45 | 000,000,892 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI
[2012.11.11 16:33:36 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2012.11.11 16:33:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\BSPRINT.INI
[2012.11.10 14:00:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0
[2012.11.08 18:11:59 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.08 18:11:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.06 21:15:34 | 000,595,512 | ---- | M] () -- C:\Users\***\Documents\alle.ac
[2012.11.02 12:39:39 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk
[2012.11.02 11:50:01 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.10.30 12:01:26 | 000,001,212 | ---- | M] () -- C:\Users\***\Desktop\Calculator.lnk
[2012.10.30 11:58:18 | 000,002,685 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2012.10.30 11:58:11 | 000,002,679 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.10.30 10:15:09 | 000,000,045 | ---- | M] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2012.10.29 19:14:04 | 000,001,055 | ---- | M] () -- C:\Users\***\Desktop\KeePass.lnk
[2012.10.28 17:27:55 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.28 17:27:54 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.28 17:27:54 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.10.28 17:27:54 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.28 17:27:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.28 17:27:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.25 20:38:01 | 000,000,459 | ---- | M] () -- C:\Users\***\AppData\Roaming\Drives Meter_Settings.ini
[2012.10.25 07:26:45 | 000,001,038 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
[2012.10.23 16:35:51 | 000,002,050 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.20 18:00:51 | 000,543,531 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.17 10:05:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.17 09:08:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 09:07:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.11 16:43:30 | 000,000,892 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2012.11.11 16:42:29 | 000,000,208 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2012.11.11 16:40:29 | 000,005,063 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2012.11.11 16:40:27 | 000,000,107 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2012.11.11 16:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2012.11.10 14:00:58 | 000,000,032 | ---- | C] () -- C:\Windows\0
[2012.11.10 14:00:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\0
[2012.11.07 20:57:07 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.11.06 19:52:34 | 000,595,512 | ---- | C] () -- C:\Users\***\Documents\alle.ac
[2012.11.02 11:56:22 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012.10.31 19:07:42 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk
[2012.10.31 14:47:03 | 000,000,344 | -H-- | C] () -- C:\Users\***\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
[2012.10.31 14:47:03 | 000,000,344 | -H-- | C] () -- C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c
[2012.10.30 11:59:35 | 000,001,212 | ---- | C] () -- C:\Users\***\Desktop\Calculator.lnk
[2012.10.30 11:57:54 | 000,002,679 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.10.30 11:57:30 | 000,002,685 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2012.10.27 21:36:20 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.10.25 20:37:28 | 000,000,459 | ---- | C] () -- C:\Users\***\AppData\Roaming\Drives Meter_Settings.ini
[2012.10.25 07:26:44 | 000,001,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
[2012.10.23 16:35:51 | 000,002,050 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012.10.22 19:04:29 | 000,001,055 | ---- | C] () -- C:\Users\***\Desktop\KeePass.lnk
[2012.10.05 21:08:37 | 000,003,475 | ---- | C] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT
[2012.03.08 19:17:51 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
[2011.10.07 11:48:47 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011.10.07 11:48:46 | 012,067,328 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2011.10.07 11:48:46 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2011.10.07 11:48:45 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2011.10.07 11:48:45 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2011.09.16 18:27:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.09.16 18:19:13 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.09.16 18:09:58 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2011.09.16 18:08:08 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2011.09.16 18:08:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2011.09.16 17:28:32 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI
[2011.09.09 12:36:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2011.09.08 13:58:14 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011.09.08 13:33:47 | 000,266,126 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.09.08 11:57:37 | 000,043,008 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.07 16:16:26 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2011.09.07 14:28:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.11 09:41:08 | 003,181,056 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011.03.07 04:08:32 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.02.15 14:30:10 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 344 bytes -> C:\ProgramData:iSpring Converter 6
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17

< End of report >
         

und zum Schluss die Extra.txt vom OTL:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 20.11.12 20:48:52 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,97 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,13% Memory free
5,93 Gb Paging File | 4,67 Gb Available in Paging File | 78,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 43,14 Gb Free Space | 44,17% Space Free | Partition Type: NTFS
Drive D: | 90,87 Gb Total Space | 69,61 Gb Free Space | 76,61% Space Free | Partition Type: NTFS
Drive E: | 90,00 Gb Total Space | 27,58 Gb Free Space | 30,65% Space Free | Partition Type: NTFS
Drive F: | 100,84 Gb Total Space | 73,30 Gb Free Space | 72,69% Space Free | Partition Type: NTFS
Drive S: | 86,29 Gb Total Space | 63,28 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
 
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0616E526-C631-4A67-8B7A-E5E788BB508E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0B288524-F54C-4277-934C-B88713971AA7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0B687A92-E6FC-4BCB-AE29-281D01D58520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{29CA6D84-546A-4CCA-8043-434BEB7FCD06}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{2B0B28CE-2C56-46DB-9A34-4AF0B05DDEE2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{319802FD-56C5-4481-9BAF-B5A746B0C04C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{43E4B403-5834-4E1A-9FFC-30732C0B21C2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{5121BE17-C5E2-48E2-BB8A-A7033A1729B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51C758B6-7D53-4A93-9F3A-6F4FB64012AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DC02D63-E73C-44F9-BE8B-A12F3928B996}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6855C7EC-0FD8-443A-965D-4269D9D4C0DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80028D11-C30E-4FD6-A270-1843E411BD78}" = lport=445 | protocol=6 | dir=in | app=system | 
"{805CFF84-D850-4C33-8082-AACBD3989ED5}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{87473261-8281-4A52-89D6-3E7504041784}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9C1E467E-657F-431B-AB31-032FF8367C89}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AF72C89B-8F2B-4786-80CF-2CD6A820BFAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C47C6859-5B45-4908-8234-BFCD6DB17F4F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C7C2BC88-D6FA-4A7E-82A1-540B7152EC8E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CB62A167-FCE8-4DE9-BE42-084FAB8C2837}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB992B7C-A5CE-4885-92BB-69B294BE2591}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E72351F9-863B-4EA7-954C-01B4DBBFB9F5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EBA9079E-4EA4-416C-977E-322DED27D5E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEE42C07-145A-4C3C-9F08-2DF6AF5E8C6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF05DBB7-5966-4A50-B6B8-FBAB30DF83D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D30FE61-E2D5-43E8-8D0C-64ADF0B0D3B2}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{0F62EFF3-F25C-458C-8CD1-F4D7EEE26FE0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1148DCF2-17ED-4CF9-A718-7C8DCAF4D70B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{11FBA8D8-BCB6-4FA0-9B4A-E2D74F631FB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{128BC5AF-5083-458E-A183-8674019F61FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1477C25C-9435-45FD-A426-0F143D0972AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{159F367F-A362-4BAB-9EB4-14A1D088F4CF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{1C40ED13-9BED-4396-8842-938C6CCAF703}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{2C94EFF8-3104-4937-859E-3AEC6D474995}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{40AD6449-1BA5-41F1-92D9-1819B1326ACA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{44DCF29B-D4C6-40F9-98C9-4D8A98451348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49A11033-BBED-4D64-8A8F-78011E31F86B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{4A8C5F3E-C7F5-413B-B9CF-A71B24C34AA2}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{4B93733D-480E-4101-AFFF-8E9830D6B453}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{59BCAA14-AA03-4DC8-B28B-CF51A214FE95}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5B6118B6-3FA4-4825-A362-8CD35BB04B7A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{5EF6A497-0570-4FAB-8567-AC5D6BF36F52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{64E546B5-D400-4569-922D-44576BDBE08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6522107C-DA95-44DA-9921-8A3D68AC114E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{67A1FF9A-4A43-4BB5-AD30-E162127A15C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{6905BBCF-34F0-4CE9-83BF-F9CBBD7FE915}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EB87608-B903-442A-B7E1-F1E6753DCE9D}" = protocol=6 | dir=out | app=system | 
"{768C9BFC-1E0F-4C2A-B017-38A8F069465C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83F62607-385D-4CAD-B1D0-5C4A215B6921}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CDBF70D-5208-4233-B0D8-5D8ECE271E71}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{8FB9017E-A34E-4BBA-97B4-F3BB2EA251DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9C0FEB8A-9009-4B02-9758-676FD4A8AB31}" = dir=in | app=g:\setup\hpznui01.exe | 
"{9D860E84-F701-486C-A8E1-16FE8ACF726D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{A0DFD739-2B65-4C13-955B-738612069886}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A1E9F298-9E22-4888-8D7C-3DE1C2A45296}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AA8BB77E-5C1C-46DE-A846-2C007F1AE432}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B1E6F5F7-7DD0-4134-90B5-56DBC2D687A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B528C05A-54FF-4BC8-9C7F-2B1B3C6903D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B6388334-2183-45C1-A612-276D0AB22B60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B88E2BBF-260C-4E0F-B8D2-723F140FBF86}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BBD7F6EF-22C1-4FE6-9F4F-755A1BB0CC4D}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{BC60120B-F08F-43CD-BE6E-555B230AEA08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0B5902A-4B07-4228-BD6C-45004FDCD471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{C720647C-A19F-43D0-91E5-85D4B94A8F8A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{D4DBAC9B-1862-4FB8-AEDC-A61403F9A186}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{DF974FF8-9E0E-4DAE-A0BE-4A460A38F9AD}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{E11E79C8-D037-433D-955A-F4287993CE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E84B337E-8A01-4D6A-9C5D-F0AE45449200}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{EC55E450-8990-41E5-A4CA-CDCA1090548C}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{F340909E-8A79-495F-81F7-E994EB49C279}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{F5393D03-D19C-43B4-A983-855AD75708F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{F54D7530-BE57-4C54-A594-16966CFFE86C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{F79F6054-3CC6-423D-9D3F-8E7BE89A658A}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F7F91E2D-24C6-490D-96F3-6D0DC9B4641B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FD8A4587-22AC-4DC8-A285-3C87E600F08F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{A0D62E6E-C4FA-4E86-BED4-B44EDF5A7AC9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{CBF1E633-7F35-48FB-B050-8EE210BC5404}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{069F0828-F359-3DF0-B58E-39C23176F9B8}" = Microsoft .NET Framework 4.5 DEU Language Pack RC
"{06E34C00-0446-4176-81C8-A5DAFE53CA36}" = Acronis*Disk*Director*11*Home
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C99893D-BC98-4456-AA3E-B67AB42301A6}" = E-MU USB Audio
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{25887983-54F3-4F55-A7C5-91229AD67C16}" = Bluesoleil 5.4.277.0
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1" = Hear
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{594A6CDC-27E8-4E2D-BCD3-CC8B95A4351E}" = iSpring Free 6
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6A1482E0-7119-4A66-BBF1-FFD95A6BA16C}" = No23Live
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6A29D1-16FA-49CB-9262-17052F5AFE01}" = GMinder
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack RC
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-1148-0407-0000-0000000FF1CE}" = Microsoft Office Web Apps Browser Plugin
"{9624502C-3D39-41A0-8917-858EC16769CE}" = KORG M1 Le
"{982F1EE0-C5C1-43F3-8355-E64A8D0F465A}" = NetObjects Fusion 11.0
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2FF231-AE68-4DB1-8003-5745D895388B}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A669A70D-2E2C-37D5-A025-E1CB61F2CC96}" = Microsoft .NET Framework 4.5 RC
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}" = Lexware zeitmanagement 2011
"{B0344B38-378B-47E0-BDCC-977785D24768}" = Integrated Camera Driver Installer Package Ver.1.30.110.0
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6200FF8-999D-4C58-9047-08D2E065BDBB}" = Steinberg Cubase 6
"{C9A41E0E-74F0-4984-B1BC-FBEA2C982F1F}" = StarMoney 8.0 
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CF3F421E-E735-48B5-A228-37CC53AF035B}" = iSpring Converter 6
"{D218EA3E-E9E6-4BB3-BA85-5B091058332D}" = klickTel Routenplaner Deutschland und Europa 2009
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D83A3BAA-8450-48DA-96F9-EF8BEF386768}" = GPS-Mate für Windows V2.4.7
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"{EF7800A8-575E-4776-95A5-A9D904A85D5F}" = Steinberg HALion Sonic SE
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney
"{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}" = Z-Cron
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.2
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Audio Catalog_is1" = Audio Catalog 4.4
"BackUp Maker_is1" = BackUp Maker v6.3
"ClocX" = ClocX (1.5b2)
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Der Mondkalender" = Der Mondkalender
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Setup" = DivX-Setup
"eLicenser Control" = eLicenser Control
"FileZilla Client" = FileZilla Client 3.5.3
"Folder Shield" = Folder Shield 2.0.2.0
"Foxit Reader" = Foxit Reader
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.27.1031
"FreeCommander_is1" = FreeCommander 2009.02b
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Kalender-Excel-8.8_is1" = Kalender-Excel-8.8
"KeePass Password Safe_is1" = KeePass Password Safe 1.24
"LAME_is1" = LAME v3.99.3 (for Windows)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Toolkit_is1" = MP3 Toolkit 1.0.4
"MPE" = MyPhoneExplorer
"Newsletter Software SuperMailer_is1" = SuperMailer 6.01
"NIS" = Norton Internet Security
"No23Live" = No23Live
"ObjectDock Free" = ObjectDock Free
"PhotoFactory" = PhotoFactory
"PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.2
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"RocketDock_is1" = RocketDock 1.3.5
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SmartToolsMini-Kalenderv2.00" = SmartTools Publishing • Word Mini-Kalender
"SuperMailer_is1" = SuperMailer 5.72
"Synchredible_is1" = Synchredible v3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.12 14:44:19 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.07.12 14:44:39 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.07.12 14:44:45 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.07.12 14:44:48 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.07.12 14:45:30 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 18.07.12 16:44:06 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6661.5000 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: d68    Startzeit: 01cd652548129423    Endzeit: 0    Anwendungspfad: C:\Program
 Files\Microsoft Office\Office12\WINWORD.EXE    Berichts-ID: 368deefe-d119-11e1-9f14-002713cd2d73

 
Error - 22.07.12 05:01:02 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 10.0.1.4421,
 Zeitstempel: 0x4f32aa55  Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fe21212  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x65619973  ID des fehlerhaften Prozesses: 0x138c  Startzeit der fehlerhaften Anwendung:
 0x01cd67e6cac64db5  Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll  Berichtskennung: c2ac46a2-d3db-11e1-a2e4-002713cd2d73
 
Error - 29.07.12 15:16:03 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 14.0.0.4577,
 Zeitstempel: 0x5000a8e8  Name des fehlerhaften Moduls: xul.dll, Version: 14.0.0.4577,
 Zeitstempel: 0x5000a816  Ausnahmecode: 0xc0000005  Fehleroffset: 0x008f5a53  ID des fehlerhaften
 Prozesses: 0xe9c  Startzeit der fehlerhaften Anwendung: 0x01cd6dbd76ee7620  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 d6414060-d9b1-11e1-a237-002713cd2d73
 
Error - 08.08.12 14:55:01 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 1198    Startzeit: 01cd7582db48e424    Endzeit: 15    Anwendungspfad: 
C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe    Berichts-ID:   
 
Error - 08.08.12 15:01:04 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: dd8    Startzeit: 01cd759757fc0fcb    Endzeit: 23    Anwendungspfad: C:\Program
 Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe    Berichts-ID: 6180e4df-e18b-11e1-a276-002713cd2d73

 
Error - 08.08.12 16:46:02 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 1448    Startzeit: 01cd75982bd9c876    Endzeit: 47    Anwendungspfad: 
C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe    Berichts-ID:   
 
[ OSession Events ]
Error - 20.05.12 15:36:40 | Computer Name = ***-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 370
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.11.12 14:17:43 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7030
Description = Der Dienst "TomTomHOMEService" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 20.11.12 14:52:21 | Computer Name = ***-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
 
Error - 20.11.12 14:52:22 | Computer Name = ***-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
 
Error - 20.11.12 14:52:23 | Computer Name = ***-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
 
Error - 20.11.12 15:43:03 | Computer Name = ***-Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 20.11.12 15:43:03 | Computer Name = ***-Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 20.11.12 15:43:08 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%87
 
Error - 20.11.12 15:43:12 | Computer Name = ***-Notebook | Source = Microsoft-Windows-TaskScheduler | ID = 701
Description = Die Aufgabenplanungdienst konnte das Aufgabenkompatibilitätsmodul 
nicht starten. Unter älteren Windows-Versionen können Aufgaben möglicherweise nicht
 registriert werden. Zusätzliche Daten: Fehlerwert: 2147942487
 
Error - 20.11.12 15:43:12 | Computer Name = ***-Notebook | Source = Microsoft-Windows-TaskScheduler | ID = 701
Description = Die Aufgabenplanungdienst konnte das Aufgabenkompatibilitätsmodul 
nicht starten. Unter älteren Windows-Versionen können Aufgaben möglicherweise nicht
 registriert werden. Zusätzliche Daten: Fehlerwert: 2147942487
 
Error - 20.11.12 15:47:40 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         

Gruß und Dank
Walterle

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4312_6&babsrc=SP_clro&mntrId=5e2e6a4a00000000000018a905a1d60b
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
[2012.11.11 16:33:36 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2012.11.10 14:00:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\0
[2012.10.31 14:47:03 | 000,000,344 | -H-- | C] () -- C:\Users\***\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c
[2012.10.31 14:47:03 | 000,000,344 | -H-- | C] () -- C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c
@Alternate Data Stream - 344 bytes -> C:\ProgramData:iSpring Converter 6
@Alternate Data Stream - 242 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0E08FC17
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo cosinus,
so sieht das Logfile nach dem fixen aus:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Windows\0 moved successfully.
C:\Windows\System32\0 moved successfully.
C:\Users\***\AppData\Roaming\15a05a1824a8793fae296ac6f79b78023a0c9d3c moved successfully.
C:\ProgramData\15a05a1824a8793fae296ac6f79b78023a0c9d3c moved successfully.
ADS C:\ProgramData:iSpring Converter 6 deleted successfully.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
ADS C:\ProgramData\TEMP:BC359956 deleted successfully.
ADS C:\ProgramData\TEMP:0E08FC17 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 503376232 bytes
->Temporary Internet Files folder emptied: 368417439 bytes
->Java cache emptied: 1153488 bytes
->FireFox cache emptied: 73033343 bytes
->Flash cache emptied: 120358 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19820141 bytes
RecycleBin emptied: 807619328 bytes
 
Total Files Cleaned = 1.691,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11202012_214559

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Gruß
Walterle

Hallo cosinus,
vielleicht hat es ja (noch) nichts zu sagen,
aber bis jetzt hat sich nichts geändert.
Dies Bild ist von heute Morgen:



Gruß
Walterle

Eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in CODE-Tags in den Thread.

Hallo,

die OTL.txt:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 21.11.12 14:15:20 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,97 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,79% Memory free
5,93 Gb Paging File | 3,99 Gb Available in Paging File | 67,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 42,98 Gb Free Space | 44,01% Space Free | Partition Type: NTFS
Drive D: | 90,87 Gb Total Space | 69,61 Gb Free Space | 76,61% Space Free | Partition Type: NTFS
Drive E: | 90,00 Gb Total Space | 28,33 Gb Free Space | 31,48% Space Free | Partition Type: NTFS
Drive F: | 100,84 Gb Total Space | 73,30 Gb Free Space | 72,69% Space Free | Partition Type: NTFS
Drive S: | 86,29 Gb Total Space | 63,28 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
 
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Programme\Folder Shield\FSService.exe ()
PRC - C:\Programme\Folder Shield\fsp.exe ()
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\tsnp2std.exe (SONIX)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Windows\System32\emaudsv.exe (E-MU Systems)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll ()
MOD - C:\Programme\NORTON INTERNET SECURITY\ENGINE\20.1.1.2\wincfi39.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (MCLIENT) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DragonSvc) -- C:\Programme\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (odserv) -- C:\Programme\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (OS Selector) -- C:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (FSService) -- C:\Programme\Folder Shield\FSService.exe ()
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (BlueSoleilCS) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe (IVT Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (emaudsv) -- C:\Windows\System32\emaudsv.exe (E-MU Systems)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (ose) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymEvent) -- C:\Windows\System32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20121120.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121120.022\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121120.022\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1402000.013\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1402000.013\SYMDS.SYS (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1402000.013\ccSetx86.sys (Symantec Corporation)
DRV - (ccSet_MCLIENT) -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1402000.013\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1401010.002\SRTSP.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\Drivers\NIS\1401010.002\SYMNETS.SYS (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1402000.013\SRTSPX.SYS (Symantec Corporation)
DRV - (REN2CAP_DRIVER) -- C:\Windows\System32\drivers\ren2cap.sys ()
DRV - (afcdp) -- C:\Windows\System32\DRIVERS\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\DRIVERS\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\DRIVERS\snapman.sys (Acronis)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (hpdskflt) -- C:\Windows\System32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\tsusbflt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\DRIVERS\WinUsb.sys (Microsoft Corporation)
DRV - (synasusb) -- C:\Windows\System32\Drivers\synasusb.sys (Steinberg Media Technologies GmbH)
DRV - (htcnprot) -- C:\Windows\System32\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (bxShield) -- C:\Windows\System32\Drivers\bxShield.sys (Alfa Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys (LSI Corporation)
DRV - (NETw5s32) -- C:\Windows\System32\DRIVERS\NETw5s32.sys (Intel Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (yukonw7) -- C:\Windows\System32\DRIVERS\yk62x86.sys ()
DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys (IVT Corporation.)
DRV - (btnetBUs) -- C:\Windows\System32\Drivers\btnetBus.sys ()
DRV - (IvtBtBUs) -- C:\Windows\System32\Drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys (IVT Corporation.)
DRV - (atikmdag) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\DRIVERS\vwifimp.sys (Microsoft Corporation)
DRV - (5U876UVC) -- C:\Windows\System32\DRIVERS\5U876.sys (Ricoh co.,Ltd.)
DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\DRIVERS\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (HpqKbFiltr) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SNP2STD) -- C:\Windows\System32\DRIVERS\snp2sxp.sys ()
DRV - (emusba10) -- C:\Windows\System32\DRIVERS\emusba10.sys (E-MU Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F E2 0E 26 70 6D CC 01  [binary data]
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1570183454-3301363139-286937864-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: organize-search-engines@maltekraus.de:1.7
FF - prefs.js..extensions.enabledAddons: 4f905a5fb08bc@4f905a5fb08bd.info:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.08 13:42:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012.11.21 09:59:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.02 19:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012.07.18 19:36:36 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.20 08:49:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.16 20:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 13:07:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 19:28:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.08 13:42:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\ProgramData\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\extensions\extension@preispilot.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3yq8b37q.default\extensions\firejump@firejump.net
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.29 19:28:47 | 000,000,000 | ---D | M]
 
[2011.12.05 07:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.12.05 07:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.08 17:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions
[2012.07.10 17:41:46 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66}
[2012.10.31 17:54:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.04.22 14:46:07 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\4f905a5fb08bc@4f905a5fb08bd.info
[2012.10.02 09:18:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\foxmarks@kei.com
[2012.10.31 13:02:22 | 000,000,000 | ---D | M] (Winstripe Toolbar Icons) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3yq8b37q.default\extensions\winstripe@largrizzly
[2012.02.06 19:53:17 | 000,263,348 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\langpack-de@firefox.mozilla.org.xpi
[2012.03.12 21:59:19 | 000,113,783 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\organize-search-engines@maltekraus.de.xpi
[2012.10.31 13:02:22 | 000,065,701 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\winstripe@largrizzly.xpi
[2012.07.25 06:09:34 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.11.16 18:44:04 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi
[2012.09.13 19:57:33 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.11.07 22:37:24 | 000,001,276 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\ixquick-https---deutsch.xml
[2012.11.07 20:57:04 | 000,002,217 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\s-amazon-de.xml
[2012.11.07 22:37:24 | 000,003,712 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\3yq8b37q.default\searchplugins\youtube.xml
[2012.09.13 13:07:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions
[2012.09.13 13:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.01.02 19:13:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.13 13:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.11.07 22:37:24 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.07 22:37:24 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.07 22:37:24 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.07 22:37:24 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.07 20:57:04 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.07 22:37:24 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.11.20 21:47:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Programme\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.1.1.2\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [ClocX] C:\Programme\ClocX\ClocX.exe (BonSoft)
O4 - HKLM..\Run: [fsp] C:\Programme\Folder Shield\fsp.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX)
O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [E-MU USB Audio Control Panel] C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems)
O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1570183454-3301363139-286937864-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MICROS~2\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {45FE4418-F85F-45F0-BCAA-68C334FA6E08} file:///C:/Users/***/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/AGEphoneGadget.gadget/sipd.ocx (Sipd Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D71AEE-4623-4841-BCCE-C4AE71CF4057}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE4E7D4B-DE9B-47A5-82DE-258588830B07}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll) - c:\progra~2\browse~1\24897~1.175\{61d8b~1\browse~1.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | -HS- | M] () - S:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{95355816-d954-11e0-adea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95355816-d954-11e0-adea-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.21 11:02:30 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys
[2012.11.21 11:02:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
[2012.11.21 11:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Management
[2012.11.21 11:02:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT
[2012.11.21 11:02:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT\0302000.013
[2012.11.20 21:45:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.17 09:46:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.17 09:08:15 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.17 09:08:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.17 09:07:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.17 09:07:22 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.17 09:07:22 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.17 09:04:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.17 09:04:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.17 09:04:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.17 09:04:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.17 09:04:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.17 09:04:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.17 09:04:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.17 09:04:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.17 09:00:56 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.17 09:00:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.17 09:00:52 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.17 09:00:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.17 09:00:51 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.17 09:00:46 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.17 09:00:45 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 15:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012.11.12 22:19:44 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.11.12 22:19:44 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.11.11 16:37:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\bluesoleil
[2012.11.11 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\IVT Corporation
[2012.11.10 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth
[2012.11.09 15:06:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.11.09 15:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.09 15:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.09 15:06:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.09 15:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.07 22:37:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2012.11.07 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DVDVideoSoft_Ltd
[2012.11.07 20:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.11.07 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.11.07 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.11.07 20:57:07 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2012.11.07 20:57:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2012.11.07 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS
[2012.11.06 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Catalog
[2012.11.02 17:35:02 | 000,000,000 | ---D | C] -- C:\tmp
[2012.11.02 12:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Catalog
[2012.11.02 12:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Catalog
[2012.11.02 11:56:45 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.11.02 11:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2012.11.02 11:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2012.10.31 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Free
[2012.10.31 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\test01
[2012.10.31 15:02:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\cef_data
[2012.10.31 14:47:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\iSpring Solutions
[2012.10.31 14:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Converter
[2012.10.31 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iSpring Solutions
[2012.10.31 14:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\iSpring
[2012.10.30 10:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2012.10.30 10:08:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 6
[2012.10.29 19:49:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\VoipCheapCom
[2012.10.29 19:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.28 18:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012.10.28 18:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23Live
[2012.10.28 18:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\No23Live
[2012.10.28 17:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.28 17:28:41 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.28 17:28:41 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.28 17:28:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.28 17:28:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.28 17:28:03 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.28 13:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2012.10.27 21:36:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2012.10.26 15:59:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools
[2012.10.26 15:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTools
[2012.10.26 15:57:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SmartTools
[2012.10.25 18:53:32 | 000,000,000 | ---D | C] -- C:\Program Files\QsDriveInfo
[2012.10.25 07:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Z-Manufaktur
[2012.10.25 07:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z-Cron
[2012.10.25 07:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Z-Cron
[2012.10.24 20:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje Sevenbar
[2012.10.24 19:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.10.24 11:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Toolkit
[2012.10.24 11:06:31 | 000,000,000 | ---D | C] -- C:\MP3Toolkit
[2012.10.23 19:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012.10.23 19:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2012.10.23 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ODUI
[2012.10.23 16:35:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Stardock
[2012.10.23 16:35:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Stardock
[2012.10.23 16:35:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Stardock
[2012.10.23 16:35:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
[2012.10.23 16:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2012.10.23 16:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2012.10.23 16:35:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware
[2012.10.22 19:05:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KeePass
[2012.10.22 19:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.21 14:13:03 | 000,712,954 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.21 14:13:03 | 000,657,662 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.21 14:13:03 | 000,153,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.21 14:13:03 | 000,125,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.21 10:03:40 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 10:03:40 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 09:56:38 | 000,005,063 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2012.11.21 09:56:24 | 000,000,931 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2012.11.21 09:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.21 09:56:11 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 21:47:30 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012.11.20 18:00:19 | 000,543,531 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.20 08:46:42 | 001,442,879 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\Cat.DB
[2012.11.20 08:46:12 | 000,013,946 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\VT20121114.016
[2012.11.20 08:44:33 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012.11.20 08:44:33 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012.11.20 08:44:33 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012.11.17 18:37:06 | 000,000,107 | ---- | M] () -- C:\Windows\System32\LOCALDEVICE.INI
[2012.11.17 10:05:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.17 09:57:14 | 000,413,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.16 10:01:03 | 000,043,008 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.11 18:25:48 | 000,000,208 | ---- | M] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2012.11.11 17:02:50 | 000,003,475 | ---- | M] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT
[2012.11.11 16:44:45 | 000,000,892 | ---- | M] () -- C:\Windows\System32\SHORTCUT.INI
[2012.11.11 16:33:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\BSPRINT.INI
[2012.11.08 18:11:59 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.08 18:11:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.06 21:15:34 | 000,595,512 | ---- | M] () -- C:\Users\***\Documents\alle.ac
[2012.11.02 12:39:39 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk
[2012.11.02 11:50:01 | 000,000,209 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012.10.30 12:01:26 | 000,001,212 | ---- | M] () -- C:\Users\***\Desktop\Calculator.lnk
[2012.10.30 11:58:18 | 000,002,685 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2012.10.30 11:58:11 | 000,002,679 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.10.30 10:15:09 | 000,000,045 | ---- | M] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2012.10.29 19:14:04 | 000,001,055 | ---- | M] () -- C:\Users\***\Desktop\KeePass.lnk
[2012.10.28 17:27:55 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.28 17:27:54 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.28 17:27:54 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.10.28 17:27:54 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.28 17:27:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.28 17:27:54 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.25 20:38:01 | 000,000,459 | ---- | M] () -- C:\Users\***\AppData\Roaming\Drives Meter_Settings.ini
[2012.10.25 07:26:45 | 000,001,038 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
[2012.10.23 16:35:51 | 000,002,050 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.21 11:02:24 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.cat
[2012.11.21 11:02:24 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.inf
[2012.11.21 11:02:24 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\isolate.ini
[2012.11.20 18:00:51 | 000,543,531 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.17 10:05:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.17 09:08:17 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 09:07:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.11 16:43:30 | 000,000,892 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2012.11.11 16:42:29 | 000,000,208 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2012.11.11 16:40:29 | 000,005,063 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2012.11.11 16:40:27 | 000,000,107 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2012.11.11 16:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2012.11.07 20:57:07 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.11.06 19:52:34 | 000,595,512 | ---- | C] () -- C:\Users\***\Documents\alle.ac
[2012.11.02 11:56:22 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012.10.31 19:07:42 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 5.0.lnk
[2012.10.30 11:59:35 | 000,001,212 | ---- | C] () -- C:\Users\***\Desktop\Calculator.lnk
[2012.10.30 11:57:54 | 000,002,679 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.10.30 11:57:30 | 000,002,685 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2012.10.27 21:36:20 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.10.25 20:37:28 | 000,000,459 | ---- | C] () -- C:\Users\***\AppData\Roaming\Drives Meter_Settings.ini
[2012.10.25 07:26:44 | 000,001,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
[2012.10.23 16:35:51 | 000,002,050 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2012.10.22 19:04:29 | 000,001,055 | ---- | C] () -- C:\Users\***\Desktop\KeePass.lnk
[2012.10.05 21:08:37 | 000,003,475 | ---- | C] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT
[2012.03.08 19:17:51 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
[2011.10.07 11:48:47 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011.10.07 11:48:46 | 012,067,328 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2011.10.07 11:48:46 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2011.10.07 11:48:45 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2011.10.07 11:48:45 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2011.09.16 18:27:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.09.16 18:19:13 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.09.16 18:09:58 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2011.09.16 18:08:08 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2011.09.16 18:08:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2011.09.16 17:28:32 | 000,000,132 | ---- | C] () -- C:\Windows\KTEL.INI
[2011.09.09 12:36:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2011.09.08 13:58:14 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011.09.08 13:33:47 | 000,266,126 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.09.08 11:57:37 | 000,043,008 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.07 16:16:26 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2011.09.07 14:28:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.11 09:41:08 | 003,181,056 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011.03.07 04:08:32 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.02.15 14:30:10 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

und die Extras.txt:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 21.11.12 14:31:49 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
 
2,97 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 38,21% Memory free
5,93 Gb Paging File | 3,72 Gb Available in Paging File | 62,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 42,99 Gb Free Space | 44,02% Space Free | Partition Type: NTFS
Drive D: | 90,87 Gb Total Space | 69,61 Gb Free Space | 76,61% Space Free | Partition Type: NTFS
Drive E: | 90,00 Gb Total Space | 28,33 Gb Free Space | 31,48% Space Free | Partition Type: NTFS
Drive F: | 100,84 Gb Total Space | 73,30 Gb Free Space | 72,69% Space Free | Partition Type: NTFS
Drive S: | 86,29 Gb Total Space | 63,28 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
 
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0616E526-C631-4A67-8B7A-E5E788BB508E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0B288524-F54C-4277-934C-B88713971AA7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0B687A92-E6FC-4BCB-AE29-281D01D58520}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{29CA6D84-546A-4CCA-8043-434BEB7FCD06}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{2B0B28CE-2C56-46DB-9A34-4AF0B05DDEE2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{319802FD-56C5-4481-9BAF-B5A746B0C04C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{43E4B403-5834-4E1A-9FFC-30732C0B21C2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{5121BE17-C5E2-48E2-BB8A-A7033A1729B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51C758B6-7D53-4A93-9F3A-6F4FB64012AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DC02D63-E73C-44F9-BE8B-A12F3928B996}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6855C7EC-0FD8-443A-965D-4269D9D4C0DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80028D11-C30E-4FD6-A270-1843E411BD78}" = lport=445 | protocol=6 | dir=in | app=system | 
"{805CFF84-D850-4C33-8082-AACBD3989ED5}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{87473261-8281-4A52-89D6-3E7504041784}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9C1E467E-657F-431B-AB31-032FF8367C89}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AF72C89B-8F2B-4786-80CF-2CD6A820BFAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C47C6859-5B45-4908-8234-BFCD6DB17F4F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C7C2BC88-D6FA-4A7E-82A1-540B7152EC8E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CB62A167-FCE8-4DE9-BE42-084FAB8C2837}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CB992B7C-A5CE-4885-92BB-69B294BE2591}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E72351F9-863B-4EA7-954C-01B4DBBFB9F5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EBA9079E-4EA4-416C-977E-322DED27D5E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEE42C07-145A-4C3C-9F08-2DF6AF5E8C6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF05DBB7-5966-4A50-B6B8-FBAB30DF83D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D30FE61-E2D5-43E8-8D0C-64ADF0B0D3B2}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{0F62EFF3-F25C-458C-8CD1-F4D7EEE26FE0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1148DCF2-17ED-4CF9-A718-7C8DCAF4D70B}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{11FBA8D8-BCB6-4FA0-9B4A-E2D74F631FB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{128BC5AF-5083-458E-A183-8674019F61FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1477C25C-9435-45FD-A426-0F143D0972AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{159F367F-A362-4BAB-9EB4-14A1D088F4CF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{1C40ED13-9BED-4396-8842-938C6CCAF703}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{2C94EFF8-3104-4937-859E-3AEC6D474995}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{40AD6449-1BA5-41F1-92D9-1819B1326ACA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{44DCF29B-D4C6-40F9-98C9-4D8A98451348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{49A11033-BBED-4D64-8A8F-78011E31F86B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{4A8C5F3E-C7F5-413B-B9CF-A71B24C34AA2}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{4B93733D-480E-4101-AFFF-8E9830D6B453}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{59BCAA14-AA03-4DC8-B28B-CF51A214FE95}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5B6118B6-3FA4-4825-A362-8CD35BB04B7A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{5EF6A497-0570-4FAB-8567-AC5D6BF36F52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{64E546B5-D400-4569-922D-44576BDBE08E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6522107C-DA95-44DA-9921-8A3D68AC114E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{67A1FF9A-4A43-4BB5-AD30-E162127A15C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{6905BBCF-34F0-4CE9-83BF-F9CBBD7FE915}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EB87608-B903-442A-B7E1-F1E6753DCE9D}" = protocol=6 | dir=out | app=system | 
"{768C9BFC-1E0F-4C2A-B017-38A8F069465C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83F62607-385D-4CAD-B1D0-5C4A215B6921}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CDBF70D-5208-4233-B0D8-5D8ECE271E71}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{8FB9017E-A34E-4BBA-97B4-F3BB2EA251DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9C0FEB8A-9009-4B02-9758-676FD4A8AB31}" = dir=in | app=g:\setup\hpznui01.exe | 
"{9D860E84-F701-486C-A8E1-16FE8ACF726D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{A0DFD739-2B65-4C13-955B-738612069886}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A1E9F298-9E22-4888-8D7C-3DE1C2A45296}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AA8BB77E-5C1C-46DE-A846-2C007F1AE432}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B1E6F5F7-7DD0-4134-90B5-56DBC2D687A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B528C05A-54FF-4BC8-9C7F-2B1B3C6903D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B6388334-2183-45C1-A612-276D0AB22B60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B88E2BBF-260C-4E0F-B8D2-723F140FBF86}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BBD7F6EF-22C1-4FE6-9F4F-755A1BB0CC4D}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | 
"{BC60120B-F08F-43CD-BE6E-555B230AEA08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0B5902A-4B07-4228-BD6C-45004FDCD471}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{C720647C-A19F-43D0-91E5-85D4B94A8F8A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{D4DBAC9B-1862-4FB8-AEDC-A61403F9A186}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{DF974FF8-9E0E-4DAE-A0BE-4A460A38F9AD}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{E11E79C8-D037-433D-955A-F4287993CE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E84B337E-8A01-4D6A-9C5D-F0AE45449200}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{EC55E450-8990-41E5-A4CA-CDCA1090548C}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{F340909E-8A79-495F-81F7-E994EB49C279}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{F5393D03-D19C-43B4-A983-855AD75708F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{F54D7530-BE57-4C54-A594-16966CFFE86C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{F79F6054-3CC6-423D-9D3F-8E7BE89A658A}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F7F91E2D-24C6-490D-96F3-6D0DC9B4641B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FD8A4587-22AC-4DC8-A285-3C87E600F08F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{A0D62E6E-C4FA-4E86-BED4-B44EDF5A7AC9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{CBF1E633-7F35-48FB-B050-8EE210BC5404}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{069F0828-F359-3DF0-B58E-39C23176F9B8}" = Microsoft .NET Framework 4.5 DEU Language Pack RC
"{06E34C00-0446-4176-81C8-A5DAFE53CA36}" = Acronis*Disk*Director*11*Home
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C99893D-BC98-4456-AA3E-B67AB42301A6}" = E-MU USB Audio
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{25887983-54F3-4F55-A7C5-91229AD67C16}" = Bluesoleil 5.4.277.0
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1" = Hear
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{594A6CDC-27E8-4E2D-BCD3-CC8B95A4351E}" = iSpring Free 6
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6A1482E0-7119-4A66-BBF1-FFD95A6BA16C}" = No23Live
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6A29D1-16FA-49CB-9262-17052F5AFE01}" = GMinder
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}" = Steinberg LoopMash Content 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8CBA7E47-48DA-47DC-8E98-6984BA830295}" = Steinberg VST Amp Rack Content 01
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack RC
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-1148-0407-0000-0000000FF1CE}" = Microsoft Office Web Apps Browser Plugin
"{9624502C-3D39-41A0-8917-858EC16769CE}" = KORG M1 Le
"{982F1EE0-C5C1-43F3-8355-E64A8D0F465A}" = NetObjects Fusion 11.0
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2FF231-AE68-4DB1-8003-5745D895388B}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}" = Steinberg HALion Sonic SE Content
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A669A70D-2E2C-37D5-A025-E1CB61F2CC96}" = Microsoft .NET Framework 4.5 RC
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}" = Lexware zeitmanagement 2011
"{B0344B38-378B-47E0-BDCC-977785D24768}" = Integrated Camera Driver Installer Package Ver.1.30.110.0
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{BD312050-9D98-4F71-ADCD-25EC037C05FD}" = StarMoney
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6200FF8-999D-4C58-9047-08D2E065BDBB}" = Steinberg Cubase 6
"{C9A41E0E-74F0-4984-B1BC-FBEA2C982F1F}" = StarMoney 8.0 
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CF3F421E-E735-48B5-A228-37CC53AF035B}" = iSpring Converter 6
"{D218EA3E-E9E6-4BB3-BA85-5B091058332D}" = klickTel Routenplaner Deutschland und Europa 2009
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D83A3BAA-8450-48DA-96F9-EF8BEF386768}" = GPS-Mate für Windows V2.4.7
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"{EF7800A8-575E-4776-95A5-A9D904A85D5F}" = Steinberg HALion Sonic SE
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F8A9F4D7-4EC8-4E28-9B01-4CF74C812BF2}" = StarMoney
"{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}" = Z-Cron
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0.2
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Audio Catalog_is1" = Audio Catalog 4.4
"BackUp Maker_is1" = BackUp Maker v6.3
"ClocX" = ClocX (1.5b2)
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Der Mondkalender" = Der Mondkalender
"DesktopIconAmazon" = Desktop Icon für Amazon
"DivX Setup" = DivX-Setup
"eLicenser Control" = eLicenser Control
"FileZilla Client" = FileZilla Client 3.5.3
"Folder Shield" = Folder Shield 2.0.2.0
"Foxit Reader" = Foxit Reader
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.27.1031
"FreeCommander_is1" = FreeCommander 2009.02b
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Kalender-Excel-8.8_is1" = Kalender-Excel-8.8
"KeePass Password Safe_is1" = KeePass Password Safe 1.24
"LAME_is1" = LAME v3.99.3 (for Windows)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"MCLIENT" = Norton Management
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Toolkit_is1" = MP3 Toolkit 1.0.4
"MPE" = MyPhoneExplorer
"Newsletter Software SuperMailer_is1" = SuperMailer 6.01
"NIS" = Norton Internet Security
"No23Live" = No23Live
"ObjectDock Free" = ObjectDock Free
"PhotoFactory" = PhotoFactory
"PhotomatixPro41x32_is1" = Photomatix Pro version 4.1.2
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"RocketDock_is1" = RocketDock 1.3.5
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SmartToolsMini-Kalenderv2.00" = SmartTools Publishing • Word Mini-Kalender
"SuperMailer_is1" = SuperMailer 5.72
"Synchredible_is1" = Synchredible v3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1570183454-3301363139-286937864-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.12 14:44:19 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.07.12 14:44:39 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.07.12 14:44:45 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.07.12 14:44:48 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll".  Die abhängige Assemblierung
 "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.07.12 14:45:30 | Computer Name = ***-Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 18.07.12 16:44:06 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6661.5000 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: d68    Startzeit: 01cd652548129423    Endzeit: 0    Anwendungspfad: C:\Program
 Files\Microsoft Office\Office12\WINWORD.EXE    Berichts-ID: 368deefe-d119-11e1-9f14-002713cd2d73

 
Error - 22.07.12 05:01:02 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 10.0.1.4421,
 Zeitstempel: 0x4f32aa55  Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fe21212  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x65619973  ID des fehlerhaften Prozesses: 0x138c  Startzeit der fehlerhaften Anwendung:
 0x01cd67e6cac64db5  Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll  Berichtskennung: c2ac46a2-d3db-11e1-a2e4-002713cd2d73
 
Error - 29.07.12 15:16:03 | Computer Name = ***-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 14.0.0.4577,
 Zeitstempel: 0x5000a8e8  Name des fehlerhaften Moduls: xul.dll, Version: 14.0.0.4577,
 Zeitstempel: 0x5000a816  Ausnahmecode: 0xc0000005  Fehleroffset: 0x008f5a53  ID des fehlerhaften
 Prozesses: 0xe9c  Startzeit der fehlerhaften Anwendung: 0x01cd6dbd76ee7620  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Thunderbird\thunderbird.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Mozilla Thunderbird\xul.dll  Berichtskennung:
 d6414060-d9b1-11e1-a237-002713cd2d73
 
Error - 08.08.12 14:55:01 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 1198    Startzeit: 01cd7582db48e424    Endzeit: 15    Anwendungspfad: 
C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe    Berichts-ID:   
 
Error - 08.08.12 15:01:04 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: dd8    Startzeit: 01cd759757fc0fcb    Endzeit: 23    Anwendungspfad: C:\Program
 Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe    Berichts-ID: 6180e4df-e18b-11e1-a276-002713cd2d73

 
Error - 08.08.12 16:46:02 | Computer Name = ***-Notebook | Source = Application Hang | ID = 1002
Description = Programm Fusion.exe, Version 11.0.5000.5016 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 1448    Startzeit: 01cd75982bd9c876    Endzeit: 47    Anwendungspfad: 
C:\Program Files\NetObjects\NetObjects Fusion 11.0\Fusion.exe    Berichts-ID:   
 
[ OSession Events ]
Error - 20.05.12 15:36:40 | Computer Name = ***-Notebook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 370
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.11.12 04:56:17 | Computer Name = ***-Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 21.11.12 04:56:17 | Computer Name = ***-Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 21.11.12 04:56:17 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%87
 
Error - 21.11.12 04:56:21 | Computer Name = ***-Notebook | Source = Microsoft-Windows-TaskScheduler | ID = 701
Description = Die Aufgabenplanungdienst konnte das Aufgabenkompatibilitätsmodul 
nicht starten. Unter älteren Windows-Versionen können Aufgaben möglicherweise nicht
 registriert werden. Zusätzliche Daten: Fehlerwert: 2147942487
 
Error - 21.11.12 04:56:21 | Computer Name = ***-Notebook | Source = Microsoft-Windows-TaskScheduler | ID = 701
Description = Die Aufgabenplanungdienst konnte das Aufgabenkompatibilitätsmodul 
nicht starten. Unter älteren Windows-Versionen können Aufgaben möglicherweise nicht
 registriert werden. Zusätzliche Daten: Fehlerwert: 2147942487
 
Error - 21.11.12 04:57:15 | Computer Name = ***-Notebook | Source = DCOM | ID = 10010
Description = 
 
Error - 21.11.12 04:57:16 | Computer Name = ***-Notebook | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 21.11.12 04:57:16 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.11.12 09:21:43 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.11.12 09:28:56 | Computer Name = ***-Notebook | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         

Ich werde mit der Aktualisierung des Firefox noch warten, bis wir fertig sind, oder ich von Dir das ok bekomme.

Gruß
Walterle

Hm, ist recht unauffällig

Erstell dir mal ein neues Profil und teste => Firefox-Profile erstellen und löschen | Hilfe zu Firefox

Hallo cusinus,

das war ein guter Ansatz:
im alten Profil das alte Problem,
im neuen ist nichts davon zu sehen.

Aber was sagt uns das?
Einfach ein neues Profil anlegen - und alles ist gut?

Gruß
Walterle