Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Babylon Search Suchmaschine / PC lahmt / Malware?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.01.2013, 18:57   #1
inspigate
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Hallo liebe Forumsgemeinde,

meinen Rechner nutze ich als Laie hauptsächlich beruflich ( Office Anwendungen ) und zum surfen im Netz. Trotz immenser Defizite im Bereich Sicherheit / Programme und dessen Auswirkung, kam ich immer gut zurecht... solange es keine Probleme gab. Die nun aufgetretenen lassen mich schier verzweifeln.

Seit einigen Stunden nun versuche ich schon mithilfe der Anleitung hier bei euch...die notwendigen Schritte zu unternehmen um eure Hilfe in Anspruch nehmen zu können. Das alles ist sehr sehr kompliziert und wenn es mir mit eurer Unterstützung gelingen sollte meinen Rechner wieder auf Vordermann zu bringen, habt Ihr einen Orden verdient.

Ich habe mir wohl beim surfen einige Viren und oder Trojaner ( ich glaub das nennt man Malware ) eingefangen. Eine dubiose Suchmaschine Namens "Babylon search" hat sich bei mir eingenistet. Seitdem mein Internet Explorer immer abstürzt ( ob das damit was zu tun hat, weiß ich nicht ) nutze ich Google Chrome. Mit der Installation dieses Browsers installierte sich wohl auch diese Suchmaschine, die IMMER in einem separaten Tab vor dem Google Chrome erscheint. Da die Oberfläche ziemlich "billig" anmutet, schließe ich dieses Fenster immer um anschließend mittels Google Chrome und der von mir als Startseite festgelegten Seite "google" ins Netz zu gehen.

Das klappte immer reibungslos... bis mir auffiel das eine Verbindung zum Internet erst in immer größer werdenden Abständen erfolgte.

Eine erste Recherche mittels Systemauslastung über den Task Manager ergab auch einige Leistungsfressende Applikationen, die ich nicht brauchte. Darunter waren einige Programme eines Anbieters "Software4u". Die habe ich sofort deinstalliert. Dabei fiel mir auch dieses Babylon Search wieder auf und ich googelte danach.

Jetzt bin ich hier bei euch und stelle fest...das ich wohl echte Probleme habe.

Nachfolgend im Anhang findet Ihr die von der Forumsgemeinschaft als Voraussetzung zur Teilnahme vorgeschriebenen Daten.

Vielen Dank

Alt 30.01.2013, 12:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 30.01.2013, 17:53   #3
inspigate
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



...
__________________

Geändert von inspigate (30.01.2013 um 17:57 Uhr) Grund: jetzt auch noch doppelt. man oh man

Alt 30.01.2013, 17:54   #4
inspigate
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Hallo,

vielen Dank für Deine Antwort.

Ihr habt hier im Forum eine "Checkliste", nach der ein neuer User vorgehen soll, wenn Er seine Probleme schildert. Zu meiner Schande muss ich gestehen, das ich nach erneutem Nachsehen selbst festgestellt habe, das diese "zipperei" und Anhängen der Logfiles nur nach ausdrücklichem auffordern des helfenden erwünscht ist.

Es ist also alles in Ordnung mit eurer Anleitung, wenn man denn Lesen kann...:-)

Ich wusste mit nur nicht wirklich zu helfen. Nachfolgend nun die integrierten Logiles


gmer.txt

Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-29 18:26:17
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\0000004c ST315005 rev.CC34 1397,27GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Herzchen\AppData\Local\Temp\kxlyyuod.sys


---- Kernel code sections - GMER 2.0 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                           fffff9600016e700 3 bytes [C0, 83, 02]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 4                                                                                                       fffff9600016e704 3 bytes [01, C4, FA]

---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[836] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                   0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] C:\Windows\syswow64\USER32.dll!DialogBoxParamW         0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[1168] C:\Windows\syswow64\USER32.dll!DialogBoxParamW           0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Windows\SysWOW64\schtasks.exe[1640] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                     0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2200] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                        0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2972] C:\Windows\syswow64\USER32.dll!DialogBoxParamW           0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[3724] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                       0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                     0000000077095fb7 5 bytes JMP 00000001755741c0
.text    D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[3896] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                            0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                         0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                          0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                00000000779b9455 7 bytes {MOV EDX, 0x97be28; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                     00000000779b967d 7 bytes {MOV EDX, 0x97be68; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                         00000000779b96ad 7 bytes {MOV EDX, 0x97bda8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                  00000000779b96c5 7 bytes {MOV EDX, 0x97bd28; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                    00000000779b96dd 7 bytes {MOV EDX, 0x97bf28; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                  00000000779b970d 7 bytes {MOV EDX, 0x97bf68; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                   00000000779b9785 7 bytes {MOV EDX, 0x97bee8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                  00000000779b979d 7 bytes {MOV EDX, 0x97bea8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                            00000000779b97e5 7 bytes {MOV EDX, 0x97bc68; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                 00000000779b98d5 7 bytes {MOV EDX, 0x97bca8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                          00000000779b9b15 7 bytes {MOV EDX, 0x97bc28; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                    00000000779baa25 7 bytes {MOV EDX, 0x97bde8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                          00000000779baa9d 7 bytes {MOV EDX, 0x97bd68; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                             00000000779bac95 7 bytes {MOV EDX, 0x97bce8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                          0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                00000000779b9455 7 bytes {MOV EDX, 0x975a28; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                     00000000779b967d 7 bytes {MOV EDX, 0x975a68; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                         00000000779b96ad 7 bytes {MOV EDX, 0x9759a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                  00000000779b96c5 7 bytes {MOV EDX, 0x975928; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                    00000000779b96dd 7 bytes {MOV EDX, 0x975b28; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                  00000000779b970d 7 bytes {MOV EDX, 0x975b68; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                   00000000779b9785 7 bytes {MOV EDX, 0x975ae8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                  00000000779b979d 7 bytes {MOV EDX, 0x975aa8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                            00000000779b97e5 7 bytes {MOV EDX, 0x975868; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                 00000000779b98d5 7 bytes {MOV EDX, 0x9758a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                          00000000779b9b15 7 bytes {MOV EDX, 0x975828; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                    00000000779baa25 7 bytes {MOV EDX, 0x9759e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                          00000000779baa9d 7 bytes {MOV EDX, 0x975968; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                             00000000779bac95 7 bytes {MOV EDX, 0x9758e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                          0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                          0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                                00000000779b9455 7 bytes {MOV EDX, 0x104ea28; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                     00000000779b967d 7 bytes {MOV EDX, 0x104ea68; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                         00000000779b96ad 7 bytes {MOV EDX, 0x104e9a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                                  00000000779b96c5 7 bytes {MOV EDX, 0x104e928; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                    00000000779b96dd 7 bytes {MOV EDX, 0x104eb28; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                                  00000000779b970d 7 bytes {MOV EDX, 0x104eb68; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                   00000000779b9785 7 bytes {MOV EDX, 0x104eae8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                                  00000000779b979d 7 bytes {MOV EDX, 0x104eaa8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                            00000000779b97e5 7 bytes {MOV EDX, 0x104e868; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                                 00000000779b98d5 7 bytes {MOV EDX, 0x104e8a8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                          00000000779b9b15 7 bytes {MOV EDX, 0x104e828; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                    00000000779baa25 7 bytes {MOV EDX, 0x104e9e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                          00000000779baa9d 7 bytes {MOV EDX, 0x104e968; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                             00000000779bac95 7 bytes {MOV EDX, 0x104e8e8; JMP RDX}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                          0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Windows\SysWOW64\conime.exe[4384] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                       0000000077095fb7 5 bytes JMP 00000001755741c0
.text    C:\Users\Herzchen\Downloads\gmer_2.0.18454.exe[4168] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                       0000000077095fb7 5 bytes JMP 00000001755741c0

---- Threads - GMER 2.0 ----

Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2708:1916]                                                                                    0000000075b5f36f
Thread   C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2708:3472]                                                                                    0000000072fa0cb3
---- Processes - GMER 2.0 ----

Library  C:\Program (*** suspicious ***) @ C:\Windows\system32\svchost.exe [316]                                                                                   00000000730d0000
Library  C:\Program (*** suspicious ***) @ C:\Windows\system32\svchost.exe [460]                                                                                   00000000730d0000
Library  C:\Program (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1204]                                                                                  00000000730d0000
Library  C:\Program (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1504]                                                                                  00000000730d0000
Library  C:\Windows\system32\dnssd.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1972]  00000000745d0000
Library  C:\Windows\system32\dnssd.dll (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [3724]                                                00000000745d0000

---- EOF - GMER 2.0 ----
         
OTL.txt

Code:
ATTFilter
OTL logfile created on: 29.01.2013 16:16:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Herzchen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,28% Memory free
8,21 Gb Paging File | 6,74 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164,75 Gb Total Space | 29,41 Gb Free Space | 17,85% Space Free | Partition Type: NTFS
Drive D: | 1220,50 Gb Total Space | 1193,60 Gb Free Space | 97,80% Space Free | Partition Type: NTFS
 
Computer Name: BASISLAGER | User Name: Herzchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.29 16:16:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Herzchen\Downloads\OTL.exe
PRC - [2013.01.18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.06.11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.01.21 03:50:17 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.18 09:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.18 09:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013.01.18 09:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013.01.18 09:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013.01.18 09:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2012.12.05 18:09:41 | 002,148,376 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.12.02 17:15:41 | 000,070,144 | ---- | M] () -- C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.10 12:26:53 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.10.10 12:25:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.29 12:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.11.15 23:24:16 | 000,015,672 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.07.01 08:44:00 | 000,214,032 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.01.21 03:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007.09.29 13:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2012.05.08 14:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.08.14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114350&tt=4812_3&babsrc=SP_ss&mntrId=f093fd0d000000000000002421dec62d
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5B7F1D18-991C-40B8-9225-945CCD0263C5&apn_sauid=0C0D9A1C-5575-4788-921D-739668AE2AB9
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE463
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.07 15:14:33 | 000,000,000 | ---D | M]
 
[2012.12.02 17:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d
CHR - Extension: No name found = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: No name found = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: corel.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: corel.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EE8DB3E-B5B8-4A74-8C1B-93E4F9AF9230}: NameServer = 192.168.0.1,8.8.8.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Herzchen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Herzchen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.21 14:00:11 | 000,000,000 | ---D | M] - D:\Autoplay -- [ NTFS ]
O32 - AutoRun File - [2010.04.02 13:03:16 | 003,048,072 | ---- | M] () - D:\autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2010.03.29 17:24:43 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.29 15:41:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2013.01.29 15:02:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2013.01.29 14:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.29 16:14:22 | 000,000,000 | ---- | M] () -- C:\Users\Herzchen\defogger_reenable
[2013.01.29 16:05:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.29 15:43:21 | 001,684,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.29 15:43:21 | 000,718,376 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.29 15:43:21 | 000,671,466 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.29 15:43:21 | 000,164,672 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.29 15:43:21 | 000,134,744 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.29 15:37:41 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.29 15:37:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 15:37:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 15:37:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.29 15:07:56 | 001,571,838 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.29 15:06:29 | 002,988,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.29 14:39:42 | 002,128,937 | ---- | M] () -- C:\Users\Herzchen\Desktop\Foto 2.JPG
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.29 16:14:22 | 000,000,000 | ---- | C] () -- C:\Users\Herzchen\defogger_reenable
[2012.10.26 19:20:36 | 001,571,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.03 23:41:55 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.09.03 23:41:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.08.29 15:34:36 | 000,000,995 | ---- | C] () -- C:\Windows\eReg.dat
[2012.08.29 15:00:38 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.07.18 20:48:39 | 000,005,120 | ---- | C] () -- C:\Users\Herzchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.31 15:25:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.12.24 15:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.12.24 15:45:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.12.24 15:45:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.12.19 15:04:08 | 000,000,732 | ---- | C] () -- C:\Users\Herzchen\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 17:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.02 17:13:54 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\Babylon
[2012.10.07 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\DVDVideoSoft
[2012.10.07 17:19:30 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.04 04:07:23 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\OpenCandy
[2012.10.26 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\Software4u
[2011.12.19 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\Telefónica
[2012.07.04 04:08:26 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 29.01.2013 16:16:52 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Herzchen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,28% Memory free
8,21 Gb Paging File | 6,74 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164,75 Gb Total Space | 29,41 Gb Free Space | 17,85% Space Free | Partition Type: NTFS
Drive D: | 1220,50 Gb Total Space | 1193,60 Gb Free Space | 97,80% Space Free | Partition Type: NTFS
 
Computer Name: BASISLAGER | User Name: Herzchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 87 5E 01 2E 2A FE CD 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0925116D-B0C7-4B20-A9C8-8670CDB77106}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{0EACFC2C-B60D-4753-A25F-2D2F026AD3D6}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{0EDFBC48-3313-42FB-804C-1B7A336F447E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{137D3F6E-EC67-4EB0-90F1-964DD33AEC3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C264855-E63F-4AA4-B8DE-9227AB894E48}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1FC6DE7F-8182-4A6B-B343-1C5D5E084F32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2DD6081A-7E53-46CA-983B-486901C1A99E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3FEE8A70-1584-4EB6-9668-25FD05CDEE31}" = rport=139 | protocol=6 | dir=out | app=system | 
"{423A9AF7-36EB-43F8-9D14-6C42BFACE4BF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{43B2BDB7-3C4A-4612-A2BF-4FE5F296058B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4CA3F155-DA3F-42B2-BA3D-B8A693325C0A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{50415946-626E-40BF-B32C-5D2DC26C7EDB}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{55E811BF-73CD-4B4A-9A5A-FAE2A2316ED7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6C770C96-014F-435D-A247-D5A6F9D5E991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C8B389C-0B46-4159-A922-00784D180E52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E62B7ED-CB93-4F41-8C9E-738B99479257}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{802DD5D0-EA30-421D-9C68-767F9658866F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{83D69F3B-E991-4B4A-897E-CE9DC873976E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84F41BBC-21AC-4717-ADD9-40C4D68BCA28}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8804F9EF-E67E-4CED-8E48-B25F1B709513}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8EB8C011-EA6B-4FAE-9CCA-FA433224AF8E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{948429EB-B723-450A-A142-50FB7A341AD1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{98AE2A01-BE8D-4313-8381-EDD5FF5F0797}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A4E00D8D-D527-4FCC-B499-B5E3D8842CA9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B5E20F9A-ED04-4E85-BDD4-8A8D76BA4576}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{BB235248-AFDD-4567-986B-D3EAF5A285C1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C06A1926-4B61-4635-A1EA-CB2855A392BA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D7050CB2-3DD3-41D3-88B9-B8A145B6951E}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{DEE26011-C430-437D-87EE-C0D37E395E1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E030A802-7BED-4FE1-ACA8-FAB17DED6E7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6B7AB9A-2950-45AB-AF08-1C6390E9937C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E998853A-0E33-40DD-B709-EA061B9BD08B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F9FA3DEA-31B0-412B-AA69-61B3756A7DA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FC9A3D88-91A9-44A1-B119-2058E588CF7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033D10F6-4958-420C-A0B9-5479BB94DA27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{061A8114-B7D6-4678-8071-7E765BBFFF49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17CE8588-BCD3-42C6-BF3D-91A8423DB40E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1AFFBBC8-A0B8-4C83-9138-63BEEFE7D36E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{205D4B1D-F47B-4681-AAD2-B896DAD8FEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{22038800-5519-4E5A-B79A-095A370ED6E9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{2E315945-7481-43F0-9872-EB9994C5B1AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{39B17692-4F2D-4DF5-A6F2-31FD3BAF8B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{3A4E7557-A1A7-4A7C-B2B7-E3782B6BAA92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C83B862-22D4-4187-BCC3-E5D483BB226C}" = protocol=6 | dir=out | app=system | 
"{3FE5DD4B-C231-420A-BFD3-8E6C51F75670}" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{471455FE-0C47-40C6-A6BA-36603615459E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{479296B4-F7A3-47C0-9AF5-B65F4D33D0C9}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 
"{4E429141-2238-4EEC-90A5-16C03A46D24E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6E209E49-9083-4A10-AF30-E7C5A41B1A8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7C107856-E508-4A5E-963D-6B8ABC85605B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{819AFA8F-FB1A-436B-9506-CC8190DDB8ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8FABBD77-F958-4F58-A454-BCEFAE4BDA3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{93A1AB46-3B9F-4916-A45F-5735B28E23FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{96273C52-5658-4C57-88EB-90C3139BE5B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9759F2F8-A927-4E53-837A-088683EBB805}" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{97EAF46D-98C3-4DC0-8151-D2D104E0F624}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{98651290-AEF4-4620-B25D-BD749C1F8169}" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{A1135F23-AD9F-4A63-A730-593EB3DA9EB5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A1AF1DE9-2804-422D-A608-425641EB7DC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A60F5688-1149-4017-9AE8-4E93632EBD5F}" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{AA41F950-320F-466B-8FA8-AC3ED91F4F34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AABC3BB6-308F-425E-90A3-F6704B6C1289}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AD35A598-7620-4048-B740-503261F8F19B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ADCFD34E-6A85-41AB-9587-3B8B101E5C43}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B28CF1DC-6745-4B7F-B6C6-F8593A0DEB37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6E1B303-55C4-4F5B-BCA3-74BD4EE129AE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{C1134623-5C74-454F-AF80-456F682158E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CAF07322-8E40-41BA-BC1B-66769762E1D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB081CD7-44A3-47E1-9639-46D13C261343}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 
"{EC3A5215-D5BF-416F-81D3-18F0E3FF64F4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{EDD9376A-02F1-4267-B243-9D8C79963C8F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F53AB695-A3CF-40ED-A827-C7E35BAB64AC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F627A7F7-FCBE-4A0A-BC14-98613FD33B4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F8C74914-625E-4CC1-AA10-FD0B5C3AFA83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9C7EFA6-2ED5-42BD-B4CD-768684E28971}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{2AB4E444-EED8-478C-BBB0-4ADB356371AA}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe | 
"TCP Query User{821B9BCD-396B-4DFD-B986-3440A79F9012}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{9208993D-0038-45A2-A8A7-6C82F1CB9D0F}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe | 
"TCP Query User{C0FFD717-5898-49D8-BBA4-3403FCA4A36D}D:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
"TCP Query User{C74C0A1E-EE4F-452A-96AB-002659DB2BE3}D:\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{D36256E0-38E6-4A1A-A2EB-1A9A7ABC6CFD}C:\program files (x86)\corel\windvd11\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\windvd11\windvd.exe | 
"UDP Query User{0EB99A89-CBE7-4E91-9703-D82D0025C68B}D:\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{636AF192-5D84-40F7-9744-81114E5F2936}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe | 
"UDP Query User{728AFEEE-E6BB-46B5-A87F-49F8E486FFA4}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe | 
"UDP Query User{B93DE7AF-FACA-4E8D-94ED-7DEB3E7150E9}C:\program files (x86)\corel\windvd11\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\windvd11\windvd.exe | 
"UDP Query User{C8D6FE59-CB9D-4957-A1D8-74DD87DA1D97}D:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
"UDP Query User{D6145BAC-A789-4131-A27B-AF6BB39F8BD5}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"VLC media player" = VLC media player 2.1.0-git
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.eu" = PokerStars.eu
"PROHYBRIDR" = 2007 Microsoft Office system
"TuneUp Utilities 2012" = TuneUp Utilities 2012
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.01.2013 00:33:39 | Computer Name = Basislager | Source = Bonjour Service | ID = 100
Description = 
 
Error - 29.01.2013 00:33:39 | Computer Name = Basislager | Source = Bonjour Service | ID = 100
Description = 
 
Error - 29.01.2013 00:33:39 | Computer Name = Basislager | Source = Bonjour Service | ID = 100
Description = 
 
Error - 29.01.2013 09:39:37 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.01.2013 09:39:51 | Computer Name = Basislager | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 24.0.1312.56, Zeitstempel
 0x50f8e9e4, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733e1,
 Ausnahmecode 0xc0000374, Fehleroffset 0x000ababb,  Prozess-ID 0xc1c, Anwendungsstartzeit
 01cdfe261a225971.
 
Error - 29.01.2013 09:45:54 | Computer Name = Basislager | Source = VSS | ID = 8194
Description = 
 
Error - 29.01.2013 10:06:44 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.01.2013 10:07:19 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.01.2013 10:10:30 | Computer Name = Basislager | Source = ESENT | ID = 215
Description = WinMail (3556) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 29.01.2013 10:10:31 | Computer Name = Basislager | Source = ESENT | ID = 215
Description = WinMail (3828) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 29.01.2013 10:38:51 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 30.12.2012 06:27:07 | Computer Name = Basislager | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 171837
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.09.2012 15:40:13 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.09.2012 15:40:19 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.09.2012 15:40:26 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.09.2012 15:40:31 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 12.09.2012 15:40:35 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 13.09.2012 07:28:15 | Computer Name = Herzchen-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 13.09.2012 07:28:57 | Computer Name = Herzchen-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.09.2012 06:12:38 | Computer Name = Herzchen-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 14.09.2012 06:13:15 | Computer Name = Herzchen-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 15.09.2012 03:34:40 | Computer Name = Herzchen-PC | Source = HTTP | ID = 15016
Description = 
 
[ TuneUp Events ]
Error - 03.11.2012 04:54:17 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 03.11.2012 04:54:17 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.11.2012 09:46:02 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.11.2012 09:46:02 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
ich hoffe, ich hab jetzt alles richtig gemacht.

Alt 31.01.2013, 10:51   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.01.2013, 15:29   #6
inspigate
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Hallo,

nein. weitere Logs habe ich nicht. Ich hab auch abgesehen von den in eurer Checkliste geforderten Programmen nix weiter auf meinem Rechner. Auch kein Anti Virus Scanner oder so. Eine Art Überprüfung oder Scan habe ich zum ersten Mal gemacht.

Alt 31.01.2013, 15:33   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.01.2013, 16:49   #8
inspigate
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Hallo,

nachfolgend nun die Logs...

aswMBR.txt

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-31 16:20:27
-----------------------------
16:20:27.335    OS Version: Windows x64 6.0.6002 Service Pack 2
16:20:27.336    Number of processors: 4 586 0x170A
16:20:27.336    ComputerName: BASISLAGER  UserName: Herzchen
16:20:28.163    Initialize success
16:21:31.249    AVAST engine defs: 13013100
16:21:47.052    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004c
16:21:47.055    Disk 0 Vendor: ST315005 CC34 Size: 1430799MB BusType: 8
16:21:47.066    Disk 0 MBR read successfully
16:21:47.069    Disk 0 MBR scan
16:21:47.074    Disk 0 Windows VISTA default MBR code
16:21:47.085    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12000 MB offset 2048
16:21:47.097    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       168701 MB offset 24578048
16:21:47.115    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS      1249796 MB offset 370077696
16:21:47.150    Disk 0 scanning C:\Windows\system32\drivers
16:21:56.531    Service scanning
16:22:14.689    Modules scanning
16:22:14.700    Disk 0 trace - called modules:
16:22:14.717    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys 
16:22:14.723    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005aac790]
16:22:14.732    3 CLASSPNP.SYS[fffffa60007cfc33] -> nt!IofCallDriver -> [0xfffffa8003c5aaf0]
16:22:14.739    5 acpi.sys[fffffa60008fffde] -> nt!IofCallDriver -> \Device\0000004c[0xfffffa8004068060]
16:22:16.062    AVAST engine scan C:\Windows
16:22:17.749    AVAST engine scan C:\Windows\system32
16:25:52.167    AVAST engine scan C:\Windows\system32\drivers
16:26:07.103    AVAST engine scan C:\Users\Herzchen
16:31:38.967    Disk 0 MBR has been saved successfully to "C:\Users\Herzchen\Documents\MBR.dat"
16:31:38.979    The log file has been saved successfully to "C:\Users\Herzchen\Documents\aswMBR.txt"
16:37:03.289    AVAST engine scan C:\ProgramData
16:38:26.889    Scan finished successfully
16:43:04.194    Disk 0 MBR has been saved successfully to "C:\Users\Herzchen\Documents\MBR.dat"
16:43:04.213    The log file has been saved successfully to "C:\Users\Herzchen\Documents\aswMBR.txt"
16:43:42.046    Disk 0 MBR has been saved successfully to "C:\Users\Herzchen\Documents\MBR.dat"
16:43:42.053    The log file has been saved successfully to "C:\Users\Herzchen\Documents\aswMBR.txt"
         

TDSSKiller

Code:
ATTFilter
16:44:08.0188 4564  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:44:08.0346 4564  ============================================================
16:44:08.0346 4564  Current date / time: 2013/01/31 16:44:08.0346
16:44:08.0346 4564  SystemInfo:
16:44:08.0346 4564  
16:44:08.0346 4564  OS Version: 6.0.6002 ServicePack: 2.0
16:44:08.0346 4564  Product type: Workstation
16:44:08.0346 4564  ComputerName: BASISLAGER
16:44:08.0346 4564  UserName: Herzchen
16:44:08.0346 4564  Windows directory: C:\Windows
16:44:08.0346 4564  System windows directory: C:\Windows
16:44:08.0346 4564  Running under WOW64
16:44:08.0346 4564  Processor architecture: Intel x64
16:44:08.0346 4564  Number of processors: 4
16:44:08.0346 4564  Page size: 0x1000
16:44:08.0346 4564  Boot type: Normal boot
16:44:08.0346 4564  ============================================================
16:44:08.0957 4564  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:08.0973 4564  ============================================================
16:44:08.0973 4564  \Device\Harddisk0\DR0:
16:44:08.0973 4564  MBR partitions:
16:44:08.0973 4564  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1497E800
16:44:08.0973 4564  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x160EF000, BlocksNum 0x98902328
16:44:08.0973 4564  ============================================================
16:44:08.0997 4564  C: <-> \Device\Harddisk0\DR0\Partition1
16:44:09.0072 4564  D: <-> \Device\Harddisk0\DR0\Partition2
16:44:09.0072 4564  ============================================================
16:44:09.0072 4564  Initialize success
16:44:09.0072 4564  ============================================================
16:44:56.0476 4588  ============================================================
16:44:56.0476 4588  Scan started
16:44:56.0476 4588  Mode: Manual; SigCheck; TDLFS; 
16:44:56.0476 4588  ============================================================
16:44:57.0080 4588  ================ Scan system memory ========================
16:44:57.0080 4588  System memory - ok
16:44:57.0080 4588  ================ Scan services =============================
16:44:57.0391 4588  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:44:57.0501 4588  ACPI - ok
16:44:57.0546 4588  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
16:44:57.0571 4588  adfs - ok
16:44:57.0688 4588  [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
16:44:57.0700 4588  Adobe Version Cue CS4 - ok
16:44:57.0722 4588  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:44:57.0732 4588  AdobeARMservice - ok
16:44:57.0771 4588  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:44:57.0792 4588  adp94xx - ok
16:44:57.0832 4588  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:44:57.0850 4588  adpahci - ok
16:44:57.0865 4588  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:44:57.0885 4588  adpu160m - ok
16:44:57.0904 4588  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:44:57.0917 4588  adpu320 - ok
16:44:57.0946 4588  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:44:58.0114 4588  AeLookupSvc - ok
16:44:58.0160 4588  [ 0CC146C4ADDEA45791B18B1E2659F4A9 ] AFD             C:\Windows\system32\drivers\afd.sys
16:44:58.0193 4588  AFD - ok
16:44:58.0268 4588  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:44:58.0279 4588  agp440 - ok
16:44:58.0305 4588  [ 9AD31FA5C184CAFFF018573D58ED763A ] ahcix64s        C:\Windows\system32\drivers\ahcix64s.sys
16:44:58.0326 4588  ahcix64s - ok
16:44:58.0346 4588  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
16:44:58.0359 4588  aic78xx - ok
16:44:58.0375 4588  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
16:44:58.0461 4588  ALG - ok
16:44:58.0492 4588  [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:44:58.0503 4588  aliide - ok
16:44:58.0515 4588  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
16:44:58.0525 4588  amdide - ok
16:44:58.0557 4588  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:44:58.0592 4588  AmdK8 - ok
16:44:58.0624 4588  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
16:44:58.0651 4588  Appinfo - ok
16:44:58.0708 4588  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:44:58.0719 4588  Apple Mobile Device - ok
16:44:58.0738 4588  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
16:44:58.0751 4588  arc - ok
16:44:58.0767 4588  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:44:58.0780 4588  arcsas - ok
16:44:58.0895 4588  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:44:58.0906 4588  aspnet_state - ok
16:44:58.0924 4588  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:44:58.0959 4588  AsyncMac - ok
16:44:58.0993 4588  [ F988BB0690CD660318037908E9B8DBF7 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:44:59.0004 4588  atapi - ok
16:44:59.0038 4588  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:44:59.0069 4588  AudioEndpointBuilder - ok
16:44:59.0093 4588  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:44:59.0126 4588  AudioSrv - ok
16:44:59.0157 4588  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
16:44:59.0207 4588  BFE - ok
16:44:59.0239 4588  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
16:44:59.0296 4588  BITS - ok
16:44:59.0328 4588  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:44:59.0363 4588  blbdrive - ok
16:44:59.0388 4588  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:44:59.0415 4588  bowser - ok
16:44:59.0444 4588  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:44:59.0470 4588  BrFiltLo - ok
16:44:59.0485 4588  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:44:59.0514 4588  BrFiltUp - ok
16:44:59.0534 4588  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
16:44:59.0570 4588  Browser - ok
16:44:59.0718 4588  [ EBBA16A88F517BFB1B7681ABF006C8B0 ] Browser Manager C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
16:44:59.0800 4588  Browser Manager - ok
16:44:59.0836 4588  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
16:44:59.0964 4588  Brserid - ok
16:44:59.0983 4588  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:45:00.0035 4588  BrSerWdm - ok
16:45:00.0056 4588  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:45:00.0108 4588  BrUsbMdm - ok
16:45:00.0130 4588  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:45:00.0181 4588  BrUsbSer - ok
16:45:00.0198 4588  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:45:00.0250 4588  BTHMODEM - ok
16:45:00.0286 4588  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:45:00.0320 4588  cdfs - ok
16:45:00.0349 4588  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:45:00.0373 4588  cdrom - ok
16:45:00.0436 4588  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:45:00.0463 4588  CertPropSvc - ok
16:45:00.0481 4588  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:45:00.0516 4588  circlass - ok
16:45:00.0552 4588  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
16:45:00.0572 4588  CLFS - ok
16:45:00.0645 4588  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:45:00.0656 4588  clr_optimization_v2.0.50727_32 - ok
16:45:00.0682 4588  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:45:00.0694 4588  clr_optimization_v2.0.50727_64 - ok
16:45:00.0750 4588  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:45:00.0762 4588  clr_optimization_v4.0.30319_32 - ok
16:45:00.0809 4588  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:45:00.0821 4588  clr_optimization_v4.0.30319_64 - ok
16:45:00.0837 4588  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:45:00.0847 4588  cmdide - ok
16:45:00.0860 4588  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:45:00.0871 4588  Compbatt - ok
16:45:00.0878 4588  COMSysApp - ok
16:45:00.0946 4588  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:45:00.0957 4588  crcdisk - ok
16:45:00.0980 4588  [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:45:01.0008 4588  CryptSvc - ok
16:45:01.0069 4588  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:45:01.0111 4588  DcomLaunch - ok
16:45:01.0144 4588  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:45:01.0169 4588  DfsC - ok
16:45:01.0247 4588  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
16:45:01.0376 4588  DFSR - ok
16:45:01.0409 4588  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:45:01.0439 4588  Dhcp - ok
16:45:01.0469 4588  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
16:45:01.0482 4588  disk - ok
16:45:01.0516 4588  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:45:01.0545 4588  Dnscache - ok
16:45:01.0565 4588  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:45:01.0594 4588  dot3svc - ok
16:45:01.0626 4588  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
16:45:01.0663 4588  DPS - ok
16:45:01.0705 4588  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:45:01.0731 4588  drmkaud - ok
16:45:01.0762 4588  [ E828CDCA431D1F98D33501DFC390079A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:45:01.0807 4588  DXGKrnl - ok
16:45:01.0838 4588  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
16:45:01.0874 4588  E1G60 - ok
16:45:01.0893 4588  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
16:45:01.0920 4588  EapHost - ok
16:45:01.0961 4588  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:45:01.0977 4588  Ecache - ok
16:45:02.0039 4588  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:45:02.0067 4588  ehRecvr - ok
16:45:02.0128 4588  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
16:45:02.0145 4588  ehSched - ok
16:45:02.0170 4588  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
16:45:02.0247 4588  ehstart - ok
16:45:02.0272 4588  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:45:02.0292 4588  elxstor - ok
16:45:02.0333 4588  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
16:45:02.0378 4588  EMDMgmt - ok
16:45:02.0409 4588  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:45:02.0448 4588  ErrDev - ok
16:45:02.0470 4588  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
16:45:02.0503 4588  EventSystem - ok
16:45:02.0519 4588  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:45:02.0546 4588  exfat - ok
16:45:02.0571 4588  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:45:02.0599 4588  fastfat - ok
16:45:02.0624 4588  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:45:02.0659 4588  fdc - ok
16:45:02.0671 4588  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
16:45:02.0707 4588  fdPHost - ok
16:45:02.0721 4588  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
16:45:02.0774 4588  FDResPub - ok
16:45:02.0782 4588  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:45:02.0793 4588  FileInfo - ok
16:45:02.0813 4588  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:45:02.0844 4588  Filetrace - ok
16:45:02.0890 4588  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:45:02.0913 4588  FLEXnet Licensing Service - ok
16:45:03.0004 4588  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:45:03.0035 4588  FLEXnet Licensing Service 64 - ok
16:45:03.0069 4588  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:45:03.0100 4588  flpydisk - ok
16:45:03.0119 4588  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:45:03.0134 4588  FltMgr - ok
16:45:03.0168 4588  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:45:03.0177 4588  FontCache3.0.0.0 - ok
16:45:03.0194 4588  [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:45:03.0219 4588  Fs_Rec - ok
16:45:03.0236 4588  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:45:03.0249 4588  gagp30kx - ok
16:45:03.0285 4588  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:45:03.0294 4588  GEARAspiWDM - ok
16:45:03.0327 4588  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:45:03.0368 4588  gpsvc - ok
16:45:03.0428 4588  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:45:03.0438 4588  gupdate - ok
16:45:03.0455 4588  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:45:03.0464 4588  gupdatem - ok
16:45:03.0501 4588  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:45:03.0532 4588  HdAudAddService - ok
16:45:03.0567 4588  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:45:03.0613 4588  HDAudBus - ok
16:45:03.0635 4588  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:45:03.0688 4588  HidBth - ok
16:45:03.0705 4588  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:45:03.0758 4588  HidIr - ok
16:45:03.0787 4588  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
16:45:03.0815 4588  hidserv - ok
16:45:03.0832 4588  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:45:03.0858 4588  HidUsb - ok
16:45:03.0880 4588  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:45:03.0917 4588  hkmsvc - ok
16:45:03.0947 4588  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
16:45:03.0958 4588  HpCISSs - ok
16:45:03.0996 4588  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:45:04.0033 4588  HTTP - ok
16:45:04.0069 4588  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
16:45:04.0080 4588  i2omp - ok
16:45:04.0114 4588  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:45:04.0141 4588  i8042prt - ok
16:45:04.0156 4588  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
16:45:04.0171 4588  iaStorV - ok
16:45:04.0228 4588  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:45:04.0260 4588  idsvc - ok
16:45:04.0299 4588  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:45:04.0310 4588  iirsp - ok
16:45:04.0332 4588  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
16:45:04.0367 4588  IKEEXT - ok
16:45:04.0383 4588  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
16:45:04.0393 4588  intelide - ok
16:45:04.0406 4588  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:45:04.0442 4588  intelppm - ok
16:45:04.0463 4588  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:45:04.0502 4588  IPBusEnum - ok
16:45:04.0540 4588  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:45:04.0567 4588  IpFilterDriver - ok
16:45:04.0595 4588  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:45:04.0617 4588  iphlpsvc - ok
16:45:04.0621 4588  IpInIp - ok
16:45:04.0634 4588  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
16:45:04.0671 4588  IPMIDRV - ok
16:45:04.0690 4588  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
16:45:04.0729 4588  IPNAT - ok
16:45:04.0776 4588  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:45:04.0808 4588  iPod Service - ok
16:45:04.0840 4588  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:45:04.0875 4588  IRENUM - ok
16:45:04.0887 4588  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:45:04.0898 4588  isapnp - ok
16:45:04.0931 4588  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:45:04.0947 4588  iScsiPrt - ok
16:45:04.0971 4588  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:45:04.0981 4588  iteatapi - ok
16:45:05.0001 4588  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
16:45:05.0011 4588  iteraid - ok
16:45:05.0040 4588  [ 98E7D6164EBA27EF25835F95910E622C ] JRAID           C:\Windows\system32\drivers\jraid.sys
16:45:05.0065 4588  JRAID - ok
16:45:05.0081 4588  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:45:05.0092 4588  kbdclass - ok
16:45:05.0107 4588  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:45:05.0133 4588  kbdhid - ok
16:45:05.0150 4588  [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso          C:\Windows\system32\lsass.exe
16:45:05.0178 4588  KeyIso - ok
16:45:05.0202 4588  [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:45:05.0225 4588  KSecDD - ok
16:45:05.0255 4588  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:45:05.0290 4588  ksthunk - ok
16:45:05.0326 4588  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:45:05.0370 4588  KtmRm - ok
16:45:05.0413 4588  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:45:05.0437 4588  LanmanServer - ok
16:45:05.0496 4588  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:45:05.0518 4588  LanmanWorkstation - ok
16:45:05.0538 4588  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:45:05.0574 4588  lltdio - ok
16:45:05.0601 4588  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:45:05.0640 4588  lltdsvc - ok
16:45:05.0659 4588  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:45:05.0695 4588  lmhosts - ok
16:45:05.0712 4588  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:45:05.0724 4588  LSI_FC - ok
16:45:05.0750 4588  [ 5BF5C2F7C5C0D44E584E9CF324FF1047 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:45:05.0779 4588  LSI_SAS - ok
16:45:05.0784 4588  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:45:05.0796 4588  LSI_SCSI - ok
16:45:05.0815 4588  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:45:05.0851 4588  luafv - ok
16:45:05.0867 4588  massfilter - ok
16:45:05.0873 4588  massfilter_hs - ok
16:45:05.0887 4588  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:45:05.0902 4588  Mcx2Svc - ok
16:45:05.0913 4588  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
16:45:05.0924 4588  megasas - ok
16:45:05.0941 4588  [ 42AE08E8A97F6A81D59276FCCDFE6B50 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:45:05.0975 4588  MegaSR - ok
16:45:06.0016 4588  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
16:45:06.0052 4588  MMCSS - ok
16:45:06.0069 4588  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
16:45:06.0104 4588  Modem - ok
16:45:06.0125 4588  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:45:06.0160 4588  monitor - ok
16:45:06.0175 4588  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:45:06.0186 4588  mouclass - ok
16:45:06.0191 4588  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:45:06.0226 4588  mouhid - ok
16:45:06.0240 4588  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:45:06.0252 4588  MountMgr - ok
16:45:06.0271 4588  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:45:06.0284 4588  mpio - ok
16:45:06.0305 4588  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:45:06.0332 4588  mpsdrv - ok
16:45:06.0376 4588  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:45:06.0415 4588  MpsSvc - ok
16:45:06.0427 4588  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:45:06.0438 4588  Mraid35x - ok
16:45:06.0454 4588  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:45:06.0471 4588  MRxDAV - ok
16:45:06.0505 4588  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:45:06.0534 4588  mrxsmb - ok
16:45:06.0557 4588  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:45:06.0575 4588  mrxsmb10 - ok
16:45:06.0601 4588  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:45:06.0616 4588  mrxsmb20 - ok
16:45:06.0634 4588  [ 730B784962D22D2C6481EAE2370E7C8C ] msahci          C:\Windows\system32\drivers\msahci.sys
16:45:06.0645 4588  msahci - ok
16:45:06.0663 4588  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:45:06.0676 4588  msdsm - ok
16:45:06.0690 4588  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
16:45:06.0728 4588  MSDTC - ok
16:45:06.0748 4588  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:45:06.0783 4588  Msfs - ok
16:45:06.0801 4588  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:45:06.0810 4588  msisadrv - ok
16:45:06.0839 4588  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:45:06.0872 4588  MSiSCSI - ok
16:45:06.0876 4588  msiserver - ok
16:45:06.0906 4588  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:45:06.0937 4588  MSKSSRV - ok
16:45:06.0944 4588  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:45:06.0975 4588  MSPCLOCK - ok
16:45:06.0984 4588  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:45:07.0015 4588  MSPQM - ok
16:45:07.0051 4588  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:45:07.0067 4588  MsRPC - ok
16:45:07.0091 4588  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:45:07.0101 4588  mssmbios - ok
16:45:07.0114 4588  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:45:07.0145 4588  MSTEE - ok
16:45:07.0165 4588  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:45:07.0180 4588  Mup - ok
16:45:07.0203 4588  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
16:45:07.0238 4588  napagent - ok
16:45:07.0349 4588  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:45:07.0366 4588  NativeWifiP - ok
16:45:07.0412 4588  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:45:07.0442 4588  NDIS - ok
16:45:07.0475 4588  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:45:07.0501 4588  NdisTapi - ok
16:45:07.0517 4588  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:45:07.0552 4588  Ndisuio - ok
16:45:07.0566 4588  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:45:07.0594 4588  NdisWan - ok
16:45:07.0612 4588  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:45:07.0639 4588  NDProxy - ok
16:45:07.0655 4588  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:45:07.0690 4588  NetBIOS - ok
16:45:07.0708 4588  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
16:45:07.0737 4588  netbt - ok
16:45:07.0754 4588  [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon        C:\Windows\system32\lsass.exe
16:45:07.0767 4588  Netlogon - ok
16:45:07.0810 4588  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
16:45:07.0852 4588  Netman - ok
16:45:07.0887 4588  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:45:07.0898 4588  NetMsmqActivator - ok
16:45:07.0903 4588  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:45:07.0913 4588  NetPipeActivator - ok
16:45:07.0931 4588  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
16:45:07.0971 4588  netprofm - ok
16:45:07.0976 4588  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:45:07.0987 4588  NetTcpActivator - ok
16:45:07.0991 4588  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:45:08.0002 4588  NetTcpPortSharing - ok
16:45:08.0014 4588  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:45:08.0025 4588  nfrd960 - ok
16:45:08.0043 4588  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:45:08.0081 4588  NlaSvc - ok
16:45:08.0099 4588  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:45:08.0125 4588  Npfs - ok
16:45:08.0142 4588  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
16:45:08.0178 4588  nsi - ok
16:45:08.0186 4588  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:45:08.0221 4588  nsiproxy - ok
16:45:08.0276 4588  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:45:08.0340 4588  Ntfs - ok
16:45:08.0386 4588  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
16:45:08.0421 4588  Null - ok
16:45:08.0486 4588  [ 99ED33F7FE39026A477893D92AEA5EF0 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:45:08.0548 4588  NVENETFD - ok
16:45:08.0800 4588  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:45:09.0284 4588  nvlddmkm - ok
16:45:09.0307 4588  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:45:09.0320 4588  nvraid - ok
16:45:09.0343 4588  [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64          C:\Windows\system32\drivers\nvrd64.sys
16:45:09.0355 4588  nvrd64 - ok
16:45:09.0371 4588  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:45:09.0382 4588  nvstor - ok
16:45:09.0402 4588  [ 14E8409CCE4BFC7591F8697A8748DC5B ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
16:45:09.0411 4588  nvstor64 - ok
16:45:09.0460 4588  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:45:09.0492 4588  nvsvc - ok
16:45:09.0574 4588  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:45:09.0631 4588  nvUpdatusService - ok
16:45:09.0680 4588  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:45:09.0693 4588  nv_agp - ok
16:45:09.0699 4588  NwlnkFlt - ok
16:45:09.0707 4588  NwlnkFwd - ok
16:45:09.0786 4588  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:45:09.0805 4588  odserv - ok
16:45:09.0852 4588  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:45:09.0878 4588  ohci1394 - ok
16:45:09.0904 4588  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:45:09.0916 4588  ose - ok
16:45:09.0987 4588  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:45:10.0030 4588  p2pimsvc - ok
16:45:10.0042 4588  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
16:45:10.0068 4588  p2psvc - ok
16:45:10.0094 4588  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
16:45:10.0148 4588  Parport - ok
16:45:10.0173 4588  [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:45:10.0186 4588  partmgr - ok
16:45:10.0207 4588  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:45:10.0236 4588  PcaSvc - ok
16:45:10.0258 4588  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
16:45:10.0273 4588  pci - ok
16:45:10.0286 4588  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:45:10.0296 4588  pciide - ok
16:45:10.0317 4588  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:45:10.0331 4588  pcmcia - ok
16:45:10.0357 4588  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:45:10.0425 4588  PEAUTH - ok
16:45:10.0480 4588  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:45:10.0516 4588  PerfHost - ok
16:45:10.0584 4588  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
16:45:10.0652 4588  pla - ok
16:45:10.0679 4588  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:45:10.0711 4588  PlugPlay - ok
16:45:10.0724 4588  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
16:45:10.0751 4588  PNRPAutoReg - ok
16:45:10.0763 4588  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
16:45:10.0790 4588  PNRPsvc - ok
16:45:10.0859 4588  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:45:10.0895 4588  PolicyAgent - ok
16:45:10.0913 4588  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:45:10.0940 4588  PptpMiniport - ok
16:45:10.0960 4588  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
16:45:10.0994 4588  Processor - ok
16:45:11.0020 4588  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
16:45:11.0046 4588  ProfSvc - ok
16:45:11.0060 4588  [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:45:11.0072 4588  ProtectedStorage - ok
16:45:11.0082 4588  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:45:11.0106 4588  PSched - ok
16:45:11.0136 4588  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
16:45:11.0146 4588  PSI_SVC_2 - ok
16:45:11.0184 4588  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:45:11.0229 4588  ql2300 - ok
16:45:11.0260 4588  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:45:11.0271 4588  ql40xx - ok
16:45:11.0307 4588  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
16:45:11.0325 4588  QWAVE - ok
16:45:11.0335 4588  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:45:11.0348 4588  QWAVEdrv - ok
16:45:11.0355 4588  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:45:11.0385 4588  RasAcd - ok
16:45:11.0395 4588  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
16:45:11.0432 4588  RasAuto - ok
16:45:11.0450 4588  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:45:11.0478 4588  Rasl2tp - ok
16:45:11.0500 4588  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
16:45:11.0531 4588  RasMan - ok
16:45:11.0549 4588  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:45:11.0575 4588  RasPppoe - ok
16:45:11.0607 4588  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:45:11.0621 4588  RasSstp - ok
16:45:11.0637 4588  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:45:11.0667 4588  rdbss - ok
16:45:11.0684 4588  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:45:11.0720 4588  RDPCDD - ok
16:45:11.0743 4588  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
16:45:11.0782 4588  rdpdr - ok
16:45:11.0787 4588  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:45:11.0818 4588  RDPENCDD - ok
16:45:11.0849 4588  [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:45:11.0875 4588  RDPWD - ok
16:45:11.0899 4588  [ 84C83C7577407C4FF6AB1379EE944610 ] regi            C:\Windows\system32\drivers\regi.sys
16:45:11.0909 4588  regi - ok
16:45:11.0934 4588  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:45:11.0966 4588  RemoteAccess - ok
16:45:11.0985 4588  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:45:12.0012 4588  RemoteRegistry - ok
16:45:12.0028 4588  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
16:45:12.0067 4588  RpcLocator - ok
16:45:12.0086 4588  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
16:45:12.0125 4588  RpcSs - ok
16:45:12.0141 4588  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:45:12.0182 4588  rspndr - ok
16:45:12.0199 4588  [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs           C:\Windows\system32\lsass.exe
16:45:12.0213 4588  SamSs - ok
16:45:12.0223 4588  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:45:12.0235 4588  sbp2port - ok
16:45:12.0270 4588  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:45:12.0299 4588  SCardSvr - ok
16:45:12.0338 4588  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
16:45:12.0378 4588  Schedule - ok
16:45:12.0420 4588  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:45:12.0445 4588  SCPolicySvc - ok
16:45:12.0471 4588  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:45:12.0495 4588  SDRSVC - ok
16:45:12.0514 4588  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:45:12.0568 4588  secdrv - ok
16:45:12.0576 4588  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
16:45:12.0612 4588  seclogon - ok
16:45:12.0621 4588  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
16:45:12.0658 4588  SENS - ok
16:45:12.0672 4588  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
16:45:12.0726 4588  Serenum - ok
16:45:12.0744 4588  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
16:45:12.0792 4588  Serial - ok
16:45:12.0801 4588  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:45:12.0832 4588  sermouse - ok
16:45:12.0862 4588  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:45:12.0894 4588  SessionEnv - ok
16:45:12.0912 4588  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:45:12.0943 4588  sffdisk - ok
16:45:12.0954 4588  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:45:12.0986 4588  sffp_mmc - ok
16:45:12.0999 4588  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:45:13.0030 4588  sffp_sd - ok
16:45:13.0040 4588  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:45:13.0086 4588  sfloppy - ok
16:45:13.0105 4588  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:45:13.0142 4588  SharedAccess - ok
16:45:13.0195 4588  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:45:13.0223 4588  ShellHWDetection - ok
16:45:13.0235 4588  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:45:13.0246 4588  SiSRaid2 - ok
16:45:13.0258 4588  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:45:13.0268 4588  SiSRaid4 - ok
16:45:13.0341 4588  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
16:45:13.0443 4588  slsvc - ok
16:45:13.0496 4588  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:45:13.0524 4588  SLUINotify - ok
16:45:13.0563 4588  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:45:13.0590 4588  Smb - ok
16:45:13.0620 4588  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:45:13.0634 4588  SNMPTRAP - ok
16:45:13.0664 4588  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
16:45:13.0676 4588  spldr - ok
16:45:13.0705 4588  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
16:45:13.0732 4588  Spooler - ok
16:45:13.0761 4588  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:45:13.0787 4588  srv - ok
16:45:13.0842 4588  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:45:13.0871 4588  srv2 - ok
16:45:13.0889 4588  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:45:13.0904 4588  srvnet - ok
16:45:13.0928 4588  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:45:13.0966 4588  SSDPSRV - ok
16:45:14.0003 4588  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:45:14.0019 4588  SstpSvc - ok
16:45:14.0083 4588  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:45:14.0101 4588  Stereo Service - ok
16:45:14.0163 4588  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
16:45:14.0190 4588  stisvc - ok
16:45:14.0235 4588  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:45:14.0246 4588  swenum - ok
16:45:14.0283 4588  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
16:45:14.0319 4588  swprv - ok
16:45:14.0336 4588  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
16:45:14.0348 4588  Symc8xx - ok
16:45:14.0356 4588  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:45:14.0367 4588  Sym_hi - ok
16:45:14.0382 4588  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:45:14.0393 4588  Sym_u3 - ok
16:45:14.0438 4588  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
16:45:14.0483 4588  SysMain - ok
16:45:14.0504 4588  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:45:14.0522 4588  TabletInputService - ok
16:45:14.0562 4588  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:45:14.0594 4588  TapiSrv - ok
16:45:14.0607 4588  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
16:45:14.0644 4588  TBS - ok
16:45:14.0692 4588  [ 973658A2EA9C06B2976884B9046DFC6C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:45:14.0757 4588  Tcpip - ok
16:45:14.0804 4588  [ 973658A2EA9C06B2976884B9046DFC6C ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:45:14.0847 4588  Tcpip6 - ok
16:45:14.0883 4588  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:45:14.0911 4588  tcpipreg - ok
16:45:14.0928 4588  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:45:14.0964 4588  TDPIPE - ok
16:45:14.0984 4588  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:45:15.0019 4588  TDTCP - ok
16:45:15.0061 4588  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:45:15.0088 4588  tdx - ok
16:45:15.0110 4588  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:45:15.0124 4588  TermDD - ok
16:45:15.0153 4588  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
16:45:15.0190 4588  TermService - ok
16:45:15.0221 4588  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
16:45:15.0238 4588  Themes - ok
16:45:15.0253 4588  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:45:15.0289 4588  THREADORDER - ok
16:45:15.0305 4588  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
16:45:15.0350 4588  TrkWks - ok
16:45:15.0410 4588  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:45:15.0436 4588  TrustedInstaller - ok
16:45:15.0454 4588  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:45:15.0489 4588  tssecsrv - ok
16:45:15.0566 4588  [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
16:45:15.0646 4588  TuneUp.UtilitiesSvc - ok
16:45:15.0683 4588  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
16:45:15.0692 4588  TuneUpUtilitiesDrv - ok
16:45:15.0705 4588  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
16:45:15.0719 4588  tunmp - ok
16:45:15.0759 4588  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:45:15.0773 4588  tunnel - ok
16:45:15.0783 4588  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:45:15.0795 4588  uagp35 - ok
16:45:15.0814 4588  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:45:15.0844 4588  udfs - ok
16:45:15.0867 4588  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:45:15.0904 4588  UI0Detect - ok
16:45:15.0922 4588  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:45:15.0935 4588  uliagpkx - ok
16:45:15.0956 4588  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
16:45:15.0972 4588  uliahci - ok
16:45:15.0992 4588  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:45:16.0005 4588  UlSata - ok
16:45:16.0022 4588  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
16:45:16.0035 4588  ulsata2 - ok
16:45:16.0057 4588  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:45:16.0092 4588  umbus - ok
16:45:16.0107 4588  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
16:45:16.0150 4588  upnphost - ok
16:45:16.0174 4588  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:45:16.0199 4588  USBAAPL64 - ok
16:45:16.0223 4588  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:45:16.0251 4588  usbccgp - ok
16:45:16.0264 4588  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:45:16.0318 4588  usbcir - ok
16:45:16.0361 4588  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:45:16.0388 4588  usbehci - ok
16:45:16.0423 4588  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:45:16.0453 4588  usbhub - ok
16:45:16.0465 4588  [ E406B003A354776D317762694956B0FC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:45:16.0491 4588  usbohci - ok
16:45:16.0511 4588  [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:45:16.0565 4588  usbprint - ok
16:45:16.0590 4588  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:45:16.0618 4588  USBSTOR - ok
16:45:16.0634 4588  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:45:16.0661 4588  usbuhci - ok
16:45:16.0680 4588  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
16:45:16.0708 4588  UxSms - ok
16:45:16.0738 4588  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
16:45:16.0774 4588  vds - ok
16:45:16.0808 4588  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:45:16.0843 4588  vga - ok
16:45:16.0857 4588  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:45:16.0892 4588  VgaSave - ok
16:45:16.0910 4588  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
16:45:16.0919 4588  viaide - ok
16:45:16.0935 4588  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:45:16.0947 4588  volmgr - ok
16:45:16.0964 4588  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:45:16.0984 4588  volmgrx - ok
16:45:17.0042 4588  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:45:17.0057 4588  volsnap - ok
16:45:17.0073 4588  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:45:17.0084 4588  vsmraid - ok
16:45:17.0151 4588  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
16:45:17.0271 4588  VSS - ok
16:45:17.0338 4588  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
16:45:17.0373 4588  W32Time - ok
16:45:17.0389 4588  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:45:17.0443 4588  WacomPen - ok
16:45:17.0456 4588  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:45:17.0483 4588  Wanarp - ok
16:45:17.0488 4588  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:45:17.0514 4588  Wanarpv6 - ok
16:45:17.0533 4588  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:45:17.0560 4588  wcncsvc - ok
16:45:17.0593 4588  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:45:17.0620 4588  WcsPlugInService - ok
16:45:17.0647 4588  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
16:45:17.0658 4588  Wd - ok
16:45:17.0688 4588  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:45:17.0721 4588  Wdf01000 - ok
16:45:17.0743 4588  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:45:17.0780 4588  WdiServiceHost - ok
16:45:17.0785 4588  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:45:17.0821 4588  WdiSystemHost - ok
16:45:17.0837 4588  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
16:45:17.0856 4588  WebClient - ok
16:45:17.0891 4588  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:45:17.0919 4588  Wecsvc - ok
16:45:17.0942 4588  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:45:17.0970 4588  wercplsupport - ok
16:45:17.0989 4588  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
16:45:18.0018 4588  WerSvc - ok
16:45:18.0039 4588  WinDefend - ok
16:45:18.0049 4588  WinHttpAutoProxySvc - ok
16:45:18.0091 4588  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:45:18.0120 4588  Winmgmt - ok
16:45:18.0188 4588  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:45:18.0264 4588  WinRM - ok
16:45:18.0326 4588  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:45:18.0368 4588  Wlansvc - ok
16:45:18.0390 4588  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
16:45:18.0416 4588  WmiAcpi - ok
16:45:18.0434 4588  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:45:18.0463 4588  wmiApSrv - ok
16:45:18.0476 4588  WMPNetworkSvc - ok
16:45:18.0487 4588  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:45:18.0515 4588  WPCSvc - ok
16:45:18.0540 4588  [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:45:18.0565 4588  WPDBusEnum - ok
16:45:18.0592 4588  [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:45:18.0616 4588  WpdUsb - ok
16:45:18.0742 4588  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:45:18.0774 4588  WPFFontCache_v0400 - ok
16:45:18.0808 4588  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:45:18.0839 4588  ws2ifsl - ok
16:45:18.0853 4588  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
16:45:18.0869 4588  wscsvc - ok
16:45:18.0873 4588  WSearch - ok
16:45:18.0943 4588  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:45:19.0042 4588  wuauserv - ok
16:45:19.0086 4588  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:45:19.0122 4588  WUDFRd - ok
16:45:19.0134 4588  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:45:19.0172 4588  wudfsvc - ok
16:45:19.0199 4588  ZTEusbmdm6k - ok
16:45:19.0207 4588  ZTEusbnmea - ok
16:45:19.0214 4588  ZTEusbser6k - ok
16:45:19.0219 4588  ================ Scan global ===============================
16:45:19.0247 4588  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:45:19.0277 4588  [ E5E5E593D4850B0AA24CF58B552147F3 ] C:\Windows\system32\winsrv.dll
16:45:19.0291 4588  [ E5E5E593D4850B0AA24CF58B552147F3 ] C:\Windows\system32\winsrv.dll
16:45:19.0326 4588  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:45:19.0331 4588  [Global] - ok
16:45:19.0332 4588  ================ Scan MBR ==================================
16:45:19.0356 4588  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:45:19.0476 4588  \Device\Harddisk0\DR0 - ok
16:45:19.0477 4588  ================ Scan VBR ==================================
16:45:19.0480 4588  [ A5DD2CE361F123247B19CCA1A2278F18 ] \Device\Harddisk0\DR0\Partition1
16:45:19.0481 4588  \Device\Harddisk0\DR0\Partition1 - ok
16:45:19.0496 4588  [ 0D20E2B48EC0234362B04F27802E17D4 ] \Device\Harddisk0\DR0\Partition2
16:45:19.0498 4588  \Device\Harddisk0\DR0\Partition2 - ok
16:45:19.0498 4588  ============================================================
16:45:19.0498 4588  Scan finished
16:45:19.0498 4588  ============================================================
16:45:19.0513 4772  Detected object count: 0
16:45:19.0513 4772  Actual detected object count: 0
         

Alt 31.01.2013, 16:50   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.01.2013, 17:49   #10
inspigate
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



alles erledigt. Ich Poste nachfolgend die beiden Logs ( einmal nach dem ersten Scan und nach dem zweiten ).

mbar-log1

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.18.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Herzchen :: BASISLAGER [administrator]

31.01.2013 17:15:27
mbar-log-2013-01-31 (17-15-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 11030
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
c:\Users\Herzchen\Downloads\video_downloader (1).exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Users\Herzchen\Downloads\video_downloader (2).exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Users\Herzchen\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Delete on reboot.

(end)
         
mbar-log2

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.31.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Herzchen :: BASISLAGER [administrator]

31.01.2013 17:42:47
mbar-log-2013-01-31 (17-42-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 11038
Time elapsed: 13 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 01.02.2013, 10:48   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.02.2013, 19:37   #12
inspigate
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



nachdem sich gestern abend die geschwindigkeit meines Rechners plötzlich wieder dem üblichen Speed anpasste... war ich schon erstaunt und dachte, das nun die Probleme bewältigt wurden.

Leider nicht.

Heute zieht sich plötzlich wieder alles wie Käse...

Es dauert ewig, bis alles hochgefahren ist. Wenn ich via chrome ins netz gehen will, dauert es ewigkeiten, bis sich die Seiten aufbauen...

bevor ich den rechner gestern runterfuhr, habe ich eine Seite besucht, die nur via internet explorer nutzbare inhalte anzeigt ( ein bekanntes videoportal mit streaming filmen ). ich nutze den IE sehr ungern, wollte aber eine HD Neuerscheinung sofort gnießen...

der Task Manager zeigt eine CPU Auslastung von 25%...
Auf einmal tauchten da Prozesse auf, die ich nicht kenne oder die nicht geöffnet sind ( 7 x Chrome, z.B. ). Die beendete ich auch alle. Dann fiel mir ein Prozess explorer.exe auf, der viel Leistung fraß.

als ich auch diese beendete, war aufeinmal der Bildschirm leer. Bis auf mein wallpaper alles weg. Ordner, Taskleiste, alles weg. Ich habe den Rechner dann mittels Task Manager neu gestartet. trotzdem ist dieser Dienst explorer.exe noch aktiv. Das kann doch nur der IE sein oder?

ach,

ich hatte die letzte Antwort nicht gesehen. Ist ja eine neue Seite aufgegangen.
Das werde ich jetzt versuchen.

so...

ADwCleaner:

Code:
ATTFilter
OTL Extras logfile created on: 01.02.2013 19:46:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Herzchen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,36% Memory free
8,17 Gb Paging File | 6,74 Gb Available in Paging File | 82,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164,75 Gb Total Space | 18,18 Gb Free Space | 11,03% Space Free | Partition Type: NTFS
Drive D: | 1220,50 Gb Total Space | 1193,60 Gb Free Space | 97,80% Space Free | Partition Type: NTFS
 
Computer Name: BASISLAGER | User Name: Herzchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 87 5E 01 2E 2A FE CD 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0925116D-B0C7-4B20-A9C8-8670CDB77106}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{0EACFC2C-B60D-4753-A25F-2D2F026AD3D6}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{0EDFBC48-3313-42FB-804C-1B7A336F447E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{137D3F6E-EC67-4EB0-90F1-964DD33AEC3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C264855-E63F-4AA4-B8DE-9227AB894E48}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1FC6DE7F-8182-4A6B-B343-1C5D5E084F32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2DD6081A-7E53-46CA-983B-486901C1A99E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3FEE8A70-1584-4EB6-9668-25FD05CDEE31}" = rport=139 | protocol=6 | dir=out | app=system | 
"{423A9AF7-36EB-43F8-9D14-6C42BFACE4BF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{43B2BDB7-3C4A-4612-A2BF-4FE5F296058B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4CA3F155-DA3F-42B2-BA3D-B8A693325C0A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{50415946-626E-40BF-B32C-5D2DC26C7EDB}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{55E811BF-73CD-4B4A-9A5A-FAE2A2316ED7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6C770C96-014F-435D-A247-D5A6F9D5E991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C8B389C-0B46-4159-A922-00784D180E52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E62B7ED-CB93-4F41-8C9E-738B99479257}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{802DD5D0-EA30-421D-9C68-767F9658866F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{83D69F3B-E991-4B4A-897E-CE9DC873976E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{84F41BBC-21AC-4717-ADD9-40C4D68BCA28}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8804F9EF-E67E-4CED-8E48-B25F1B709513}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8EB8C011-EA6B-4FAE-9CCA-FA433224AF8E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{948429EB-B723-450A-A142-50FB7A341AD1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{98AE2A01-BE8D-4313-8381-EDD5FF5F0797}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A4E00D8D-D527-4FCC-B499-B5E3D8842CA9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B5E20F9A-ED04-4E85-BDD4-8A8D76BA4576}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{BB235248-AFDD-4567-986B-D3EAF5A285C1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C06A1926-4B61-4635-A1EA-CB2855A392BA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D7050CB2-3DD3-41D3-88B9-B8A145B6951E}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{DEE26011-C430-437D-87EE-C0D37E395E1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E030A802-7BED-4FE1-ACA8-FAB17DED6E7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6B7AB9A-2950-45AB-AF08-1C6390E9937C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E998853A-0E33-40DD-B709-EA061B9BD08B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F9FA3DEA-31B0-412B-AA69-61B3756A7DA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FC9A3D88-91A9-44A1-B119-2058E588CF7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033D10F6-4958-420C-A0B9-5479BB94DA27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{061A8114-B7D6-4678-8071-7E765BBFFF49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{17CE8588-BCD3-42C6-BF3D-91A8423DB40E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1AFFBBC8-A0B8-4C83-9138-63BEEFE7D36E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{205D4B1D-F47B-4681-AAD2-B896DAD8FEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{22038800-5519-4E5A-B79A-095A370ED6E9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{2E315945-7481-43F0-9872-EB9994C5B1AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{39B17692-4F2D-4DF5-A6F2-31FD3BAF8B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{3A4E7557-A1A7-4A7C-B2B7-E3782B6BAA92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C83B862-22D4-4187-BCC3-E5D483BB226C}" = protocol=6 | dir=out | app=system | 
"{3FE5DD4B-C231-420A-BFD3-8E6C51F75670}" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{471455FE-0C47-40C6-A6BA-36603615459E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{479296B4-F7A3-47C0-9AF5-B65F4D33D0C9}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 
"{4E429141-2238-4EEC-90A5-16C03A46D24E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6E209E49-9083-4A10-AF30-E7C5A41B1A8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7C107856-E508-4A5E-963D-6B8ABC85605B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{819AFA8F-FB1A-436B-9506-CC8190DDB8ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8FABBD77-F958-4F58-A454-BCEFAE4BDA3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{93A1AB46-3B9F-4916-A45F-5735B28E23FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{96273C52-5658-4C57-88EB-90C3139BE5B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9759F2F8-A927-4E53-837A-088683EBB805}" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{97EAF46D-98C3-4DC0-8151-D2D104E0F624}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{98651290-AEF4-4620-B25D-BD749C1F8169}" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{A1135F23-AD9F-4A63-A730-593EB3DA9EB5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A1AF1DE9-2804-422D-A608-425641EB7DC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A60F5688-1149-4017-9AE8-4E93632EBD5F}" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{AA41F950-320F-466B-8FA8-AC3ED91F4F34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AABC3BB6-308F-425E-90A3-F6704B6C1289}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AD35A598-7620-4048-B740-503261F8F19B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ADCFD34E-6A85-41AB-9587-3B8B101E5C43}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B28CF1DC-6745-4B7F-B6C6-F8593A0DEB37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6E1B303-55C4-4F5B-BCA3-74BD4EE129AE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{C1134623-5C74-454F-AF80-456F682158E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CAF07322-8E40-41BA-BC1B-66769762E1D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EB081CD7-44A3-47E1-9639-46D13C261343}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe | 
"{EC3A5215-D5BF-416F-81D3-18F0E3FF64F4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{EDD9376A-02F1-4267-B243-9D8C79963C8F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F53AB695-A3CF-40ED-A827-C7E35BAB64AC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F627A7F7-FCBE-4A0A-BC14-98613FD33B4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F8C74914-625E-4CC1-AA10-FD0B5C3AFA83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9C7EFA6-2ED5-42BD-B4CD-768684E28971}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{2AB4E444-EED8-478C-BBB0-4ADB356371AA}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe | 
"TCP Query User{821B9BCD-396B-4DFD-B986-3440A79F9012}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{9208993D-0038-45A2-A8A7-6C82F1CB9D0F}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe | 
"TCP Query User{C0FFD717-5898-49D8-BBA4-3403FCA4A36D}D:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
"TCP Query User{C74C0A1E-EE4F-452A-96AB-002659DB2BE3}D:\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{D36256E0-38E6-4A1A-A2EB-1A9A7ABC6CFD}C:\program files (x86)\corel\windvd11\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\windvd11\windvd.exe | 
"UDP Query User{0EB99A89-CBE7-4E91-9703-D82D0025C68B}D:\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{636AF192-5D84-40F7-9744-81114E5F2936}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe | 
"UDP Query User{728AFEEE-E6BB-46B5-A87F-49F8E486FFA4}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe | 
"UDP Query User{B93DE7AF-FACA-4E8D-94ED-7DEB3E7150E9}C:\program files (x86)\corel\windvd11\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\windvd11\windvd.exe | 
"UDP Query User{C8D6FE59-CB9D-4957-A1D8-74DD87DA1D97}D:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe | 
"UDP Query User{D6145BAC-A789-4131-A27B-AF6BB39F8BD5}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"VLC media player" = VLC media player 2.1.0-git
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.eu" = PokerStars.eu
"PROHYBRIDR" = 2007 Microsoft Office system
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Videoload Manager" = Videoload Manager 2.0.2220
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1126968076-1765972169-4211579686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.01.2013 12:23:32 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.01.2013 09:49:44 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.01.2013 10:23:48 | Computer Name = Basislager | Source = ESENT | ID = 455
Description = Catalog Database (1140) Catalog Database: Fehler -1811 beim Öffnen
 von Protokolldatei C:\Windows\system32\CatRoot2\edb00202.log.
 
Error - 31.01.2013 10:23:48 | Computer Name = Basislager | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description = 
 
Error - 31.01.2013 10:24:22 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.01.2013 12:23:31 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.01.2013 12:26:19 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 06:11:55 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 12:29:10 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 14:26:36 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2013 14:44:24 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 30.12.2012 06:27:07 | Computer Name = Basislager | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 171837
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.02.2013 09:40:58 | Computer Name = Basislager | Source = nvstor64 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
 
Error - 01.02.2013 12:28:14 | Computer Name = Basislager | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 01.02.2013 12:29:49 | Computer Name = Basislager | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 01.02.2013 12:29:49 | Computer Name = Basislager | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.02.2013 14:25:34 | Computer Name = Basislager | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 01.02.2013 14:27:15 | Computer Name = Basislager | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 01.02.2013 14:27:15 | Computer Name = Basislager | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.02.2013 14:43:24 | Computer Name = Basislager | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 01.02.2013 14:45:00 | Computer Name = Basislager | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 01.02.2013 14:45:00 | Computer Name = Basislager | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 03.11.2012 04:54:17 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 03.11.2012 04:54:17 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.11.2012 09:46:02 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 08.11.2012 09:46:02 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         


Auch, wenn das was von "Babylon Suchmaschine gelöscht" steht in diesem Log, ist sie noch da. Das habe ich festgestellt, als ich nach erfolgtem Scan die Seite mit diesem Forum laden wollte um mir die nächsten Schritte anzusehen. Wieder kam die Seite mit der Suchmaschine in einem Tab vor der Reiterkarte mit der Chrome Google Startseite...


OTL:

Code:
ATTFilter
OTL logfile created on: 01.02.2013 19:46:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Herzchen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,36% Memory free
8,17 Gb Paging File | 6,74 Gb Available in Paging File | 82,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164,75 Gb Total Space | 18,18 Gb Free Space | 11,03% Space Free | Partition Type: NTFS
Drive D: | 1220,50 Gb Total Space | 1193,60 Gb Free Space | 97,80% Space Free | Partition Type: NTFS
 
Computer Name: BASISLAGER | User Name: Herzchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Herzchen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
PRC - D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (AMD Technologies Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE463
IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
 
[2012.12.02 17:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=114350&tt=4812_3&babsrc=SP_ss&mntrId=f093fd0d000000000000002421dec62d
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O3 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..Trusted Domains: corel.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..Trusted Domains: corel.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EE8DB3E-B5B8-4A74-8C1B-93E4F9AF9230}: NameServer = 192.168.0.1,8.8.8.8
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261123~1.78\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Herzchen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Herzchen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.21 14:00:11 | 000,000,000 | ---D | M] - D:\Autoplay -- [ NTFS ]
O32 - AutoRun File - [2010.04.02 13:03:16 | 003,048,072 | ---- | M] () - D:\autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2010.03.29 17:24:43 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.01 00:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\mpDRM
[2013.02.01 00:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mpDRM
[2013.02.01 00:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\fluxDVD
[2013.02.01 00:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\fluxDVD
[2013.02.01 00:19:49 | 000,000,000 | ---D | C] -- C:\Users\Herzchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoload Manager
[2013.02.01 00:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoload Manager
[2013.02.01 00:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Videoload Manager
[2013.01.31 17:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.31 17:03:35 | 000,000,000 | ---D | C] -- C:\Users\Herzchen\Desktop\mbar-1.01.0.1017
[2013.01.31 16:33:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Herzchen\Desktop\tdsskiller.exe
[2013.01.31 16:18:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Herzchen\Desktop\aswMBR.exe
[2013.01.30 17:25:56 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.01.30 17:25:56 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.30 17:25:56 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.01.30 17:25:47 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.01.30 17:25:47 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013.01.30 17:25:47 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.01.30 17:25:47 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013.01.30 17:25:47 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.01.30 17:25:47 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013.01.30 17:25:42 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.01.30 17:25:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013.01.30 17:25:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.01.30 17:25:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013.01.29 22:53:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.01.29 21:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.29 21:46:55 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.29 21:46:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.29 21:46:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.29 21:46:29 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.29 21:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.29 18:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.29 18:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2013.01.29 15:02:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2013.01.29 14:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.01 19:49:02 | 001,684,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.01 19:49:02 | 000,718,376 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.01 19:49:02 | 000,671,466 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.01 19:49:02 | 000,164,672 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.01 19:49:02 | 000,134,744 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.01 19:42:59 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.01 19:42:49 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 19:42:48 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.01 19:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 19:41:32 | 000,000,628 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.01 19:40:13 | 000,580,235 | ---- | M] () -- C:\Users\Herzchen\Desktop\adwcleaner.exe
[2013.02.01 19:05:30 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.31 17:02:51 | 013,562,257 | ---- | M] () -- C:\Users\Herzchen\Desktop\mbar-1.01.0.1017.zip
[2013.01.31 16:43:42 | 000,000,512 | ---- | M] () -- C:\Users\Herzchen\Documents\MBR.dat
[2013.01.31 16:33:17 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Herzchen\Desktop\tdsskiller.exe
[2013.01.31 16:19:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Herzchen\Desktop\aswMBR.exe
[2013.01.30 17:36:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.30 17:36:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.29 21:45:59 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.29 21:45:56 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.29 21:45:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.29 21:45:55 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.01.29 21:45:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.29 18:33:56 | 000,001,567 | ---- | M] () -- C:\Users\Herzchen\Documents\gmer.7z
[2013.01.29 16:14:22 | 000,000,000 | ---- | M] () -- C:\Users\Herzchen\defogger_reenable
[2013.01.29 15:07:56 | 001,571,838 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.29 15:06:29 | 002,988,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.29 14:39:42 | 002,128,937 | ---- | M] () -- C:\Users\Herzchen\Desktop\Foto 2.JPG
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.01 19:41:24 | 000,000,628 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.01 19:40:42 | 000,580,235 | ---- | C] () -- C:\Users\Herzchen\Desktop\adwcleaner.exe
[2013.01.31 17:02:59 | 013,562,257 | ---- | C] () -- C:\Users\Herzchen\Desktop\mbar-1.01.0.1017.zip
[2013.01.31 16:31:38 | 000,000,512 | ---- | C] () -- C:\Users\Herzchen\Documents\MBR.dat
[2013.01.29 18:33:56 | 000,001,567 | ---- | C] () -- C:\Users\Herzchen\Documents\gmer.7z
[2013.01.29 16:14:22 | 000,000,000 | ---- | C] () -- C:\Users\Herzchen\defogger_reenable
[2012.10.26 19:20:36 | 001,571,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.03 23:41:55 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.09.03 23:41:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2012.08.29 15:34:36 | 000,000,995 | ---- | C] () -- C:\Windows\eReg.dat
[2012.08.29 15:00:38 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.07.18 20:48:39 | 000,005,120 | ---- | C] () -- C:\Users\Herzchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.31 15:25:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.12.24 15:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.12.24 15:45:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.12.24 15:45:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.12.19 15:04:08 | 000,000,732 | ---- | C] () -- C:\Users\Herzchen\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 17:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         

Alt 02.02.2013, 15:32   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Zitat:
( ein bekanntes videoportal mit streaming filmen )
Von welchem Portal redest du da?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.02.2013, 21:14   #14
inspigate
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Videoload.
Downloaden mit der momentanen Hackelei auf meinem Rechner dauert Ewigkeiten.
Also muss ich streamen und das geht nicht mit Google Chrome, daher hab ich den IE genutzt.
Vielleicht sollte ich mir für die Zukunft als Ersatzbrowser den Firefox besorgen, denn damit gehts auch...

Alt 03.02.2013, 01:48   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Babylon Search Suchmaschine / PC lahmt / Malware? - Standard

Babylon Search Suchmaschine / PC lahmt / Malware?



Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.

So kann man sehen ob sich da ein Hardwareproblem abzeichnet oder der Fehler eher in der Konfig in Windows und/oder im Dateisystem ist.

Lad dir mal sowas wie Knoppix oder Xubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.
Teste dann mal ausgiebig die Internetverbindung unter Linux und berichte ob die Verbindung und das System dort normal schnell oder auch langsam ist.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Babylon Search Suchmaschine / PC lahmt / Malware?
anwendungen, babylon search, explorer, google, installation, internet, internet explorer, lahm, lahmt, malware, office, probleme, programme, rechner, seite, sicherheit, software, startseite, suchmaschine, surfen, systemauslastung, tab, trojaner, verbindung, viren



Ähnliche Themen: Babylon Search Suchmaschine / PC lahmt / Malware?


  1. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 07.06.2014 (9)
  2. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  3. Babylon Search
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (11)
  4. Delta Search Babylon
    Log-Analyse und Auswertung - 28.05.2013 (14)
  5. search.b1.org Suchmaschine / Hijacked?
    Log-Analyse und Auswertung - 27.04.2013 (9)
  6. Babylon search entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.04.2013 (2)
  7. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  8. Babylon Search im Firefox und IE
    Plagegeister aller Art und deren Bekämpfung - 10.02.2013 (37)
  9. Babylon Search
    Log-Analyse und Auswertung - 28.11.2012 (12)
  10. Windows 7 - Firefox andauernde Störung durch Babylon Suchmaschine
    Alles rund um Windows - 27.11.2012 (3)
  11. Babylon Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (8)
  12. U-Search und Startsear - in der Suchmaschine
    Plagegeister aller Art und deren Bekämpfung - 25.10.2012 (19)
  13. Babylon Search Tool
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (23)
  14. Babylon Search im Firefox
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (44)
  15. Firefox Startseite wechselt immer auf Babylon-Suchmaschine
    Alles rund um Windows - 08.04.2012 (3)
  16. Babylon search in Firefox11
    Log-Analyse und Auswertung - 29.03.2012 (7)
  17. Malwareverdacht und Babylon Search
    Plagegeister aller Art und deren Bekämpfung - 01.09.2011 (30)

Zum Thema Babylon Search Suchmaschine / PC lahmt / Malware? - Hallo liebe Forumsgemeinde, meinen Rechner nutze ich als Laie hauptsächlich beruflich ( Office Anwendungen ) und zum surfen im Netz. Trotz immenser Defizite im Bereich Sicherheit / Programme und dessen - Babylon Search Suchmaschine / PC lahmt / Malware?...
Archiv
Du betrachtest: Babylon Search Suchmaschine / PC lahmt / Malware? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.