Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.11.2012, 13:28   #1
Yauser
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Hallo,

Ich bin verunsichert, ob mein Laptop in irgendeiner Form "verseucht" ist.

Seit einiger Zeit liefert mir der Avira-Echtzeitscanner im laufenden Betrieb gelegentlich die Warnmeldung:

"Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte."

Die Fortsetzung des Scans wird empfohlen (was ich tue) und der Scan mit dem Avira-Rescue-System empfohlen.

Dessen Scan ergibt vielfache Warnungen (u.A. bzgl. von mir verschlüsselter Archive) und den Fund von Viren-Signaturen in einem Image eines Festplatten-Kopier-Tools. Dieses habe ich für den Wechsel zu einer SSD im betroffenen Laptop genutzt.

rescue-system_scan.log (bereinigt um Nutzerdaten und -Archive):
Code:
ATTFilter
Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set:         8.2.10.204
VDF Version:        7.11.51.248
Scan start time: Fri Nov 30 02:17:13 2012
configuration file: /etc/avira/scancl.conf
WARNING: [File is encrypted] /media/Devices/sda2/Users/Zaphod Beeblebrox/AppData/Local/Abelssoft/.data
WARNING: [File is encrypted] /media/Devices/sda2/Users/Zaphod Beeblebrox/AppData/Local/Abelssoft/SSD Fresh/Backup.backup
WARNING: [File is encrypted] /media/Devices/sda2/Users/Zaphod Beeblebrox/AppData/Roaming/SUPERAntiSpyware.com/SUPERAntiSpyware/Quarantine/Quarantine - 05-23-2011 - 21-22-44.SBU
WARNING: [Unsupported archive version] /media/Devices/sda2/Program Files (x86)/Mp3TagToolsv12/uninstall.exe
WARNING: [File is encrypted] /media/Devices/sda2/Program Files (x86)/Eudora/Attach/Nummer.zip
WARNING: [File is encrypted] /media/Devices/sda2/Program Files (x86)/Eudora/Attach/So schööön.zip
WARNING: [Bad compressed data] /media/Devices/sda2/Program Files (x86)/Gabest/VobSub/uninstall.exe
WARNING: [Unexpected end of file] /media/Devices/sda2/Program Files (x86)/Winmail Opener/uninst.exe
WARNING: [Archive is invalid or corrupt] /media/Devices/sda2/Program Files (x86)/WinRAR/rarnew.dat
WARNING: [Archive not completly scanned. Reason: maximum compression ratio (250) reached] /media/Devices/sda3/_Tools_/Canon/Powershot S100/chdk/CardTricks-144-SFX SD-Kartentool.exe --> CardTricks/empty2.zip
WARNING: [An abort was triggered by the progress callback] /media/Devices/sda3/_Tools_/Canon/Powershot S100/chdk/CardTricks-144-SFX SD-Kartentool.exe/CardTricks/empty2.zip
WARNING: [Bad compressed data] /media/Devices/sda3/_Tools_/Medien/Video/AutoGordianKnot.2.55.Setup.exe --> ProgramFilesDir/VobSub_2.23.exe
WARNING: [File is encrypted] /media/Devices/sda3/_Tools_/Medien/Video/K-Lite_Codec_Pack_583_Full.exe
WARNING: [File is encrypted] /media/Devices/sda3/_Tools_/Medien/Video/K-Lite_Codec_Pack_64bit_330.exe
WARNING: [Unexpected end of file] /media/Devices/sda3/_Tools_/System/Acer Timeline 3820T/Grafikupdate - experimental/2.0 Catalyst_12.3_UP2_UnifL.exe
WARNING: [File is encrypted] /media/Devices/sda3/_Tools_/System/Festplattentools und Dateimanagement/ubcd511-Festplattenkopier etc.iso.vir --> ubcd/images/fdubcd.iso.gz --> fdubcd.iso --> dosapps/bughunt.cab --> SAFEBUG.ZIP
ALERT: [APPL/BiosTool.D] /media/Devices/sda3/_Tools_/System/Festplattentools und Dateimanagement/ubcd511-Festplattenkopier etc.iso.vir --> ubcd/images/fdubcd.iso.gz --> fdubcd.iso --> dosapps/xbios.cab --> bios320.exe <<< Contains signature of the application APPL/BiosTool.D [archive scan abort]
[renamed]
WARNING: [File is encrypted] /media/Devices/sda3/_Tools_/System/Virenscan etc/avira_free_antivirus_de.exe --> avsdklist.zip
WARNING: [File is encrypted] /media/Devices/sda3/_Tools_/System/Virenscan etc/avira_free_antivirus_de.exe --> manualuninstallconfig.zip
WARNING: [File is encrypted] /media/Devices/sda3/_Tools_/System/Virenscan etc/avira_free_antivirus_de.exe --> productreleasenotes.zip
WARNING: [File is encrypted] /media/Devices/sda3/_Tools_/System/Virenscan etc/avira_free_antivirus_de.exe --> qatestedproducts.zip
WARNING: [Bad compressed data] /media/Devices/sda3/_Tools_/System/VirtualPC/WindowsXPMode_de-de.exe --> sources\xpm

Statistics :
Directories............... : 47046
Archives.................. : 9044
Files..................... : 990911
Infected.............. : 1
Renamed........... : 1
Warnings.............. : 512 (mostly encrypted archives)
Suspicious............ : 0
Infections................ : 1
         
Ab hier: Vorgehen nach Anleitung für Hilfesuchende.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 30.11.2012 13:45:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = D:\_Tools_\System\Virenscan etc\Trojaner-Board-Scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,68 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 76,39% Memory free
15,35 Gb Paging File | 13,32 Gb Available in Paging File | 86,80% Paging File free
Paging file location(s): c:\pagefile.sys 7860 7860 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109,94 Gb Total Space | 36,49 Gb Free Space | 33,19% Space Free | Partition Type: NTFS
Drive D: | 180,00 Gb Total Space | 25,87 Gb Free Space | 14,37% Space Free | Partition Type: NTFS
Drive E: | 180,00 Gb Total Space | 27,91 Gb Free Space | 15,50% Space Free | Partition Type: NTFS
 
Computer Name: ZAPLAP | User Name: Zaphod Beeblebrox | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.26 23:23:13 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.26 23:23:01 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.26 23:23:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.01 00:03:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\_Tools_\System\Virenscan etc\Trojaner-Board-Scan\2. OTL - auf desktop ausführen.exe
PRC - [2012.10.12 16:19:56 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2011.04.08 13:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011.04.02 05:52:24 | 000,403,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.04.28 09:02:50 | 000,348,160 | ---- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.26 07:35:04 | 001,289,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.02.26 07:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.02.26 07:35:04 | 000,288,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.06 10:43:40 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 15:27:06 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll
MOD - [2012.11.14 21:29:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.14 21:29:24 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.14 21:29:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.14 21:29:03 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.14 21:28:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.14 21:28:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.14 21:28:50 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.14 21:28:40 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.28 12:37:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.01.06 10:43:40 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2009.05.20 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.06.29 21:38:34 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.26 23:23:13 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.26 23:23:01 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.20 23:57:07 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.01 11:35:06 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.06 20:44:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.10.06 20:42:52 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2011.08.05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.04.02 05:52:24 | 000,403,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2011.01.12 15:36:18 | 000,091,368 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.04.28 09:02:50 | 000,348,160 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2010.03.26 10:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.26 07:35:04 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.02 16:19:32 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.10.01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.14 15:35:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.11.14 15:35:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.10.12 16:19:56 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.10.10 15:10:03 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32)
DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 20:54:40 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm)
DRV:64bit: - [2010.06.29 22:09:58 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.29 20:56:42 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.06.29 20:56:42 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.29 20:48:34 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.16 06:34:44 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.04.07 19:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.16 12:19:40 | 000,677,632 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerAF35.sys -- (AVerAF35)
DRV:64bit: - [2010.03.06 18:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.02 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.16 04:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.14 23:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.14 23:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.22 18:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.12.02 03:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.30 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.26 21:34:58 | 000,744,072 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012.10.10 15:10:03 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011.01.12 15:36:14 | 000,147,048 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/xxxxxxxxxxxxxxxxxxxxxxxxxxx/events#!/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: undoclosedtabsbutton%40supernova00.biz:3.7.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B477c4c36-24eb-11da-94d4-00e08161165f%7D:3.1.2
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.23
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.3rc4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.8.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.71
FF - prefs.js..network.proxy.ftp_port: 3124
FF - prefs.js..network.proxy.http: "46.19.137.150"
FF - prefs.js..network.proxy.http_port: 8081
FF - prefs.js..network.proxy.network.proxy.socks_remote_dns: 1
FF - prefs.js..network.proxy.socks_port: 3124
FF - prefs.js..network.proxy.ssl_port: 3124
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Zaphod Beeblebrox\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.04.17 22:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 23:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 23:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.20 23:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.20 23:57:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.03 15:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.04 14:29:35 | 000,000,000 | ---D | M]
 
[2010.07.01 10:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Extensions
[2010.07.01 10:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.28 19:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions
[2012.11.09 15:18:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.06.26 10:44:22 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.10.21 18:25:21 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012.11.22 00:38:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.05 11:49:26 | 000,040,179 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\undoclosedtabsbutton@supernova00.biz.xpi
[2012.11.21 23:44:34 | 000,472,387 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi
[2012.09.18 18:55:44 | 000,173,194 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi
[2011.11.20 23:19:28 | 000,031,905 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi
[2012.11.28 19:25:35 | 000,530,852 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.10.30 20:30:30 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.01.04 14:21:56 | 000,000,933 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\11-suche.xml
[2012.01.04 14:21:57 | 000,002,419 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\englische-ergebnisse.xml
[2012.01.04 14:21:56 | 000,010,525 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\gmx-suche.xml
[2012.01.04 14:21:57 | 000,002,457 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\lastminute.xml
[2012.01.04 14:21:56 | 000,005,508 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\webde-suche.xml
[2012.11.20 23:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.11.20 23:57:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.20 23:57:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.20 23:57:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.11.20 23:57:07 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.04 14:29:33 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.16 22:53:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 19:30:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.16 22:53:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.16 22:53:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.16 22:53:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.16 22:53:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.12.04 23:39:38 | 000,438,845 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15092 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
O4 - Startup: C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04A1671E-BD0A-45CF-954E-0FA8DBA699BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297C9031-B076-4D86-AA9B-964E4D51F775}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF32D8B-27F6-4AD5-BA4C-30BB3AEDBA5B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{880AEA31-B3A4-4528-852B-DCD024DF1ED0}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB8AD0BA-3E4F-4B8D-99F2-77870BD888B3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\tools\shelexec.exe html\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 23:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.16 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012.11.15 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\Zaphod Beeblebrox\Desktop\Idole
[2012.11.09 20:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
[2012.11.06 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.01 00:03:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zaphod Beeblebrox\Desktop\OTL.exe
[2012.10.31 23:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.30 13:47:03 | 000,017,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.30 13:47:03 | 000,017,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.30 13:41:39 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.30 13:39:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.30 13:39:27 | 1886,719,999 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.30 13:38:59 | 000,000,020 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\defogger_reenable
[2012.11.30 12:59:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 20:50:33 | 031,019,008 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\filesync.metadata
[2012.11.29 20:35:44 | 000,000,513 | ---- | M] () -- C:\Windows\vuepro32.ini
[2012.11.28 13:37:06 | 001,622,172 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.28 13:37:06 | 000,702,348 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.28 13:37:06 | 000,656,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.28 13:37:06 | 000,150,152 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.28 13:37:06 | 000,122,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.28 12:20:41 | 000,043,200 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\Desktop\2203.pdf
[2012.11.25 12:35:45 | 000,112,128 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.15 19:29:36 | 003,263,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.14 15:35:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.14 15:35:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.09 20:27:29 | 000,001,189 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
[2012.11.01 00:03:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zaphod Beeblebrox\Desktop\OTL.exe
[2012.10.31 23:14:31 | 000,754,023 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\Desktop\Salgueiro2.mp3
[2012.10.31 23:14:31 | 000,182,673 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\Desktop\Salgueiro5.mp3
 
========== Files Created - No Company Name ==========
 
[2012.11.30 13:38:59 | 000,000,020 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\defogger_reenable
[2012.11.28 13:38:36 | 000,043,200 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\Desktop\2203.pdf
[2012.11.14 21:23:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 21:20:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.09 20:27:29 | 000,001,189 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
[2012.10.31 23:20:59 | 000,182,673 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\Desktop\Salgueiro5.mp3
[2012.10.31 23:20:44 | 000,754,023 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\Desktop\Salgueiro2.mp3
[2012.10.12 15:19:02 | 000,000,288 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\.backup.dm
[2012.10.10 13:16:46 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2012.09.26 21:43:08 | 000,001,024 | ---- | C] () -- C:\Windows\VueIcons.ini
[2012.08.20 00:55:08 | 000,000,218 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\.recently-used.xbel
[2012.05.17 13:45:36 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2012.05.17 13:45:36 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2012.05.17 13:45:34 | 000,614,400 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2012.05.17 13:45:34 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2012.05.17 13:45:34 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2012.05.17 13:45:34 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2012.05.17 13:45:34 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2012.05.17 13:45:34 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2012.05.17 13:45:34 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2012.04.17 01:07:15 | 001,646,530 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.03 10:30:49 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.12.22 22:36:15 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011.12.08 00:09:40 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2011.11.21 17:33:58 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.11.03 21:54:18 | 000,081,920 | ---- | C] () -- C:\Program Files (x86)\MPEG4Modifier.exe
[2011.08.29 14:25:44 | 000,000,939 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2011.08.29 14:25:39 | 000,001,096 | ---- | C] () -- C:\Windows\cm108.ini
[2011.04.29 10:43:02 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.04.29 10:40:18 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.04.29 10:40:17 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.04.29 10:40:17 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.04.29 10:40:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.07 09:59:58 | 000,199,630 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\HTC HD2 (Leo).pdf
[2011.03.24 13:04:04 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.03.24 13:02:58 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.03.18 21:23:41 | 000,038,444 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.03.18 21:22:14 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.18 21:20:48 | 000,038,451 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.02.06 01:48:43 | 000,000,323 | ---- | C] () -- C:\Windows\doom3.ini
[2011.01.27 01:33:12 | 000,030,247 | ---- | C] () -- C:\Windows\scunin.dat
[2011.01.25 22:17:49 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.01.20 00:15:08 | 000,000,562 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\AutoGK.ini
[2010.12.29 22:20:01 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini
[2010.11.01 13:39:52 | 002,089,892 | -H-- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\IconCache - Kopie.db
[2010.09.14 23:43:26 | 000,000,114 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\default.pls
[2010.07.26 19:37:55 | 000,024,091 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\UserTile.png
[2010.07.02 12:26:33 | 031,019,008 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\filesync.metadata
[2010.06.30 22:08:51 | 000,112,128 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.29 12:42:46 | 000,001,024 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\.rnd
[2010.06.29 12:04:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.06.28 17:56:53 | 000,007,593 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\resmon.resmoncfg
[2010.03.24 21:16:42 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.07.05 21:44:10 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\ACD Systems
[2010.09.16 21:34:52 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Alien Skin
[2012.10.05 20:48:30 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\avidemux
[2011.12.17 22:39:59 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Canon
[2011.06.27 21:38:39 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\CBL-Electronics
[2012.10.10 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\DAEMON Tools Lite
[2011.02.13 18:46:19 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\DelinvFile
[2012.10.05 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\DVDVideoSoft
[2012.05.29 13:34:50 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\elsterformular
[2012.10.28 01:07:26 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\EXIF Date Changer
[2012.11.30 01:13:53 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\FileZilla
[2011.03.28 14:04:46 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Foxit Software
[2012.10.12 13:50:32 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\FreePDF
[2011.05.21 12:57:30 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\GoContactSyncMOD
[2011.09.14 22:14:43 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\gtk-2.0
[2011.01.02 14:41:47 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\ID3-TagIT 3
[2011.05.31 21:24:31 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\MAGIX
[2011.01.13 12:41:39 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\MJData
[2011.02.25 21:12:08 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mkvtoolnix
[2011.02.22 22:31:04 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mp3DirectCut
[2011.06.09 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Nokia
[2010.08.07 15:09:48 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Notepad++
[2012.09.23 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\onOne Software
[2011.10.10 19:33:26 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\OpenCandy
[2011.06.09 12:52:29 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\PC Suite
[2010.07.26 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\PeerNetworking
[2011.01.25 22:21:18 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Red Alert 3
[2012.10.12 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\SanDisk SecureAccess
[2011.12.22 22:36:40 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\SoftMaker
[2011.09.14 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Stereoscopic Player c't Edition
[2010.07.01 10:15:05 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Thunderbird
[2011.10.10 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1
[2012.11.08 13:51:57 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\TrueCrypt
[2012.05.06 22:16:24 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\XMedia Recode
[2010.11.12 00:19:14 | 000,000,000 | ---D | M] -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Yamb
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >
         
extra.txt:
Code:
ATTFilter
Finde ich nicht!
         

Alt 30.11.2012, 21:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Hallo und

Hast du noch weitere Logs? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten
__________________

__________________

Alt 30.11.2012, 21:33   #3
Yauser
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Danke erst mal für's Kümmern!

Weitere logs:
(extra.txt bei OTL-Scan gab's nicht)

Avira: keine Funde unter Ereignisse
(dooferweise habe ich den Bericht nach einer der ursächlichen Meldungen nicht gespeichert!)

Malwarbytes:
Frischer Scan von heute mit Fund:
Code:
ATTFilter
Datenbank Version: v2012.11.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zaphod Beeblebrox :: ZAPLAP [Administrator]

30.11.2012 14:37:32
mbam-log-2012-11-30 (20-53-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 592519
Laufzeit: 23 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Zaphod Beeblebrox\AppData\Local\Temp\deploy.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
         
Malwarebytes-Scan nach Löschung von deploy.exe und Neustart (lief leider schon vor der ersten Anweisung hier):
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zaphod Beeblebrox :: ZAPLAP [Administrator]

30.11.2012 14:37:32
mbam-log-2012-11-30 (14-37-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 592519
Laufzeit: 23 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Zaphod Beeblebrox\AppData\Local\Temp\deploy.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Noch älterer Malwarebytes-Scan (1.11.12):
ohne Funde!
__________________

Alt 30.11.2012, 21:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.11.2012, 22:51   #5
Yauser
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



aswMBR-Scan (mit Quick-Scan-Option tatsächlich Abstürze):
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-30 23:36:15
-----------------------------
23:36:15.564    OS Version: Windows x64 6.1.7601 Service Pack 1
23:36:15.564    Number of processors: 4 586 0x2502
23:36:15.564    ComputerName: ZAPLAP  UserName: 
23:36:15.876    Initialize success
23:36:22.069    AVAST engine defs: 12113001
23:36:35.001    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:36:35.001    Disk 0 Vendor: SAMSUNG_ CXM0 Size: 488386MB BusType: 3
23:36:35.017    Disk 0 MBR read successfully
23:36:35.017    Disk 0 MBR scan
23:36:35.017    Disk 0 Windows 7 default MBR code
23:36:35.033    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:36:35.033    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       112578 MB offset 206848
23:36:35.048    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       184320 MB offset 230893568
23:36:35.064    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       184320 MB offset 608380928
23:36:35.079    Disk 0 scanning C:\Windows\system32\drivers
23:36:48.261    Service scanning
23:36:59.993    Modules scanning
23:36:59.993    Disk 0 trace - called modules:
23:37:00.008    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
23:37:00.008    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ae0060]
23:37:00.024    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80078b9050]
23:37:00.024    Scan finished successfully
23:37:38.650    Disk 0 MBR has been saved successfully to "D:\_Tools_\System\Virenscan etc\Trojaner-Board-Scan\MBR.dat"
23:37:38.665    The log file has been saved successfully to "D:\_Tools_\System\Virenscan etc\Trojaner-Board-Scan\aswMBR.txt"
         
TDSS-Killer-log:
Code:
ATTFilter
23:43:52.0660 1312  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:43:52.0676 1312  ============================================================
23:43:52.0676 1312  Current date / time: 2012/11/30 23:43:52.0676
23:43:52.0676 1312  SystemInfo:
23:43:52.0676 1312  
23:43:52.0676 1312  OS Version: 6.1.7601 ServicePack: 1.0
23:43:52.0676 1312  Product type: Workstation
23:43:52.0676 1312  ComputerName: ZAPLAP
23:43:52.0676 1312  UserName: Zaphod Beeblebrox
23:43:52.0676 1312  Windows directory: C:\Windows
23:43:52.0676 1312  System windows directory: C:\Windows
23:43:52.0676 1312  Running under WOW64
23:43:52.0676 1312  Processor architecture: Intel x64
23:43:52.0676 1312  Number of processors: 4
23:43:52.0676 1312  Page size: 0x1000
23:43:52.0676 1312  Boot type: Normal boot
23:43:52.0676 1312  ============================================================
23:43:52.0956 1312  Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 (476.94 Gb), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:43:52.0956 1312  ============================================================
23:43:52.0956 1312  \Device\Harddisk0\DR0:
23:43:52.0956 1312  MBR partitions:
23:43:52.0956 1312  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:43:52.0956 1312  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDBE147B
23:43:52.0956 1312  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDC32800, BlocksNum 0x16800000
23:43:52.0956 1312  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x24432800, BlocksNum 0x168006B9
23:43:52.0956 1312  ============================================================
23:43:52.0988 1312  C: <-> \Device\Harddisk0\DR0\Partition2
23:43:52.0988 1312  D: <-> \Device\Harddisk0\DR0\Partition3
23:43:52.0988 1312  E: <-> \Device\Harddisk0\DR0\Partition4
23:43:52.0988 1312  ============================================================
23:43:52.0988 1312  Initialize success
23:43:52.0988 1312  ============================================================
23:44:22.0643 4876  ============================================================
23:44:22.0643 4876  Scan started
23:44:22.0643 4876  Mode: Manual; SigCheck; TDLFS; 
23:44:22.0643 4876  ============================================================
23:44:23.0314 4876  ================ Scan system memory ========================
23:44:23.0314 4876  System memory - ok
23:44:23.0314 4876  ================ Scan services =============================
23:44:23.0314 4876  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:44:23.0376 4876  !SASCORE - ok
23:44:23.0408 4876  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:44:23.0439 4876  1394ohci - ok
23:44:23.0439 4876  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:44:23.0454 4876  ACPI - ok
23:44:23.0454 4876  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:44:23.0486 4876  AcpiPmi - ok
23:44:23.0486 4876  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
23:44:23.0517 4876  adfs - ok
23:44:23.0517 4876  [ F84C9DEE4698DF3C1D76801B7B1B55D7 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:44:23.0517 4876  Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
23:44:23.0517 4876  Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
23:44:23.0532 4876  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:44:23.0548 4876  adp94xx - ok
23:44:23.0564 4876  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:44:23.0579 4876  adpahci - ok
23:44:23.0579 4876  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:44:23.0595 4876  adpu320 - ok
23:44:23.0595 4876  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:44:23.0673 4876  AeLookupSvc - ok
23:44:23.0673 4876  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
23:44:23.0704 4876  AFD - ok
23:44:23.0704 4876  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:44:23.0720 4876  agp440 - ok
23:44:23.0720 4876  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:44:23.0735 4876  ALG - ok
23:44:23.0735 4876  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:44:23.0751 4876  aliide - ok
23:44:23.0751 4876  [ 95BB85F73F6C20B08AB83ED194C2FA1F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:44:23.0782 4876  AMD External Events Utility - ok
23:44:23.0782 4876  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:44:23.0798 4876  amdide - ok
23:44:23.0798 4876  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:44:23.0813 4876  AmdK8 - ok
23:44:23.0891 4876  [ 2AE6AA3632589AC805432863D3605EA9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:44:24.0016 4876  amdkmdag - ok
23:44:24.0032 4876  [ 206C28BFA8D52250D163B85E891527E5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:44:24.0047 4876  amdkmdap - ok
23:44:24.0047 4876  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:44:24.0063 4876  AmdPPM - ok
23:44:24.0063 4876  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:44:24.0078 4876  amdsata - ok
23:44:24.0078 4876  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:44:24.0094 4876  amdsbs - ok
23:44:24.0110 4876  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:44:24.0110 4876  amdxata - ok
23:44:24.0110 4876  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
23:44:24.0125 4876  AmUStor - ok
23:44:24.0141 4876  [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:44:24.0141 4876  AntiVirSchedulerService - ok
23:44:24.0156 4876  [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:44:24.0156 4876  AntiVirService - ok
23:44:24.0172 4876  [ 7DF8F1BC5B4F3B36906573F4DE166B73 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
23:44:24.0172 4876  AnyDVD - ok
23:44:24.0188 4876  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:44:24.0266 4876  AppID - ok
23:44:24.0266 4876  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:44:24.0297 4876  AppIDSvc - ok
23:44:24.0297 4876  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
23:44:24.0344 4876  Appinfo - ok
23:44:24.0344 4876  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:44:24.0359 4876  arc - ok
23:44:24.0359 4876  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:44:24.0375 4876  arcsas - ok
23:44:24.0390 4876  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:44:24.0390 4876  aspnet_state - ok
23:44:24.0390 4876  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:44:24.0437 4876  AsyncMac - ok
23:44:24.0437 4876  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:44:24.0453 4876  atapi - ok
23:44:24.0484 4876  [ 70260C7C98CC0101316F5B2650C3BB44 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:44:24.0515 4876  athr - ok
23:44:24.0515 4876  [ D048E78B8B6416A0A5A18843867C9973 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:44:24.0531 4876  AtiHDAudioService - ok
23:44:24.0531 4876  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
23:44:24.0546 4876  AtiHdmiService - ok
23:44:24.0562 4876  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:44:24.0609 4876  AudioEndpointBuilder - ok
23:44:24.0609 4876  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:44:24.0656 4876  AudioSrv - ok
23:44:24.0671 4876  [ D37F00A992A9E099B7A4136FD55B9180 ] AVerAF35        C:\Windows\system32\Drivers\AVerAF35.sys
23:44:24.0687 4876  AVerAF35 - ok
23:44:24.0687 4876  [ B085322DC9984B31190BD80D2542329F ] AVerRemote      C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
23:44:24.0702 4876  AVerRemote ( UnsignedFile.Multi.Generic ) - warning
23:44:24.0702 4876  AVerRemote - detected UnsignedFile.Multi.Generic (1)
23:44:24.0718 4876  [ 3094F37D17C9F91632689FFE9381FC4B ] AVerScheduleService C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
23:44:24.0718 4876  AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
23:44:24.0718 4876  AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
23:44:24.0734 4876  [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:44:24.0734 4876  avgntflt - ok
23:44:24.0749 4876  [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:44:24.0765 4876  avipbb - ok
23:44:24.0765 4876  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:44:24.0780 4876  avkmgr - ok
23:44:24.0780 4876  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:44:24.0812 4876  AxInstSV - ok
23:44:24.0812 4876  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:44:24.0827 4876  b06bdrv - ok
23:44:24.0843 4876  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:44:24.0858 4876  b57nd60a - ok
23:44:24.0874 4876  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
23:44:24.0921 4876  BCM43XX - ok
23:44:24.0921 4876  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:44:24.0936 4876  BDESVC - ok
23:44:24.0936 4876  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:44:24.0983 4876  Beep - ok
23:44:24.0983 4876  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:44:25.0030 4876  BFE - ok
23:44:25.0046 4876  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
23:44:25.0092 4876  BITS - ok
23:44:25.0092 4876  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:44:25.0108 4876  blbdrive - ok
23:44:25.0108 4876  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:44:25.0124 4876  bowser - ok
23:44:25.0124 4876  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:44:25.0139 4876  BrFiltLo - ok
23:44:25.0155 4876  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:44:25.0155 4876  BrFiltUp - ok
23:44:25.0170 4876  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
23:44:25.0186 4876  Browser - ok
23:44:25.0186 4876  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:44:25.0202 4876  Brserid - ok
23:44:25.0217 4876  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:44:25.0217 4876  BrSerWdm - ok
23:44:25.0233 4876  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:44:25.0248 4876  BrUsbMdm - ok
23:44:25.0248 4876  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:44:25.0264 4876  BrUsbSer - ok
23:44:25.0264 4876  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:44:25.0280 4876  BthEnum - ok
23:44:25.0280 4876  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:44:25.0295 4876  BTHMODEM - ok
23:44:25.0311 4876  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:44:25.0326 4876  BthPan - ok
23:44:25.0326 4876  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:44:25.0342 4876  BTHPORT - ok
23:44:25.0358 4876  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:44:25.0389 4876  bthserv - ok
23:44:25.0389 4876  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:44:25.0404 4876  BTHUSB - ok
23:44:25.0420 4876  [ 380B798D30C56EDE4AF58619D0E86CCB ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
23:44:25.0436 4876  btwampfl - ok
23:44:25.0436 4876  [ BA5622F5544C6C445DFF1A05ACC8B19D ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
23:44:25.0451 4876  btwaudio - ok
23:44:25.0451 4876  [ A11905D0F4BD34771F195217B6AA5AE0 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
23:44:25.0467 4876  btwavdt - ok
23:44:25.0482 4876  [ 3930E53EE0BED9DFF9AFA09F505D0CAE ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:44:25.0498 4876  btwdins - ok
23:44:25.0514 4876  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
23:44:25.0514 4876  btwl2cap - ok
23:44:25.0529 4876  [ BD776F32D64EC615BE4563DC2747224E ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
23:44:25.0529 4876  btwrchid - ok
23:44:25.0545 4876  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:44:25.0576 4876  cdfs - ok
23:44:25.0576 4876  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:44:25.0592 4876  cdrom - ok
23:44:25.0607 4876  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:44:25.0638 4876  CertPropSvc - ok
23:44:25.0638 4876  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:44:25.0654 4876  circlass - ok
23:44:25.0670 4876  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:44:25.0685 4876  CLFS - ok
23:44:25.0685 4876  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:44:25.0701 4876  clr_optimization_v2.0.50727_32 - ok
23:44:25.0701 4876  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:44:25.0716 4876  clr_optimization_v2.0.50727_64 - ok
23:44:25.0716 4876  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:44:25.0732 4876  clr_optimization_v4.0.30319_32 - ok
23:44:25.0732 4876  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:44:25.0748 4876  clr_optimization_v4.0.30319_64 - ok
23:44:25.0748 4876  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:44:25.0763 4876  CmBatt - ok
23:44:25.0763 4876  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:44:25.0779 4876  cmdide - ok
23:44:25.0794 4876  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
23:44:25.0810 4876  CNG - ok
23:44:25.0810 4876  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:44:25.0826 4876  Compbatt - ok
23:44:25.0826 4876  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:44:25.0841 4876  CompositeBus - ok
23:44:25.0841 4876  COMSysApp - ok
23:44:25.0857 4876  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:44:25.0857 4876  crcdisk - ok
23:44:25.0872 4876  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:44:25.0888 4876  CryptSvc - ok
23:44:25.0888 4876  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:44:25.0935 4876  DcomLaunch - ok
23:44:25.0950 4876  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:44:25.0982 4876  defragsvc - ok
23:44:25.0997 4876  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:44:26.0028 4876  DfsC - ok
23:44:26.0028 4876  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:44:26.0044 4876  Dhcp - ok
23:44:26.0060 4876  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:44:26.0091 4876  discache - ok
23:44:26.0091 4876  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:44:26.0106 4876  Disk - ok
23:44:26.0106 4876  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:44:26.0122 4876  Dnscache - ok
23:44:26.0138 4876  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:44:26.0169 4876  dot3svc - ok
23:44:26.0184 4876  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:44:26.0216 4876  DPS - ok
23:44:26.0216 4876  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:44:26.0231 4876  drmkaud - ok
23:44:26.0247 4876  [ 55F6F3E0DF82E0113082852347BF2C16 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:44:26.0262 4876  DsiWMIService - ok
23:44:26.0278 4876  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:44:26.0309 4876  DXGKrnl - ok
23:44:26.0309 4876  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:44:26.0356 4876  EapHost - ok
23:44:26.0387 4876  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:44:26.0450 4876  ebdrv - ok
23:44:26.0450 4876  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
23:44:26.0465 4876  EFS - ok
23:44:26.0481 4876  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:44:26.0496 4876  ehRecvr - ok
23:44:26.0512 4876  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:44:26.0528 4876  ehSched - ok
23:44:26.0528 4876  [ 9387A484D31209D7FC3F795A787294DB ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
23:44:26.0543 4876  ElbyCDFL - ok
23:44:26.0543 4876  [ A14D6E3EF78F6D6AC42F98D633F2400A ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
23:44:26.0559 4876  ElbyCDIO - ok
23:44:26.0574 4876  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:44:26.0590 4876  elxstor - ok
23:44:26.0606 4876  [ DA751BD36852BB7F4515DFC9EE213245 ] ePowerSvc       C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
23:44:26.0621 4876  ePowerSvc - ok
23:44:26.0637 4876  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:44:26.0637 4876  ErrDev - ok
23:44:26.0652 4876  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:44:26.0699 4876  EventSystem - ok
23:44:26.0699 4876  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:44:26.0746 4876  exfat - ok
23:44:26.0746 4876  [ 77541BB9EA03008FF40035F2D3EF114E ] Ext2Fsd         C:\Windows\system32\drivers\Ext2Fsd.sys
23:44:26.0777 4876  Ext2Fsd - ok
23:44:26.0793 4876  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:44:26.0824 4876  fastfat - ok
23:44:26.0840 4876  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:44:26.0840 4876  fdc - ok
23:44:26.0855 4876  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:44:26.0886 4876  fdPHost - ok
23:44:26.0886 4876  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:44:26.0933 4876  FDResPub - ok
23:44:26.0933 4876  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:44:26.0949 4876  FileInfo - ok
23:44:26.0949 4876  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:44:26.0980 4876  Filetrace - ok
23:44:27.0011 4876  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
23:44:27.0042 4876  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
23:44:27.0042 4876  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
23:44:27.0042 4876  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:44:27.0074 4876  FLEXnet Licensing Service - ok
23:44:27.0089 4876  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
23:44:27.0105 4876  FLEXnet Licensing Service 64 - ok
23:44:27.0120 4876  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:44:27.0120 4876  flpydisk - ok
23:44:27.0136 4876  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:44:27.0152 4876  FltMgr - ok
23:44:27.0167 4876  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
23:44:27.0183 4876  FontCache - ok
23:44:27.0198 4876  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:44:27.0198 4876  FontCache3.0.0.0 - ok
23:44:27.0214 4876  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:44:27.0214 4876  FsDepends - ok
23:44:27.0230 4876  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:44:27.0230 4876  Fs_Rec - ok
23:44:27.0245 4876  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:44:27.0261 4876  fvevol - ok
23:44:27.0261 4876  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:44:27.0276 4876  gagp30kx - ok
23:44:27.0292 4876  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:44:27.0339 4876  gpsvc - ok
23:44:27.0354 4876  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
23:44:27.0386 4876  Greg_Service - ok
23:44:27.0386 4876  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:44:27.0401 4876  gupdate - ok
23:44:27.0401 4876  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:44:27.0417 4876  gupdatem - ok
23:44:27.0417 4876  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:44:27.0432 4876  hcw85cir - ok
23:44:27.0432 4876  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:44:27.0448 4876  HdAudAddService - ok
23:44:27.0464 4876  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:44:27.0479 4876  HDAudBus - ok
23:44:27.0479 4876  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:44:27.0495 4876  HECIx64 - ok
23:44:27.0495 4876  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:44:27.0510 4876  HidBatt - ok
23:44:27.0510 4876  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:44:27.0526 4876  HidBth - ok
23:44:27.0526 4876  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:44:27.0542 4876  HidIr - ok
23:44:27.0542 4876  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
23:44:27.0588 4876  hidserv - ok
23:44:27.0588 4876  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:44:27.0604 4876  HidUsb - ok
23:44:27.0604 4876  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:44:27.0651 4876  hkmsvc - ok
23:44:27.0651 4876  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:44:27.0666 4876  HomeGroupListener - ok
23:44:27.0666 4876  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:44:27.0682 4876  HomeGroupProvider - ok
23:44:27.0698 4876  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:44:27.0698 4876  HpSAMD - ok
23:44:27.0713 4876  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:44:27.0760 4876  HTTP - ok
23:44:27.0760 4876  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:44:27.0776 4876  hwpolicy - ok
23:44:27.0776 4876  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:44:27.0791 4876  i8042prt - ok
23:44:27.0807 4876  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:44:27.0822 4876  iaStor - ok
23:44:27.0822 4876  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:44:27.0838 4876  IAStorDataMgrSvc - ok
23:44:27.0854 4876  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:44:27.0869 4876  iaStorV - ok
23:44:27.0885 4876  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:44:27.0900 4876  idsvc - ok
23:44:28.0010 4876  [ FBACBED7A37B3223822470FF1D8EA00F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:44:28.0181 4876  igfx - ok
23:44:28.0181 4876  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:44:28.0197 4876  iirsp - ok
23:44:28.0212 4876  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:44:28.0259 4876  IKEEXT - ok
23:44:28.0259 4876  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:44:28.0275 4876  Impcd - ok
23:44:28.0306 4876  [ 3EDD3CE185DA3E6AAEC22ADCFD7B1D54 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:44:28.0353 4876  IntcAzAudAddService - ok
23:44:28.0353 4876  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:44:28.0368 4876  intelide - ok
23:44:28.0478 4876  [ FBACBED7A37B3223822470FF1D8EA00F ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
23:44:28.0649 4876  intelkmd - ok
23:44:28.0665 4876  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:44:28.0665 4876  intelppm - ok
23:44:28.0680 4876  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:44:28.0712 4876  IPBusEnum - ok
23:44:28.0727 4876  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:44:28.0758 4876  IpFilterDriver - ok
23:44:28.0758 4876  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:44:28.0790 4876  iphlpsvc - ok
23:44:28.0790 4876  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:44:28.0805 4876  IPMIDRV - ok
23:44:28.0805 4876  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:44:28.0852 4876  IPNAT - ok
23:44:28.0852 4876  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:44:28.0868 4876  IRENUM - ok
23:44:28.0883 4876  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:44:28.0883 4876  isapnp - ok
23:44:28.0899 4876  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:44:28.0914 4876  iScsiPrt - ok
23:44:28.0914 4876  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:44:28.0930 4876  kbdclass - ok
23:44:28.0930 4876  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:44:28.0946 4876  kbdhid - ok
23:44:28.0946 4876  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:44:28.0961 4876  KeyIso - ok
23:44:28.0961 4876  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:44:28.0977 4876  KSecDD - ok
23:44:28.0977 4876  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:44:28.0992 4876  KSecPkg - ok
23:44:28.0992 4876  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:44:29.0024 4876  ksthunk - ok
23:44:29.0039 4876  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:44:29.0070 4876  KtmRm - ok
23:44:29.0086 4876  [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:44:29.0086 4876  L1C - ok
23:44:29.0102 4876  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
23:44:29.0102 4876  L1E - ok
23:44:29.0117 4876  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:44:29.0148 4876  LanmanServer - ok
23:44:29.0164 4876  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:44:29.0195 4876  LanmanWorkstation - ok
23:44:29.0211 4876  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:44:29.0242 4876  lltdio - ok
23:44:29.0242 4876  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:44:29.0289 4876  lltdsvc - ok
23:44:29.0289 4876  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:44:29.0336 4876  lmhosts - ok
23:44:29.0336 4876  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:44:29.0351 4876  LMS - ok
23:44:29.0367 4876  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:44:29.0367 4876  LSI_FC - ok
23:44:29.0382 4876  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:44:29.0382 4876  LSI_SAS - ok
23:44:29.0398 4876  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:44:29.0398 4876  LSI_SAS2 - ok
23:44:29.0414 4876  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:44:29.0414 4876  LSI_SCSI - ok
23:44:29.0429 4876  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:44:29.0460 4876  luafv - ok
23:44:29.0460 4876  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:44:29.0476 4876  Mcx2Svc - ok
23:44:29.0492 4876  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:44:29.0492 4876  megasas - ok
23:44:29.0507 4876  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:44:29.0523 4876  MegaSR - ok
23:44:29.0523 4876  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:44:29.0554 4876  MMCSS - ok
23:44:29.0570 4876  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:44:29.0601 4876  Modem - ok
23:44:29.0601 4876  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:44:29.0616 4876  monitor - ok
23:44:29.0616 4876  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:44:29.0632 4876  mouclass - ok
23:44:29.0632 4876  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:44:29.0648 4876  mouhid - ok
23:44:29.0663 4876  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:44:29.0663 4876  mountmgr - ok
23:44:29.0679 4876  [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:44:29.0679 4876  MozillaMaintenance - ok
23:44:29.0694 4876  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:44:29.0694 4876  mpio - ok
23:44:29.0710 4876  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:44:29.0741 4876  mpsdrv - ok
23:44:29.0757 4876  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:44:29.0804 4876  MpsSvc - ok
23:44:29.0804 4876  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:44:29.0819 4876  MRxDAV - ok
23:44:29.0835 4876  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:44:29.0835 4876  mrxsmb - ok
23:44:29.0850 4876  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:44:29.0866 4876  mrxsmb10 - ok
23:44:29.0866 4876  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:44:29.0882 4876  mrxsmb20 - ok
23:44:29.0882 4876  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:44:29.0897 4876  msahci - ok
23:44:29.0897 4876  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:44:29.0913 4876  msdsm - ok
23:44:29.0913 4876  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:44:29.0928 4876  MSDTC - ok
23:44:29.0928 4876  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:44:29.0975 4876  Msfs - ok
23:44:29.0975 4876  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:44:30.0006 4876  mshidkmdf - ok
23:44:30.0022 4876  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:44:30.0022 4876  msisadrv - ok
23:44:30.0022 4876  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:44:30.0069 4876  MSiSCSI - ok
23:44:30.0069 4876  msiserver - ok
23:44:30.0069 4876  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:44:30.0116 4876  MSKSSRV - ok
23:44:30.0116 4876  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:44:30.0147 4876  MSPCLOCK - ok
23:44:30.0162 4876  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:44:30.0194 4876  MSPQM - ok
23:44:30.0209 4876  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:44:30.0225 4876  MsRPC - ok
23:44:30.0225 4876  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:44:30.0240 4876  mssmbios - ok
23:44:30.0240 4876  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:44:30.0272 4876  MSTEE - ok
23:44:30.0272 4876  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:44:30.0287 4876  MTConfig - ok
23:44:30.0287 4876  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:44:30.0303 4876  Mup - ok
23:44:30.0318 4876  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:44:30.0350 4876  napagent - ok
23:44:30.0365 4876  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:44:30.0381 4876  NativeWifiP - ok
23:44:30.0396 4876  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:44:30.0428 4876  NDIS - ok
23:44:30.0428 4876  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:44:30.0474 4876  NdisCap - ok
23:44:30.0474 4876  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:44:30.0506 4876  NdisTapi - ok
23:44:30.0521 4876  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:44:30.0552 4876  Ndisuio - ok
23:44:30.0552 4876  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:44:30.0599 4876  NdisWan - ok
23:44:30.0599 4876  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:44:30.0630 4876  NDProxy - ok
23:44:30.0646 4876  [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
23:44:30.0677 4876  Nero BackItUp Scheduler 3 - ok
23:44:30.0677 4876  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:44:30.0724 4876  NetBIOS - ok
23:44:30.0724 4876  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:44:30.0755 4876  NetBT - ok
23:44:30.0771 4876  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:44:30.0771 4876  Netlogon - ok
23:44:30.0786 4876  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:44:30.0818 4876  Netman - ok
23:44:30.0833 4876  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:44:30.0849 4876  NetMsmqActivator - ok
23:44:30.0849 4876  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:44:30.0849 4876  NetPipeActivator - ok
23:44:30.0864 4876  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:44:30.0911 4876  netprofm - ok
23:44:30.0911 4876  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:44:30.0927 4876  NetTcpActivator - ok
23:44:30.0927 4876  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:44:30.0942 4876  NetTcpPortSharing - ok
23:44:30.0942 4876  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:44:30.0958 4876  nfrd960 - ok
23:44:30.0958 4876  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:44:30.0974 4876  NlaSvc - ok
23:44:30.0989 4876  [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
23:44:31.0005 4876  NMIndexingService - ok
23:44:31.0005 4876  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:44:31.0052 4876  Npfs - ok
23:44:31.0052 4876  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:44:31.0083 4876  nsi - ok
23:44:31.0098 4876  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:44:31.0130 4876  nsiproxy - ok
23:44:31.0145 4876  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:44:31.0192 4876  Ntfs - ok
23:44:31.0192 4876  [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
23:44:31.0208 4876  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
23:44:31.0208 4876  NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
23:44:31.0208 4876  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
23:44:31.0223 4876  NTIDrvr - ok
23:44:31.0223 4876  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:44:31.0270 4876  Null - ok
23:44:31.0270 4876  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:44:31.0286 4876  nvraid - ok
23:44:31.0286 4876  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:44:31.0301 4876  nvstor - ok
23:44:31.0301 4876  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:44:31.0317 4876  nv_agp - ok
23:44:31.0332 4876  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:44:31.0348 4876  odserv - ok
23:44:31.0348 4876  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:44:31.0364 4876  ohci1394 - ok
23:44:31.0364 4876  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:44:31.0379 4876  ose - ok
23:44:31.0379 4876  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:44:31.0395 4876  p2pimsvc - ok
23:44:31.0410 4876  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:44:31.0426 4876  p2psvc - ok
23:44:31.0426 4876  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:44:31.0442 4876  Parport - ok
23:44:31.0442 4876  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:44:31.0457 4876  partmgr - ok
23:44:31.0457 4876  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:44:31.0488 4876  PcaSvc - ok
23:44:31.0488 4876  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
23:44:31.0504 4876  pccsmcfd - ok
23:44:31.0504 4876  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:44:31.0520 4876  pci - ok
23:44:31.0520 4876  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:44:31.0535 4876  pciide - ok
23:44:31.0535 4876  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:44:31.0551 4876  pcmcia - ok
23:44:31.0551 4876  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:44:31.0566 4876  pcw - ok
23:44:31.0582 4876  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:44:31.0613 4876  PEAUTH - ok
23:44:31.0644 4876  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:44:31.0644 4876  PerfHost - ok
23:44:31.0676 4876  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:44:31.0738 4876  pla - ok
23:44:31.0738 4876  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
23:44:31.0738 4876  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
23:44:31.0738 4876  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
23:44:31.0754 4876  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:44:31.0769 4876  PlugPlay - ok
23:44:31.0769 4876  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:44:31.0785 4876  PNRPAutoReg - ok
23:44:31.0785 4876  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:44:31.0800 4876  PNRPsvc - ok
23:44:31.0816 4876  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:44:31.0847 4876  PolicyAgent - ok
23:44:31.0863 4876  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:44:31.0894 4876  Power - ok
23:44:31.0910 4876  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:44:31.0941 4876  PptpMiniport - ok
23:44:31.0941 4876  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:44:31.0956 4876  Processor - ok
23:44:31.0972 4876  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:44:31.0972 4876  ProfSvc - ok
23:44:31.0988 4876  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:44:31.0988 4876  ProtectedStorage - ok
23:44:32.0003 4876  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:44:32.0034 4876  Psched - ok
23:44:32.0050 4876  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:44:32.0097 4876  ql2300 - ok
23:44:32.0097 4876  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:44:32.0112 4876  ql40xx - ok
23:44:32.0112 4876  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:44:32.0144 4876  QWAVE - ok
23:44:32.0144 4876  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:44:32.0159 4876  QWAVEdrv - ok
23:44:32.0159 4876  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
23:44:32.0175 4876  RapiMgr - ok
23:44:32.0175 4876  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:44:32.0222 4876  RasAcd - ok
23:44:32.0222 4876  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:44:32.0253 4876  RasAgileVpn - ok
23:44:32.0268 4876  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:44:32.0300 4876  RasAuto - ok
23:44:32.0315 4876  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:44:32.0346 4876  Rasl2tp - ok
23:44:32.0346 4876  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:44:32.0393 4876  RasMan - ok
23:44:32.0393 4876  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:44:32.0440 4876  RasPppoe - ok
23:44:32.0440 4876  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:44:32.0471 4876  RasSstp - ok
23:44:32.0487 4876  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:44:32.0518 4876  rdbss - ok
23:44:32.0534 4876  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:44:32.0534 4876  rdpbus - ok
23:44:32.0549 4876  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:44:32.0580 4876  RDPCDD - ok
23:44:32.0580 4876  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:44:32.0627 4876  RDPENCDD - ok
23:44:32.0627 4876  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:44:32.0658 4876  RDPREFMP - ok
23:44:32.0674 4876  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:44:32.0690 4876  RDPWD - ok
23:44:32.0690 4876  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:44:32.0705 4876  rdyboost - ok
23:44:32.0705 4876  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:44:32.0752 4876  RemoteAccess - ok
23:44:32.0752 4876  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:44:32.0799 4876  RemoteRegistry - ok
23:44:32.0799 4876  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:44:32.0814 4876  RFCOMM - ok
23:44:32.0814 4876  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:44:32.0861 4876  RpcEptMapper - ok
23:44:32.0861 4876  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:44:32.0877 4876  RpcLocator - ok
23:44:32.0877 4876  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
23:44:32.0924 4876  RpcSs - ok
23:44:32.0924 4876  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:44:32.0970 4876  rspndr - ok
23:44:32.0970 4876  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
23:44:32.0986 4876  SamSs - ok
23:44:32.0986 4876  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:44:33.0002 4876  SASDIFSV - ok
23:44:33.0002 4876  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:44:33.0017 4876  SASKUTIL - ok
23:44:33.0017 4876  [ AD7D7EE3721A777B6129B68C224F66EE ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
23:44:33.0033 4876  SbieDrv - ok
23:44:33.0048 4876  [ 66940B073683DA5255B0D7516177A976 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
23:44:33.0048 4876  SbieSvc - ok
23:44:33.0064 4876  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:44:33.0064 4876  sbp2port - ok
23:44:33.0080 4876  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:44:33.0111 4876  SCardSvr - ok
23:44:33.0126 4876  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:44:33.0158 4876  scfilter - ok
23:44:33.0173 4876  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:44:33.0220 4876  Schedule - ok
23:44:33.0220 4876  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:44:33.0251 4876  SCPolicySvc - ok
23:44:33.0267 4876  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:44:33.0282 4876  SDRSVC - ok
23:44:33.0282 4876  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:44:33.0314 4876  secdrv - ok
23:44:33.0329 4876  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:44:33.0360 4876  seclogon - ok
23:44:33.0360 4876  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
23:44:33.0407 4876  SENS - ok
23:44:33.0407 4876  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:44:33.0423 4876  SensrSvc - ok
23:44:33.0423 4876  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:44:33.0438 4876  Serenum - ok
23:44:33.0438 4876  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:44:33.0454 4876  Serial - ok
23:44:33.0454 4876  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:44:33.0470 4876  sermouse - ok
23:44:33.0485 4876  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
23:44:33.0501 4876  ServiceLayer - ok
23:44:33.0516 4876  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:44:33.0548 4876  SessionEnv - ok
23:44:33.0563 4876  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:44:33.0563 4876  sffdisk - ok
23:44:33.0579 4876  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:44:33.0579 4876  sffp_mmc - ok
23:44:33.0594 4876  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:44:33.0610 4876  sffp_sd - ok
23:44:33.0610 4876  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:44:33.0626 4876  sfloppy - ok
23:44:33.0626 4876  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:44:33.0672 4876  SharedAccess - ok
23:44:33.0672 4876  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:44:33.0719 4876  ShellHWDetection - ok
23:44:33.0719 4876  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:44:33.0735 4876  SiSRaid2 - ok
23:44:33.0735 4876  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:44:33.0750 4876  SiSRaid4 - ok
23:44:33.0750 4876  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:44:33.0766 4876  SkypeUpdate - ok
23:44:33.0766 4876  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:44:33.0813 4876  Smb - ok
23:44:33.0813 4876  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:44:33.0828 4876  SNMPTRAP - ok
23:44:33.0828 4876  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:44:33.0844 4876  spldr - ok
23:44:33.0860 4876  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
23:44:33.0875 4876  Spooler - ok
23:44:33.0922 4876  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:44:34.0000 4876  sppsvc - ok
23:44:34.0000 4876  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:44:34.0047 4876  sppuinotify - ok
23:44:34.0047 4876  sptd - ok
23:44:34.0062 4876  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:44:34.0078 4876  srv - ok
23:44:34.0078 4876  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:44:34.0094 4876  srv2 - ok
23:44:34.0109 4876  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:44:34.0125 4876  srvnet - ok
23:44:34.0125 4876  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:44:34.0172 4876  SSDPSRV - ok
23:44:34.0172 4876  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:44:34.0203 4876  SstpSvc - ok
23:44:34.0218 4876  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:44:34.0218 4876  stexstor - ok
23:44:34.0234 4876  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:44:34.0265 4876  stisvc - ok
23:44:34.0265 4876  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:44:34.0281 4876  swenum - ok
23:44:34.0281 4876  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:44:34.0328 4876  swprv - ok
23:44:34.0343 4876  [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:44:34.0359 4876  SynTP - ok
23:44:34.0374 4876  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:44:34.0421 4876  SysMain - ok
23:44:34.0421 4876  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:44:34.0437 4876  TabletInputService - ok
23:44:34.0452 4876  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:44:34.0484 4876  TapiSrv - ok
23:44:34.0484 4876  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:44:34.0530 4876  TBS - ok
23:44:34.0546 4876  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:44:34.0593 4876  Tcpip - ok
23:44:34.0624 4876  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:44:34.0655 4876  TCPIP6 - ok
23:44:34.0671 4876  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:44:34.0671 4876  tcpipreg - ok
23:44:34.0686 4876  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:44:34.0702 4876  TDPIPE - ok
23:44:34.0702 4876  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:44:34.0718 4876  TDTCP - ok
23:44:34.0718 4876  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:44:34.0749 4876  tdx - ok
23:44:34.0764 4876  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:44:34.0764 4876  TermDD - ok
23:44:34.0780 4876  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:44:34.0827 4876  TermService - ok
23:44:34.0827 4876  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:44:34.0842 4876  Themes - ok
23:44:34.0858 4876  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:44:34.0889 4876  THREADORDER - ok
23:44:34.0889 4876  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:44:34.0936 4876  TrkWks - ok
23:44:34.0936 4876  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
23:44:34.0952 4876  truecrypt - ok
23:44:34.0952 4876  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:44:34.0998 4876  TrustedInstaller - ok
23:44:34.0998 4876  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:44:35.0045 4876  tssecsrv - ok
23:44:35.0045 4876  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:44:35.0061 4876  TsUsbFlt - ok
23:44:35.0061 4876  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:44:35.0092 4876  tunnel - ok
23:44:35.0108 4876  [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW32        C:\Windows\system32\DRIVERS\TVICHW32.SYS
23:44:35.0123 4876  TVICHW32 - ok
23:44:35.0123 4876  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:44:35.0139 4876  uagp35 - ok
23:44:35.0139 4876  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:44:35.0154 4876  UBHelper - ok
23:44:35.0154 4876  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:44:35.0201 4876  udfs - ok
23:44:35.0201 4876  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:44:35.0217 4876  UI0Detect - ok
23:44:35.0217 4876  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:44:35.0232 4876  uliagpkx - ok
23:44:35.0232 4876  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:44:35.0248 4876  umbus - ok
23:44:35.0248 4876  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:44:35.0264 4876  UmPass - ok
23:44:35.0295 4876  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:44:35.0342 4876  UNS - ok
23:44:35.0357 4876  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:44:35.0373 4876  Updater Service - ok
23:44:35.0373 4876  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:44:35.0420 4876  upnphost - ok
23:44:35.0420 4876  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:44:35.0435 4876  usbaudio - ok
23:44:35.0451 4876  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:44:35.0466 4876  usbccgp - ok
23:44:35.0466 4876  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:44:35.0482 4876  usbcir - ok
23:44:35.0482 4876  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:44:35.0498 4876  usbehci - ok
23:44:35.0498 4876  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:44:35.0513 4876  usbhub - ok
23:44:35.0529 4876  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:44:35.0544 4876  usbohci - ok
23:44:35.0544 4876  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:44:35.0560 4876  usbprint - ok
23:44:35.0560 4876  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:44:35.0576 4876  usbscan - ok
23:44:35.0576 4876  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:44:35.0591 4876  USBSTOR - ok
23:44:35.0591 4876  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:44:35.0607 4876  usbuhci - ok
23:44:35.0607 4876  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:44:35.0622 4876  usbvideo - ok
23:44:35.0638 4876  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
23:44:35.0638 4876  usb_rndisx - ok
23:44:35.0654 4876  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:44:35.0685 4876  UxSms - ok
23:44:35.0685 4876  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:44:35.0700 4876  VaultSvc - ok
23:44:35.0700 4876  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:44:35.0716 4876  vdrvroot - ok
23:44:35.0716 4876  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:44:35.0763 4876  vds - ok
23:44:35.0763 4876  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:44:35.0778 4876  vga - ok
23:44:35.0794 4876  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:44:35.0825 4876  VgaSave - ok
23:44:35.0825 4876  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:44:35.0841 4876  vhdmp - ok
23:44:35.0841 4876  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:44:35.0856 4876  viaide - ok
23:44:35.0856 4876  [ 21C96AA588D3993191761A08DBAABB15 ] vmm             C:\Windows\system32\Drivers\vmm.sys
23:44:35.0872 4876  vmm - ok
23:44:35.0888 4876  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:44:35.0888 4876  volmgr - ok
23:44:35.0903 4876  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:44:35.0919 4876  volmgrx - ok
23:44:35.0919 4876  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:44:35.0934 4876  volsnap - ok
23:44:35.0950 4876  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:44:35.0950 4876  vsmraid - ok
23:44:35.0981 4876  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:44:36.0028 4876  VSS - ok
23:44:36.0044 4876  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:44:36.0044 4876  vwifibus - ok
23:44:36.0059 4876  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:44:36.0075 4876  vwififlt - ok
23:44:36.0075 4876  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:44:36.0090 4876  vwifimp - ok
23:44:36.0106 4876  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:44:36.0137 4876  W32Time - ok
23:44:36.0153 4876  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:44:36.0153 4876  WacomPen - ok
23:44:36.0168 4876  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:44:36.0200 4876  WANARP - ok
23:44:36.0200 4876  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:44:36.0246 4876  Wanarpv6 - ok
23:44:36.0262 4876  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:44:36.0293 4876  WatAdminSvc - ok
23:44:36.0309 4876  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:44:36.0340 4876  wbengine - ok
23:44:36.0356 4876  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:44:36.0371 4876  WbioSrvc - ok
23:44:36.0387 4876  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
23:44:36.0402 4876  WcesComm - ok
23:44:36.0402 4876  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:44:36.0434 4876  wcncsvc - ok
23:44:36.0434 4876  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:44:36.0449 4876  WcsPlugInService - ok
23:44:36.0449 4876  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:44:36.0465 4876  Wd - ok
23:44:36.0480 4876  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:44:36.0496 4876  Wdf01000 - ok
23:44:36.0512 4876  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:44:36.0543 4876  WdiServiceHost - ok
23:44:36.0543 4876  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:44:36.0558 4876  WdiSystemHost - ok
23:44:36.0558 4876  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
23:44:36.0590 4876  WebClient - ok
23:44:36.0590 4876  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:44:36.0636 4876  Wecsvc - ok
23:44:36.0636 4876  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:44:36.0668 4876  wercplsupport - ok
23:44:36.0683 4876  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:44:36.0714 4876  WerSvc - ok
23:44:36.0714 4876  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:44:36.0761 4876  WfpLwf - ok
23:44:36.0761 4876  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:44:36.0761 4876  WIMMount - ok
23:44:36.0777 4876  WinDefend - ok
23:44:36.0777 4876  WinHttpAutoProxySvc - ok
23:44:36.0792 4876  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:44:36.0824 4876  Winmgmt - ok
23:44:36.0855 4876  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
23:44:36.0917 4876  WinRM - ok
23:44:36.0933 4876  [ FE88B288356E7B47B74B13372ADD906D ] WINUSB          C:\Windows\system32\DRIVERS\WinUsb.sys
23:44:36.0948 4876  WINUSB - ok
23:44:36.0964 4876  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:44:36.0995 4876  Wlansvc - ok
23:44:36.0995 4876  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:44:37.0011 4876  WmiAcpi - ok
23:44:37.0011 4876  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:44:37.0026 4876  wmiApSrv - ok
23:44:37.0026 4876  WMPNetworkSvc - ok
23:44:37.0042 4876  [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
23:44:37.0058 4876  WMZuneComm - ok
23:44:37.0058 4876  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:44:37.0073 4876  WPCSvc - ok
23:44:37.0073 4876  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:44:37.0089 4876  WPDBusEnum - ok
23:44:37.0104 4876  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:44:37.0136 4876  ws2ifsl - ok
23:44:37.0136 4876  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:44:37.0167 4876  wscsvc - ok
23:44:37.0167 4876  WSearch - ok
23:44:37.0198 4876  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:44:37.0260 4876  wuauserv - ok
23:44:37.0260 4876  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:44:37.0276 4876  WudfPf - ok
23:44:37.0276 4876  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:44:37.0292 4876  WUDFRd - ok
23:44:37.0292 4876  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:44:37.0307 4876  wudfsvc - ok
23:44:37.0307 4876  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:44:37.0338 4876  WwanSvc - ok
23:44:37.0416 4876  [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
23:44:37.0588 4876  ZuneNetworkSvc - ok
23:44:37.0588 4876  [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
23:44:37.0619 4876  ZuneWlanCfgSvc - ok
23:44:37.0635 4876  ================ Scan global ===============================
23:44:37.0635 4876  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:44:37.0635 4876  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:44:37.0650 4876  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
23:44:37.0650 4876  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:44:37.0666 4876  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:44:37.0666 4876  [Global] - ok
23:44:37.0666 4876  ================ Scan MBR ==================================
23:44:37.0666 4876  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:44:37.0822 4876  \Device\Harddisk0\DR0 - ok
23:44:37.0822 4876  ================ Scan VBR ==================================
23:44:37.0838 4876  [ 62284B99F8EE80310C00D515C8CB6945 ] \Device\Harddisk0\DR0\Partition1
23:44:37.0838 4876  \Device\Harddisk0\DR0\Partition1 - ok
23:44:37.0838 4876  [ 006AEFC3A3C44989BD48C9F797BA4F9A ] \Device\Harddisk0\DR0\Partition2
23:44:37.0838 4876  \Device\Harddisk0\DR0\Partition2 - ok
23:44:37.0838 4876  [ 6EBF94B95567727EF3747BD69E8A2739 ] \Device\Harddisk0\DR0\Partition3
23:44:37.0838 4876  \Device\Harddisk0\DR0\Partition3 - ok
23:44:37.0853 4876  [ 7759F90377B5FD6EAC3092BE35E6C9FC ] \Device\Harddisk0\DR0\Partition4
23:44:37.0853 4876  \Device\Harddisk0\DR0\Partition4 - ok
23:44:37.0853 4876  ============================================================
23:44:37.0853 4876  Scan finished
23:44:37.0853 4876  ============================================================
23:44:37.0853 1132  Detected object count: 6
23:44:37.0853 1132  Actual detected object count: 6
23:45:15.0824 1132  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:15.0824 1132  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:45:15.0824 1132  AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:15.0824 1132  AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:45:15.0839 1132  AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:15.0839 1132  AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:45:15.0839 1132  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:15.0839 1132  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:45:15.0839 1132  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:15.0839 1132  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:45:15.0839 1132  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:45:15.0839 1132  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
hatte ich am Anfang vergessen zu posten: defogger_disable-log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:38 on 30/11/2012 (Zaphod Beeblebrox)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         


Alt 30.11.2012, 23:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Unauffällig. Entweder Fehlalarm oder du hast zB nur harmlose aber nervige Adware drauf.

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
--> Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image

Alt 01.12.2012, 08:43   #7
Yauser
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



mmh, auch nix...

adwcleaner:
Code:
ATTFilter
[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0 (de)

Profilname : default 
Datei : C:\Users\Zaphod Beeblebrox\AppData\Roaming\Mozilla\Firefox\Profiles\dybah3xe.default\prefs.js

Gefunden : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2504091.CTID", "CT2504091");
Gefunden : user_pref("CT2504091.CurrentServerDate", "30-11-2010");
Gefunden : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2504091.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2504091.EMailNotifierPollDate", "Tue Nov 30 2010 20:13:13 GMT+0100");
Gefunden : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Gefunden : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Nov 30 2010 20:13:14 GMT+0100");
Gefunden : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Nov 30 2010 20:13:14 GMT+0100");
Gefunden : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gefunden : user_pref("CT2504091.FirstServerDate", "30-11-2010");
Gefunden : user_pref("CT2504091.FirstTime", true);
Gefunden : user_pref("CT2504091.FirstTimeFF3", true);
Gefunden : user_pref("CT2504091.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2504091.Initialize", true);
Gefunden : user_pref("CT2504091.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2504091.InstalledDate", "Tue Nov 30 2010 20:13:13 GMT+0100");
Gefunden : user_pref("CT2504091.IsGrouping", false);
Gefunden : user_pref("CT2504091.IsMulticommunity", false);
Gefunden : user_pref("CT2504091.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2504091.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Nov 30 2010 20:13:18 GMT+0100");
Gefunden : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2504091.LastLogin_2.7.2.0", "Tue Nov 30 2010 20:13:15 GMT+0100");
Gefunden : user_pref("CT2504091.LatestVersion", "2.6.0.14");
Gefunden : user_pref("CT2504091.Locale", "en-us");
Gefunden : user_pref("CT2504091.LoginCache", 4);
Gefunden : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gefunden : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Nov 30 2010 20:13:16 GMT+0100");
Gefunden : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2504091.SettingsLastCheckTime", "Tue Nov 30 2010 20:13:11 GMT+0100");
Gefunden : user_pref("CT2504091.SettingsLastUpdate", "1289439748");
Gefunden : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Nov 30 2010 20:13:11 GMT+0100");
Gefunden : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Gefunden : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2504091.Uninstall", true);
Gefunden : user_pref("CT2504091.UserID", "UN79855432959269888");
Gefunden : user_pref("CT2504091.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2504091.alertChannelId", "897164");
Gefunden : user_pref("CT2504091.clientLogIsEnabled", false);
Gefunden : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2504091.myStuffEnabled", true);
Gefunden : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gefunden : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
Gefunden : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
Gefunden : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Gefunden : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
Gefunden : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
Gefunden : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Gefunden : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");
Gefunden : user_pref("vshare.install.fresh", "true");

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ll4yj7w5.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Zaphod Beeblebrox\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [9121 octets] - [01/12/2012 09:33:55]

########## EOF - C:\AdwCleaner[R2].txt - [9181 octets] ##########
         

den "deployer.exe"-Fund von Malwarebytes kann ich dann beruhigt betrachten?

Alt 03.12.2012, 08:54   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.12.2012, 12:32   #9
Yauser
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



AdwCleaner[S1].txt:

Code:
ATTFilter
# AdwCleaner v2.011 - Datei am 03/12/2012 um 12:57:51 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Zaphod Beeblebrox - ZAPLAP
# Bootmodus : Normal
# Ausgeführt unter : D:\_Tools_\System\Virenscan etc\Trojaner-Board-Scan\C1 AdwCleaner2.0.11.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Zaphod Beeblebrox\AppData\Roaming\Mozilla\Firefox\Profiles\dybah3xe.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\Program Files (x86)\Vuze_Remote
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Zaphod Beeblebrox\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Zaphod Beeblebrox\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\Zaphod Beeblebrox\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Vuze_Remote
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\RewardsArcade
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5FDEDE80-76F3-42AE-9AAA-F39A5A48EF91}
Schlüssel Gelöscht : HKLM\Software\Vuze_Remote
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3B58CC7-862F-4FC0-B611-CB4428B62728}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Zaphod Beeblebrox\AppData\Roaming\Mozilla\Firefox\Profiles\dybah3xe.default\prefs.js

C:\Users\Zaphod Beeblebrox\AppData\Roaming\Mozilla\Firefox\Profiles\dybah3xe.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "30-11-2010");
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Tue Nov 30 2010 20:13:13 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Nov 30 2010 20:13:14 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Nov 30 2010 20:13:14 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "30-11-2010");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2504091.InstalledDate", "Tue Nov 30 2010 20:13:13 GMT+0100");
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Nov 30 2010 20:13:18 GMT+0100");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_2.7.2.0", "Tue Nov 30 2010 20:13:15 GMT+0100");
Gelöscht : user_pref("CT2504091.LatestVersion", "2.6.0.14");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.LoginCache", 4);
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Nov 30 2010 20:13:16 GMT+0100");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Tue Nov 30 2010 20:13:11 GMT+0100");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1289439748");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Tue Nov 30 2010 20:13:11 GMT+0100");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2504091.Uninstall", true);
Gelöscht : user_pref("CT2504091.UserID", "UN79855432959269888");
Gelöscht : user_pref("CT2504091.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gelöscht : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
Gelöscht : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Gelöscht : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");
Gelöscht : user_pref("vshare.install.fresh", "true");

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ll4yj7w5.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Zaphod Beeblebrox\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8729 octets] - [03/12/2012 12:55:47]
AdwCleaner[S1].txt - [8646 octets] - [03/12/2012 12:57:51]

########## EOF - C:\AdwCleaner[S1].txt - [8706 octets] ##########
         

OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.12.2012 13:05:47 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zaphod Beeblebrox\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,68 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 77,62% Memory free
15,35 Gb Paging File | 13,45 Gb Available in Paging File | 87,65% Paging File free
Paging file location(s): c:\pagefile.sys 7860 7860 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109,94 Gb Total Space | 35,99 Gb Free Space | 32,74% Space Free | Partition Type: NTFS
Drive D: | 180,00 Gb Total Space | 25,85 Gb Free Space | 14,36% Space Free | Partition Type: NTFS
Drive E: | 180,00 Gb Total Space | 27,84 Gb Free Space | 15,47% Space Free | Partition Type: NTFS
Drive J: | 29,80 Gb Total Space | 20,69 Gb Free Space | 69,41% Space Free | Partition Type: FAT32
 
Computer Name: ZAPLAP | User Name: Zaphod Beeblebrox | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Zaphod Beeblebrox\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (TVICHW32) -- C:\Windows\SysNative\drivers\TVicHW32.sys (EnTech Taiwan)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (AVerAF35) -- C:\Windows\SysNative\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Ext2Fsd) -- C:\Windows\SysNative\drivers\ext2fsd.sys (www.ext2fsd.com)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (TVICHW32) -- C:\Windows\SysWOW64\drivers\TVicHW32.sys (EnTech Taiwan)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=273606107106l0498z105t5561m894
IE - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/jugendbuero.deutzpoll/events#!/
IE - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: undoclosedtabsbutton%40supernova00.biz:3.7.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.3
FF - prefs.js..extensions.enabledAddons: %7B477c4c36-24eb-11da-94d4-00e08161165f%7D:3.1.2
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.23
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.3rc4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.8.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.71
FF - prefs.js..network.proxy.ftp_port: 3124
FF - prefs.js..network.proxy.http: "46.19.137.150"
FF - prefs.js..network.proxy.http_port: 8081
FF - prefs.js..network.proxy.network.proxy.socks_remote_dns: 1
FF - prefs.js..network.proxy.socks_port: 3124
FF - prefs.js..network.proxy.ssl_port: 3124
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Zaphod Beeblebrox\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.04.17 22:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.02 12:53:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 12:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.02 12:53:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 12:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.03 15:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.04 14:29:35 | 000,000,000 | ---D | M]
 
[2010.07.01 10:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Extensions
[2010.07.01 10:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.28 19:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions
[2012.11.09 15:18:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.06.26 10:44:22 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.10.21 18:25:21 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012.11.22 00:38:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\Firefox\Profiles\dybah3xe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.05 11:49:26 | 000,040,179 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\undoclosedtabsbutton@supernova00.biz.xpi
[2012.11.21 23:44:34 | 000,472,387 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi
[2012.09.18 18:55:44 | 000,173,194 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi
[2011.11.20 23:19:28 | 000,031,905 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi
[2012.11.28 19:25:35 | 000,530,852 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.10.30 20:30:30 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.01.04 14:21:57 | 000,002,419 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\englische-ergebnisse.xml
[2012.01.04 14:21:56 | 000,010,525 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\gmx-suche.xml
[2012.01.04 14:21:57 | 000,002,457 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\lastminute.xml
[2012.01.04 14:21:56 | 000,005,508 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\mozilla\firefox\profiles\dybah3xe.default\searchplugins\webde-suche.xml
[2012.12.02 12:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.02 12:53:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.02 12:53:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.02 12:53:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.02 12:53:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.04 14:29:33 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.16 22:53:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 19:30:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.16 22:53:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.16 22:53:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.16 22:53:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.16 22:53:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.12.04 23:39:38 | 000,438,845 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15092 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
O4 - Startup: C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]
O7 - HKU\S-1-5-21-3694723136-1128612256-4147537267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04A1671E-BD0A-45CF-954E-0FA8DBA699BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297C9031-B076-4D86-AA9B-964E4D51F775}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CF32D8B-27F6-4AD5-BA4C-30BB3AEDBA5B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{880AEA31-B3A4-4528-852B-DCD024DF1ED0}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB8AD0BA-3E4F-4B8D-99F2-77870BD888B3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\tools\shelexec.exe html\index.htm
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.03 13:03:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zaphod Beeblebrox\Desktop\OTL.exe
[2012.12.03 13:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.12.02 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\Zaphod Beeblebrox\Desktop\BL 11
[2012.12.02 12:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.16 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012.11.15 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\Zaphod Beeblebrox\Desktop\Idole
[2012.11.14 21:33:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 21:33:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 21:33:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 21:33:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 21:33:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 21:33:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 21:33:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 21:33:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.14 21:33:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 21:33:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 21:33:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 21:33:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 21:33:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 21:33:03 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 21:33:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 21:23:57 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 21:23:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.14 21:20:21 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.14 21:20:21 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.14 21:20:21 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.14 21:20:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 15:49:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.14 15:49:44 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.14 15:49:44 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.14 15:49:44 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.14 15:49:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.14 15:49:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.14 15:49:41 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.11.14 15:49:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.11.14 15:49:40 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.14 15:49:40 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.14 15:49:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.14 15:49:33 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.14 15:49:33 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.09 20:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
[2012.11.06 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.03 13:06:40 | 000,017,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 13:06:40 | 000,017,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.03 12:59:44 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.03 12:59:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.03 12:59:06 | 1886,719,999 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.03 12:35:08 | 031,281,152 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\filesync.metadata
[2012.12.03 12:27:09 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.01 23:34:34 | 000,000,505 | ---- | M] () -- C:\Windows\vuepro32.ini
[2012.12.01 19:12:26 | 001,622,172 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.01 19:12:26 | 000,702,348 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.01 19:12:26 | 000,656,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.01 19:12:26 | 000,150,152 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.01 19:12:26 | 000,122,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.30 13:38:59 | 000,000,020 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\defogger_reenable
[2012.11.28 12:20:41 | 000,043,200 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\Desktop\2203.pdf
[2012.11.25 12:35:45 | 000,112,128 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.15 19:29:36 | 003,263,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.15 18:02:49 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.15 18:02:49 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.14 15:35:39 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.14 15:35:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.09 20:27:29 | 000,001,189 | ---- | M] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.30 13:38:59 | 000,000,020 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\defogger_reenable
[2012.11.28 13:38:36 | 000,043,200 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\Desktop\2203.pdf
[2012.11.14 21:23:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 21:20:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.09 20:27:29 | 000,001,189 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
[2012.10.12 15:19:02 | 000,000,288 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\.backup.dm
[2012.10.10 13:16:46 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2012.09.26 21:43:08 | 000,001,024 | ---- | C] () -- C:\Windows\VueIcons.ini
[2012.08.20 00:55:08 | 000,000,218 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\.recently-used.xbel
[2012.05.17 13:45:36 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2012.05.17 13:45:36 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2012.05.17 13:45:34 | 000,614,400 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2012.05.17 13:45:34 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2012.05.17 13:45:34 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2012.05.17 13:45:34 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2012.05.17 13:45:34 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2012.05.17 13:45:34 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2012.05.17 13:45:34 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll
[2012.04.17 01:07:15 | 001,646,530 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.03 10:30:49 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.12.22 22:36:15 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2011.12.08 00:09:40 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2011.11.21 17:33:58 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.11.03 21:54:18 | 000,081,920 | ---- | C] () -- C:\Program Files (x86)\MPEG4Modifier.exe
[2011.08.29 14:25:44 | 000,000,939 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2011.08.29 14:25:39 | 000,001,096 | ---- | C] () -- C:\Windows\cm108.ini
[2011.04.29 10:43:02 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.04.29 10:40:18 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.04.29 10:40:17 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.04.29 10:40:17 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.04.29 10:40:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.07 09:59:58 | 000,199,630 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\HTC HD2 (Leo).pdf
[2011.03.24 13:04:04 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.03.24 13:02:58 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.03.18 21:23:41 | 000,038,444 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.03.18 21:22:14 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.18 21:20:48 | 000,038,451 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.02.06 01:48:43 | 000,000,323 | ---- | C] () -- C:\Windows\doom3.ini
[2011.01.27 01:33:12 | 000,030,247 | ---- | C] () -- C:\Windows\scunin.dat
[2011.01.25 22:17:49 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011.01.20 00:15:08 | 000,000,562 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\AutoGK.ini
[2010.12.29 22:20:01 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini
[2010.11.01 13:39:52 | 002,089,892 | -H-- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\IconCache - Kopie.db
[2010.09.14 23:43:26 | 000,000,114 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\default.pls
[2010.07.26 19:37:55 | 000,024,091 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Roaming\UserTile.png
[2010.07.02 12:26:33 | 031,281,152 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\filesync.metadata
[2010.06.30 22:08:51 | 000,112,128 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.29 12:42:46 | 000,001,024 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\.rnd
[2010.06.29 12:04:39 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.06.28 17:56:53 | 000,007,593 | ---- | C] () -- C:\Users\Zaphod Beeblebrox\AppData\Local\resmon.resmoncfg
[2010.03.24 21:16:42 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2

< End of report >
         
--- --- ---

Alt 03.12.2012, 12:36   #10
Yauser
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Extras.txt:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.12.2012 13:05:47 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zaphod Beeblebrox\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,68 Gb Total Physical Memory | 5,96 Gb Available Physical Memory | 77,62% Memory free
15,35 Gb Paging File | 13,45 Gb Available in Paging File | 87,65% Paging File free
Paging file location(s): c:\pagefile.sys 7860 7860 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109,94 Gb Total Space | 35,99 Gb Free Space | 32,74% Space Free | Partition Type: NTFS
Drive D: | 180,00 Gb Total Space | 25,85 Gb Free Space | 14,36% Space Free | Partition Type: NTFS
Drive E: | 180,00 Gb Total Space | 27,84 Gb Free Space | 15,47% Space Free | Partition Type: NTFS
Drive J: | 29,80 Gb Total Space | 20,69 Gb Free Space | 69,41% Space Free | Partition Type: FAT32
 
Computer Name: ZAPLAP | User Name: Zaphod Beeblebrox | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3694723136-1128612256-4147537267-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034264A7-2412-404F-BF4C-F79521CB38FC}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0A52D5DF-B9D0-475E-B0E7-C2BE52A7C0A4}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe | 
"{0BB682BB-CD09-4F0A-8532-167B39CD1C05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0DDB4636-5E68-4E0C-BEF8-17F16174D85C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1277EA40-B64A-4132-87F5-834358ED6711}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1B5F2BF9-F6A6-4FCB-A780-C7A71F6A21B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1D56F24E-6A5C-47D2-8BBB-98EA4006609B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E3EC0E4-0E37-4C2B-A750-7D393945F411}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2224CDAD-1B41-4280-A644-71E4C7FE8205}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{289B6D58-515F-42F1-A5E6-AD62C148AFC4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{30E7A000-EF82-4902-B583-F3D27B3FE424}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3132D4E1-2B7E-4525-8261-A0C5496F5374}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{31C09E4A-FF07-4C54-9890-AE70115699AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39D4DB6A-03BA-4DDA-8866-2E1214A983FD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3DC7383A-82D4-4C43-A849-FA85688E61FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F0F0141-0195-4A03-8253-CC3B03186209}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{43398724-9B80-478B-9206-CCCB552D7DED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{44823AEF-732F-4B89-BC93-785752EE106E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{47AF42D1-239A-4A63-A05C-FF3E242F4809}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{493D9BBE-3446-4677-8835-00B757A65F2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{49412C54-BE47-41B0-9DCE-BB77ECE99130}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{4A88EFB5-19FD-47E7-A233-1712A2AF9878}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{513E1E3B-0BA3-43B6-8CB2-B6A13D63D82E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{51CBC7C2-CE8F-4531-A485-201D341BD5F5}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{52267AD8-443E-4664-AA65-2EFA4F592527}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{545C202D-1C6F-4425-8EA9-F65FE572C4ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5A71FD81-0092-4466-AA74-AC660C209C59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6423C945-5361-43E7-84B9-25E22F76AF38}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{67766732-4F4C-49F7-94BA-D2F640EC9CCA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{67CB61AE-2B7D-4A05-9D69-9ED4CC8E27BA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A780EB3-7C1A-4A52-9E56-D63FE48ED5B2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{6BB97575-8591-479A-8E3B-2EF45D1D1760}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6E366220-8A33-4185-8487-8E8BF3DAE941}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{72821AAA-A54E-4255-BF3B-EF8779D246D4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{75A32C2A-2AEB-4573-9A5C-528F7AEDC24A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{76A435EB-ED82-4532-A698-3754772127CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{76E2F105-4933-4388-AD9C-94149CE63337}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A444523-2B39-4C49-84F0-1643CBC47FC4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{7BAC1227-9239-4548-8B3D-1E7B5F7105FB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{82F54200-CF26-4E93-B8D5-53E4C6130757}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8C7C69ED-D09D-4D9F-90E2-DF878099AB98}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{902D10BE-971E-4F5F-9FEE-38FC517F0F53}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{989CC84F-D843-40F1-9CBF-7839A9A05C22}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A21301B3-3DDF-4079-A289-13D412F441E0}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe | 
"{A488F1BD-F3BD-4BA6-B546-B6505CCBB10C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A9BD4C97-8969-4951-96DC-1943ED3B1598}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE1F5D9C-ED1B-445E-B8F6-5008363EE512}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AE5AEE17-E725-49BF-B560-AD87771EE635}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA25CF8E-DF56-41BC-B91F-E372ED4610F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C1AB6A5F-A642-404D-9308-FE859C60DEB1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C31E9BF8-8C7B-476C-874D-7284C82CBB87}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C572BC8C-F5D8-4305-B452-487E1A82A42A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{C6A26134-72FB-415D-B80A-D84AF2405069}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D275342A-DDE1-424A-9619-A63AB03DF054}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2A00C89-2AB5-4401-A578-DBB1C7CB2FA3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D8E5DD6E-776A-4571-BCBF-B52F11F50873}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{DBB2C31B-E196-4EAE-AEAB-8C0AA6783B66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DE48DAAA-28A9-4B6D-9131-0C855645B560}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E42FC509-0631-467B-962B-2A5776A52FD0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ECB8129C-80A8-4ADA-A2F5-86FD2F8F4FC6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0D13FE5-BF5D-4119-B8E6-F159AB170342}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F26E4954-3D40-4476-A708-5963363F4C65}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F35DE395-2C6C-41FB-9A3D-DDD14B15C9B6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F9AF9C22-D172-4AC1-8E3A-16CDE6CDB204}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD8C38EB-E835-472D-AEDD-80E07C0F89BF}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02720650-D256-4E40-8B66-CDD26EAE4F52}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0BD98EDA-AF49-4A38-BFAE-38EC5EF26536}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0C79FD39-3D6E-4281-8470-573CD4BF8CEE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0CB10E73-0C88-4B63-A3CC-148B12848761}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{134106F2-F3E7-43CD-88F6-A3BDFDF706FC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{15FE703C-7702-4C05-A01C-3E99E4750EA0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{16D5C335-9DB8-4340-A40B-12DA510A9DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | 
"{1EB2E4B3-216E-4771-B8F7-A7FA24FF9DA7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{21C2415D-6797-4340-80CF-74B5C075C225}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{227E71EE-814F-4654-8384-F413FC501273}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{233B1E3C-134D-430B-A247-1246369BCED2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{23B8F258-479B-481A-9486-A34A20B44FFB}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe | 
"{24A303BE-F292-4B06-94B2-EDDEE6D3CA25}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe | 
"{276152C7-FAC9-4188-BF41-8596AFC11A61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2902F5A1-AC1B-4987-8538-D3F5F549A132}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{297E6662-87A6-4527-B30A-001C7AA2EDD4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2C997F0D-8AB2-41CE-ABF2-E6615F26299C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2FEFBDCF-8D76-4B6D-9116-1DCBF25568FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{33CEFBBF-1162-4F92-982E-C00911E5AE2F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{34F5D568-CDA2-48DB-A693-3BDE6298CBCF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3569068E-8AFB-441F-ADA8-985ED337BA39}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{36983B41-FE1F-4834-9182-FA1E2757B47E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{36E281BB-EAC9-4299-BB0D-F9977557FB00}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{39082536-7FC0-4777-88DA-914DC5315297}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3EC92B02-B6BA-402E-BCEC-7C01A974FB86}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3F15EBC4-9A44-4310-83CD-3EA56E5B3B77}" = protocol=6 | dir=out | app=system | 
"{3F4FB9B8-F408-4F12-8EB1-982D9060DEE8}" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe | 
"{3F503149-07D2-4C48-949B-A1FB7252AF3F}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{43CE63EF-BF1F-4E4C-A645-391290308EE5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4CABB5A1-F982-40AE-A43A-490AF3A3C9A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4CC76C9F-5204-4E4F-99D3-AA75A2417F3B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4E95E23C-CA07-44A2-A365-4098BADBD58D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{561FB109-4A30-4485-815B-8EC54C73A5C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5DC8938E-7549-4CC0-AEB0-695C90A8618F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{5EBA73B8-6483-468A-9660-676A8780E29B}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{5F30CFF9-E3FF-49D4-9B25-B5C583573DA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{622BC272-8C8F-4E80-AA1F-7BB79D57C726}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{62392F98-A469-4844-8BD4-50740FC0B469}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{66CDA0A9-C070-4156-B707-A1EFA9F70284}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{66E41587-0FEC-493A-985A-250C4DAE59F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{69A41846-F0AD-4691-B386-20F611EB09C0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6CEEBFE9-472D-40D5-87DD-0E98EB545F28}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6E8C0D38-093D-451F-8F1F-9509B885A1FC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{70636ED0-C10C-46DD-B31F-609E0E09F099}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7153360B-3528-4754-BF5D-72102B18D16C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{71ADC68A-1EEF-4B46-9D32-0DFCE0AD2511}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{724D4978-4EA0-4E6E-B43E-E56F08A46A93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{78CD7FAE-526F-442D-BDA2-EA6457ADF68F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{79418582-C8D9-4714-9608-839FF1839966}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{79DF540F-1DD0-4C36-A86F-DB8E396412E8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7C16805C-6641-4388-996C-3C9C3DBD10A1}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\starcraft ii.exe | 
"{7CD63DE3-C1DE-442F-A091-EBA391F35675}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CE563E1-2988-4613-A931-1950C8CD9AD6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7EB1D6B0-00A7-40F1-9454-683285389177}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{806A596C-E850-4E55-BB27-78DA6E9F080F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{832969FD-DE6F-47A6-8C96-776F1D27132A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{85BEE3FF-4121-4D23-844A-62735E6471DE}" = protocol=6 | dir=out | app=system | 
"{879B899B-6BA7-46AD-ABE7-6F12FE4219AC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{890CC2C4-1A7F-4196-A9DC-FEC5EFFBD3BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A0416AE-69E2-4E07-86B0-D04AAF97CC45}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8A15D7C4-FB09-4FD0-B888-3ACE5040209E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8AB6FE80-5D98-4BF8-B1A2-70A5D1BAE8F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C4F78C8-DAA9-48F8-A6C9-079644CC0792}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8DF1451F-7E82-41DB-9E58-0E0602A19B5E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8E363C64-362D-4057-8C0B-5375E2334E1C}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe | 
"{8E4C18C2-AA57-4AD1-9815-5E416B94808D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8FE29CFE-931C-455A-98A0-F84883E8CE05}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8FE69B70-5520-49C0-81EC-39147D04C0A8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9106418D-15E0-4519-90F8-F31F1EFC15D9}" = protocol=6 | dir=out | app=system | 
"{9109FC68-9406-4059-8DE8-0FCC48C09E40}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9127AA23-05EA-4411-852B-38EA91D7B0DF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{932F90CA-FD59-4D78-81C4-61E5B49A5D6A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9459B941-FAB1-4D42-B0EF-B52795CCDDE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{94D563EF-A62B-41DF-B43F-6DAEB17DCFE1}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{94F075BC-5D82-4A1B-9DC4-D2351CB39B6A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{95AA6FE0-08CE-4D0F-944F-E463C435B325}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9762C1AF-31DB-4328-BBF0-C708E2998F32}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9866AFA0-DE7E-493E-AAE6-CD87D148541E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9CB1A485-0C5C-4C1E-85E0-75346558D053}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9CD2913E-0306-4433-84F8-CADF1B2B4AB7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9F244281-0452-4800-90F7-F725D35E8A13}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A02C377E-7BF3-4B88-B10E-8E26F99BF76D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A1D0D43F-DFFA-4DA2-A449-8955445C575C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A778AD60-2B4E-41A5-8BEB-6157885517CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AB080AAA-D12F-49D0-818B-7D312E80E585}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AE1E7F57-7250-46C4-9305-0E853AEA41D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B42AF08A-93E0-4ED5-BC97-EA88CF6F7B2C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B4D1B510-1467-4F2F-9632-8C073F97C2CF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BC5CA820-B87E-44FF-A7B1-1550C80EB278}" = protocol=17 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe | 
"{BE40BEDB-7659-4531-9048-1919E494130A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BFD2C644-62C1-4FFA-AA77-8A5DC8D6689E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C233663E-7165-4D1A-A087-68D033215AA8}" = protocol=6 | dir=out | app=system | 
"{C3B8F542-E7C2-4631-8700-768AAF52E51C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C49391D6-8749-40AD-8CDA-7D69E979B530}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CA8684FE-CEC9-473F-ADA3-6E3BD02E9853}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CF4D33A8-6B82-48F8-A7ED-9FD08C8AFD1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D344C829-0FF4-4245-87F1-37795B278377}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5EDF6EB-F644-4A78-A170-49BA05336FD6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D73390F8-B4E0-4C4B-9907-15E3DD921191}" = protocol=6 | dir=out | app=system | 
"{DA839E04-166B-4487-A14B-E69B355AC77E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DDFCC5B2-BD15-4D53-B7F5-60A8EC0A3999}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DF81E032-A293-44F0-9641-4C25A67CE651}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe | 
"{E066BAAA-612B-4145-9E4C-254D5FBE7360}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E0CDA6F3-3644-417E-8C13-478B792AC6E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E427EFEB-5F6F-4935-8E6D-022D35E2E593}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E65A568F-B2B4-43A0-9607-C94F7AD70C0D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E718F2EB-8980-4FB8-A655-BDFC1598AD7B}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe | 
"{E76E9FCC-F154-47DB-942D-32D326C5ED82}" = protocol=6 | dir=out | app=system | 
"{E8C329FF-DC1A-4868-A97D-F63928A7B995}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC964C1A-D923-44E8-9132-CB06527EF1A3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EE1B5B5E-1C90-4275-BB2A-9E807628564A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F26C8671-A2A1-4F90-80AA-74AB802523FF}" = protocol=6 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe | 
"{F3143F3E-4A1D-4CD0-A26F-DF888DF54103}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F938929A-B67F-436A-AFD7-0898EC1A1F37}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{F9E0BE5D-F65C-4084-9610-85DAF53D1F7A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FDCCE4B5-C3AC-409F-8100-DE5EDF72E5CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{087B5F95-A975-4432-9FA1-9C8133B30070}O:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=6 | dir=in | app=o:\easysetupassistant\wr741n\easysetupassistant.exe | 
"TCP Query User{0FBC7E06-27C7-4482-BF1D-3AA3921F57D2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{10F1AC07-CE18-4E27-A06A-8D9A51F1653A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{1EE261D9-2047-4D3E-8836-929D2EE88524}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{24FE0C45-A213-4EED-8052-2E046F7ADEB5}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{2B5BB825-7E4B-49B7-AF09-E8B5CA1C7793}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{43D3469A-F34A-4F29-86F9-9273994288BA}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{43E0120C-20A5-4D34-9309-3481EC55FAC4}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{561C1002-0077-4521-A4B0-09CF1D10C9D5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{5DAF7F31-CB11-43E8-A902-0030D0C772FA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{61842CFF-EB14-4882-94D5-AD8920E458EF}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{6F7995A6-56B6-4530-A7C2-630C4F513AB5}C:\program files (x86)\streamtransport\streamtransport.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtransport\streamtransport.exe | 
"TCP Query User{7B42AE13-FB48-480E-8ACE-CBF3C43A5F9C}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{812BCE27-5FC7-4BF6-ABF4-953B40A5B6AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{847DF980-206D-42F7-8204-F9E2B6D0EE4B}D:\programme\doom 3\doom3.exe" = protocol=6 | dir=in | app=d:\programme\doom 3\doom3.exe | 
"TCP Query User{8E6DCC4A-E00B-45E8-A633-9515E596F6BC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{AAF367CA-25F9-4EA9-A307-CAEE30B5887C}D:\programme\doom 3\doom3ded.exe" = protocol=6 | dir=in | app=d:\programme\doom 3\doom3ded.exe | 
"TCP Query User{B066EBCD-F701-47E9-A9C9-54409A3BCD67}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{C32DAF7C-DBE2-45D4-BB49-9474197315AE}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"TCP Query User{CE93E9B8-DAF7-4001-B642-81F314B9C920}D:\programme\homeworld\homeworld.exe" = protocol=6 | dir=in | app=d:\programme\homeworld\homeworld.exe | 
"TCP Query User{D0CA6D3D-F3F5-4ABE-8B84-652036644FE6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{E424B733-BFE8-47D1-BEB6-2D4F163AD556}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F0F6994B-3483-460D-91B8-A3A0E126919C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{F534AE84-AB0D-428B-ACEB-202A3D1291D0}D:\programme\ra3\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\programme\ra3\data\ra3_1.12.game | 
"TCP Query User{FDA59E13-C258-4FCB-9A00-46BD07CA3FA6}D:\programme\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\programme\starcraft\starcraft.exe | 
"UDP Query User{018E8EE9-3E8B-43CD-841D-C67EF26B9E10}D:\programme\ra3\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\programme\ra3\data\ra3_1.12.game | 
"UDP Query User{0F9B3762-80CB-4BFA-9B07-87FB0314950F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1B31C599-0623-40B3-94D8-F4353BF3A200}D:\programme\homeworld\homeworld.exe" = protocol=17 | dir=in | app=d:\programme\homeworld\homeworld.exe | 
"UDP Query User{3DECE7F8-66BC-44B7-9FAE-8B50E7512BB9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{42E6FF89-0EDA-4EC8-BAF4-70B33680728F}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{610E56BB-CA78-429E-B421-36698D36DC3F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{6BC0D240-9787-4C34-A147-6060B1B07D42}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{7C7278A9-47F4-47E5-90FD-B3E7CB23A99E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{809A8648-6164-4303-89D2-B34E5BF43F45}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{86C441D0-3138-48E7-9554-BADE1E3DBBB3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{886A43DF-6897-42B6-8658-AE0356AC5957}D:\programme\doom 3\doom3ded.exe" = protocol=17 | dir=in | app=d:\programme\doom 3\doom3ded.exe | 
"UDP Query User{8AD68FF1-EBAB-45C3-BC6C-64847662B769}C:\program files (x86)\streamtransport\streamtransport.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtransport\streamtransport.exe | 
"UDP Query User{8E571EC6-1E2B-4B6A-8D9C-A680F2792D7A}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{8EA3DB1E-08CD-4F78-9BF9-2B571EDCFF6C}D:\programme\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\programme\starcraft\starcraft.exe | 
"UDP Query User{941C99B7-8C5B-43D2-AB0E-971237503B7D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{974012B4-DA96-4145-96E5-2F834CE5B1EF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{A1E3E557-3A4D-44D1-84D7-06F3B760B438}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{A671B3AD-6C37-4C2A-BD32-696EC085C8F8}D:\programme\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\programme\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{AD72E3B3-CE6A-4CDA-AC8F-A1A427F4F158}O:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=17 | dir=in | app=o:\easysetupassistant\wr741n\easysetupassistant.exe | 
"UDP Query User{B7F32EE5-A715-4814-8577-56DF1D746623}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
"UDP Query User{B8B94D63-E231-4858-9715-9147B8ADA2E6}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{C450FE4F-4AA8-4AB4-81B4-034514C6D5BF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{CAE3FB36-0F95-4CF6-991D-B8F998816C28}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{ED42475A-29DC-499F-9800-47DDF8E71AD0}D:\programme\doom 3\doom3.exe" = protocol=17 | dir=in | app=d:\programme\doom 3\doom3.exe | 
"UDP Query User{FD8BBADA-537F-4CF3-8663-60B2C29F798A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{271B6E19-15A2-B4DC-7C24-17A072A52861}" = ccc-utility64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E587F58-50BE-3557-89F6-14D99CB5FB2A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A80AF0FF-16ED-3B44-9103-A874B3771422}" = Windows Phone Emulator x64 - DEU
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC3539BE-6ACD-3078-B521-0AC2884720F3}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4815811-3F51-46DC-868A-211ECB5B79E7}" = inSSIDer 2.0
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DB61F989-7664-4E18-97C8-0AC4C5DD9FFC}" = e-mix 5.6.4 Basic Edition
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{ED1A01DA-CB9F-0ECD-BADC-E7C0B096EC5D}" = ATI Catalyst Install Manager
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1
"CCleaner" = CCleaner
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"Ext2Fsd_is1" = Ext2Fsd 0.48
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"GPL Ghostscript 9.04" = GPL Ghostscript
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.3.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Sandboxie" = Sandboxie 3.52 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1 (x64)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{01C91464-A3D4-56FE-9AC5-B7E5481DAD5B}" = CCC Help German
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04BEE0E6-AFA6-BF1C-B136-2B73EF4DF8D5}" = CCC Help Danish
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{06691FB7-ECC7-71FD-09F7-07D9ADE774DC}" = CCC Help Norwegian
"{07C57B29-D2E4-4959-84A5-016F2BE11A35}" = Microsoft Windows Phone 7 Developer Resources(DE)
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12B5C567-4604-C82B-A7F8-130B17B81049}" = CCC Help Korean
"{1564C47F-90BA-9788-5C3D-4EA4EB0C2073}" = CCC Help Czech
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1CC32A0A-2F22-2E26-489E-89C6E2B46A8A}" = Catalyst Control Center InstallProxy
"{1D537C29-27C9-4EE2-92BC-22D0910EAE9D}" = Microsoft XNA Game Studio 4.0 Language Pack (de-DE)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21FFB65D-736F-08FB-EED1-57953A43D729}" = CCC Help Thai
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{2638FFB3-24DD-40BB-B6BE-5EF611DB0E1F}" = Stereoscopic Player c't Edition
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1" = EXIF Date Changer v3.00
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{29C61AA3-94AC-D12F-1D49-38CB01455E28}" = ccc-core-static
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2ED90AE2-8E74-6AE0-E1BA-AFF02578A2AF}" = PX Profile Update
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{380392ED-5898-3E27-4678-705C49403D34}" = CCC Help English
"{3959E064-5785-4DA1-9799-5A841F6B9DA5}" = Windows Phone Device Manager
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AA079C2-7F5C-D111-548C-5124D4DFF0E3}" = Catalyst Control Center Localization All
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{3FB476B3-8BE3-4337-810E-14A596A3833C}" = Music Jukebox
"{410E170F-9E85-D364-882F-BBEB45B6D719}" = CCC Help Dutch
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{5016185F-05AF-455F-AA70-6B6E5D6D4E70}" = AVerTV 3D
"{531E1936-95AC-4F7D-8071-BBE9502C670B}" = Stereoscopic Player
"{553B3EFC-4D47-36D4-B15E-BE098BAEC8AC}" = Windows Phone 7 Add-in for Visual Studio 2010 - DEU
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5CF37187-BE4F-009F-8C27-0D509144A427}" = CCC Help Turkish
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5ED5BC4D-CADC-4705-A230-D1FC80882252}" = PhotoTools 2.5 Free
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{6022299E-440C-43DA-825F-B58BCCB570B9}_is1" = Fotomatic version 1.4
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C2EC2D3-A155-41B9-941B-1E1D5565C2C0}" = CCC Help Chinese Traditional
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D80B6D8-C7FC-C635-B3D2-1DFE9BEE890D}" = TiltShift
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{737A6F12-84F1-8DC7-2956-D9F926498AE6}" = CCC Help French
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{78842BC3-9905-F28F-D4EE-0D56FC9F7D09}" = CCC Help Hungarian
"{789A766A-ACDA-339F-540A-AD64241F49A0}" = CCC Help Russian
"{7CA61F82-92CB-BF23-3388-5D6ACE2F7981}" = CCC Help Chinese Standard
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82126A52-6AB6-4D1B-A89C-8F1C7790B55A}" = GO Contact Sync Mod
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{889D48DA-457F-4C8B-9095-6458F2793B12}" = Nokia Software Updater
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9988449D-EC87-8B4C-7F8F-7F13B0B6CFAA}" = Catalyst Control Center Graphics Previews Vista
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FABF252-8DD5-17E1-D916-E6FC3BFB7FC7}" = CCC Help Portuguese
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA4A9D06-085E-4EC3-137F-3E0F8A5F2F86}" = CCC Help Spanish
"{CA539DCE-7732-455C-4B8F-4263763F8391}" = CCC Help Greek
"{CBC7D66E-89DA-69CA-3264-D98BC972E546}" = CCC Help Swedish
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE51F880-5EA1-7B32-855E-DAAFD2C8A69E}" = CCC Help Italian
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.158.203
"{D3D98C41-5C39-99D6-199E-B975780E6572}" = CCC Help Polish
"{D4C4A7F3-D364-F624-479E-D787B05D99A5}" = Catalyst Control Center InstallProxy
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.0.9.8
"{DE55C227-A674-49D8-A767-15F2155F7008}" = SGS VideoCapture Free 1.0.0
"{E452CEEB-2261-AF87-B34E-BB7D3FF382DE}" = CCC Help Finnish
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E488C325-C173-8FEE-2083-60E3D281B8F4}" = CCC Help Japanese
"{E5809572-2ADC-11D7-81AC-00D009DAF871}" = GrafStat (2006 Edition-i)
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F39359B6-58F1-4837-BE9B-D111FAF50D74}" = Microsoft Visual Studio 2010 Express for Windows Phone  - DEU
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"8461-7759-5462-8226" = Vuze
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Auto Update Service" = Canon Auto Update Service
"AutoGK" = Auto Gordian Knot 2.55
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.64.57
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"Classic Doom 3" = Classic Doom 3 1.3.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DPP" = Canon Utilities Digital Photo Professional 3.11
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Exposure 2" = Alien Skin Exposure 2
"FileZilla Client" = FileZilla Client 3.6.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Foxit Reader" = Foxit Reader
"Free Video Dub_is1" = Free Video Dub version
"FreePDF_XP" = FreePDF (Remove only)
"Generic USB 108 Sound" = hama USB-Sound Card 7.1
"Google Calendar Sync" = Google Calendar Sync
"ID3-TagIT 3_is1" = ID3-TagIT 3
"Identity Card" = Identity Card
"In Hell - Directors Cut" = In Hell - Directors Cut
"InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}" = AVerTV 3D
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{E5809572-2ADC-11D7-81AC-00D009DAF871}" = GrafStat (2006 Edition-i)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"JDownloader" = JDownloader
"JPEG Lossless Rotator_is1" = JPEG Lossless Rotator 7.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"LManager" = Launch Manager
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 15 Plus Download-Version D" = MAGIX Video deluxe 15 Plus Download-Version 8.0.1.2 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MapUtility" = Canon Utilities Map Utility
"Microsoft Visual Studio 2010 Express for Windows Phone  - DEU" = Microsoft Windows Phone Developer Tools - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"MKV Chapterizer" = MKV Chapterizer
"MKVtoolnix" = MKVToolNix 5.8.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mtt12" = Mp3 Tag Tools v1.2
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SopCast" = SopCast 3.4.8
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"TrueCrypt" = TrueCrypt
"TVUPlayer" = TVUPlayer 2.5.3.1
"Undelete 360_is1" = Undelete 360
"Veetle TV" = Veetle TV
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 2.0.4
"VobSub" = VobSub v2.23 (Remove Only)
"VuePrint" = VuePrint
"VueScan" = VueScan
"Winamp" = Winamp
"Winmail Opener" = Winmail Opener 1.4
"WinRAR archiver" = WinRAR archiver
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3694723136-1128612256-4147537267-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.11.2012 20:06:36 | Computer Name = ZapLap | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 25.11.2012 20:06:36 | Computer Name = ZapLap | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 26.11.2012 13:34:06 | Computer Name = ZapLap | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 12.0.6665.5003 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 874    Startzeit: 01cdcbfc20a88f43    Endzeit: 10    Anwendungspfad: 
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: 747adb96-37ef-11e2-8d76-00262d95cf98

 
Error - 26.11.2012 13:43:45 | Computer Name = ZapLap | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 12.0.6665.5003 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1a1c    Startzeit: 01cdcbfd81e07f18    Endzeit: 10    Anwendungspfad:
 C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: cefa6d51-37f0-11e2-8d76-00262d95cf98

 
Error - 26.11.2012 13:44:31 | Computer Name = ZapLap | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 26.11.2012 13:49:56 | Computer Name = ZapLap | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 12.0.6665.5003 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 728    Startzeit: 01cdcbfdabd3338b    Endzeit: 10    Anwendungspfad: 
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: a61cfc08-37f1-11e2-8d76-00262d95cf98

 
Error - 26.11.2012 14:05:19 | Computer Name = ZapLap | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 12.0.6665.5003 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: a2c    Startzeit: 01cdcbffd5f5f3de    Endzeit: 15    Anwendungspfad: 
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE    Berichts-ID: ccfa0d01-37f3-11e2-b0c8-00262d95cf98

 
Error - 26.11.2012 21:06:00 | Computer Name = ZapLap | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.11.2012 21:06:01 | Computer Name = ZapLap | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 26.11.2012 21:06:01 | Computer Name = ZapLap | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ OSession Events ]
Error - 14.08.2010 07:25:51 | Computer Name = ZapLap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 66
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 02.11.2010 19:28:29 | Computer Name = ZapLap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.02.2011 02:32:59 | Computer Name = ZapLap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 30773
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 21.03.2011 15:19:33 | Computer Name = ZapLap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 20:02:51 | Computer Name = ZapLap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.05.2012 10:09:12 | Computer Name = ZapLap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.05.2012 09:09:08 | Computer Name = ZapLap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.05.2012 16:52:00 | Computer Name = ZapLap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.12.2012 04:29:22 | Computer Name = ZapLap | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 01.12.2012 04:29:23 | Computer Name = ZapLap | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 02.12.2012 03:08:04 | Computer Name = ZapLap | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 02.12.2012 03:08:06 | Computer Name = ZapLap | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 02.12.2012 03:08:07 | Computer Name = ZapLap | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 02.12.2012 07:36:41 | Computer Name = ZapLap | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 02.12.2012 07:36:41 | Computer Name = ZapLap | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 03.12.2012 07:59:35 | Computer Name = ZapLap | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 03.12.2012 07:59:37 | Computer Name = ZapLap | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 03.12.2012 07:59:38 | Computer Name = ZapLap | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
--- --- ---

Alt 03.12.2012, 14:00   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.12.2012, 15:33   #12
Yauser
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\Windows:nlsPreferences deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Zaphod Beeblebrox\Desktop\cmd.bat deleted successfully.
C:\Users\Zaphod Beeblebrox\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 69034 bytes
->Temporary Internet Files folder emptied: 38978 bytes
->FireFox cache emptied: 23282109 bytes
->Flash cache emptied: 56757 bytes
 
User: Public
 
User: Zaphod Beeblebrox
->Temp folder emptied: 73074199 bytes
->Temporary Internet Files folder emptied: 986734188 bytes
->Java cache emptied: 1567970 bytes
->FireFox cache emptied: 485257552 bytes
->Flash cache emptied: 83291 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 761916077 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36034005 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 25984042 bytes
 
Total Files Cleaned = 2.283,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 12032012_162323

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 03.12.2012, 15:37   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.12.2012, 16:07   #14
Yauser
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zaphod Beeblebrox :: ZAPLAP [Administrator]

03.12.2012 16:58:17
mbam-log-2012-12-03 (16-58-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232349
Laufzeit: 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ESET der war aber echt schnell fertig!:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=080e1f932fde534ea9840d6d3a7196e1
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-03 04:01:29
# local_time=2012-12-03 05:01:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 48485122 48485122 0 0
# compatibility_mode=1792 16777215 100 0 4147691 4147691 0 0
# compatibility_mode=5893 16776574 100 94 55971172 106180339 0 0
# compatibility_mode=8192 67108863 100 0 3640 3640 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=080e1f932fde534ea9840d6d3a7196e1
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-03 04:03:52
# local_time=2012-12-03 05:03:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 48485265 48485265 0 0
# compatibility_mode=1792 16777215 100 0 4147834 4147834 0 0
# compatibility_mode=5893 16776574 100 94 55971315 106180482 0 0
# compatibility_mode=8192 67108863 100 0 3783 3783 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
         
Und herzlichen Glückwunsch zu 100.000+ postings ;-)

Alt 03.12.2012, 16:43   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Standard

Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image



Zitat:
Und herzlichen Glückwunsch zu 100.000+ postings ;-)
Danke!

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image
adobe, antivirus, avg, avira, avira warnung, bho, desktop, error, excel, explorer, festplatte, file, file is encrypted, firefox, format, google, home, igdpmd64.sys, launch, logfile, mozilla, nodrives, opera, programme, realtek, registry, scan, sd-karten, software, temp, warnung



Ähnliche Themen: Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image


  1. "Ehemalige" Viren, Factory Image Restore
    Plagegeister aller Art und deren Bekämpfung - 09.08.2015 (5)
  2. Windows 8.1: Avira findet "TR/Swrort.A.10259" in "C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (3)
  3. Windows XP: Avira findet "TR.Trash.Gen" [trojan]
    Log-Analyse und Auswertung - 17.06.2014 (26)
  4. Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird
    Log-Analyse und Auswertung - 05.06.2014 (7)
  5. Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner
    Log-Analyse und Auswertung - 14.01.2014 (15)
  6. Windows 7 findet "einige" Viren (MBAM)
    Mülltonne - 08.01.2014 (2)
  7. VIRUS! Uninstall von "i livid Download Manager" erfolglos. SpyHunter findet Viren, Avira nicht - was tun?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (12)
  8. Avira Scan findet "46 Viruses and/or unwanted programs"
    Log-Analyse und Auswertung - 19.10.2013 (16)
  9. Win 7 32 Bit - Avira findet immer wieder diesen Virus "HTML/Malicious.Flash.Gen"
    Log-Analyse und Auswertung - 05.10.2013 (12)
  10. Wiederholte Meldung "Download ... von tracker.tradedoubler.com" - was tun?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (19)
  11. Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (51)
  12. malwarebytes findet 42 "PUP.Blabblers" Viren beim Vollscan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  13. Avira findet "TR/Rogue.kdv.623486" und "EXP/12-0507.BD.2.B"
    Plagegeister aller Art und deren Bekämpfung - 20.05.2012 (3)
  14. Avira findet "TR.Swizzor.aafj" "TR.Swisyn.aiwd.1"
    Log-Analyse und Auswertung - 22.08.2011 (4)
  15. Malwarebytes entdeckt "Trojan.Banker", Rechner total langsam - System clean?
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (12)
  16. Avira Antivir findet "TR/Click.Yabector.8857.2"
    Plagegeister aller Art und deren Bekämpfung - 28.10.2009 (1)
  17. True Image 8 - "richtiges" Image
    Alles rund um Windows - 11.01.2006 (5)

Zum Thema Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image - Hallo, Ich bin verunsichert, ob mein Laptop in irgendeiner Form "verseucht" ist. Seit einiger Zeit liefert mir der Avira-Echtzeitscanner im laufenden Betrieb gelegentlich die Warnmeldung: "Eine Speicherveränderung wurde entdeckt, die - Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image...
Archiv
Du betrachtest: Wiederholte Avira Warnung: Speicherveränderung entdeckt -> Rescue-System findet "nur" Viren-Signatur in HD-Kopier-Image auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.