Viren-Scan mit c´t-desinfect zeigt 45 Meldungen, jetzt Startprobleme

walter_h · 13.02.2013, 13:19

Hallo,
arbeite mit einem Asus X53SV-SX218V-Notebook und habe es nun mal über den USB-Stick mit den c´t-Viresscannern gebootet.

Nachdem alle 4 Scanner drübergelaufen waren, kamen 45 Meldungen und die Option, die entsprechenden Dateien mit der Dateiendung .virus zu versehen.

Bei einigen Dateien wusste ich, dass sie für den Betrieb nicht notwendig sind (irgendwelche zip-Sachen), aber es sind auch einige .sys-Dateien mit dabei.

Den Virenfund konnte ich als pdf speichern und habe nun (auf einem anderen Rechner) darauf 2 jpg-Dateien gemacht, meinen Namen in den Verzeichnissen unkenntlich gemacht (bitte um Verständnis) und unten hochgeladen.

Was soll man bei so einer Diagnose nun machen? Neu aufsetzen? Oder kann man da was retten?

Das Notebook läuft übrigens aktuell NICHT an, das "Startup Repair" eiert seit Stunden herum (attempting reparies...)

Um es wieder zum laufen zu bekommen, wollte ich jetzt nochmal mit dem Stick booten und dann halt die Dateien wieder umtaufen auf die Original-Namen.

Ach ja, BS ist Win7 Home Premium

Psychotic · 13.02.2013, 13:46

Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!

Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!

walter_h · 13.02.2013, 13:54

Ich schau was ich machen kann. Es ist halt so, dass der betroffene Rechner ja nicht mehr hochfährt und ich das Logfile sozusagen nur im pdf-Format habe.

Das malware-programm lade ich mir also erst mal auf den jetzt benutzten Zweitrechner runter.

Würde das Programm auch funktionieren, wenn ich die Festplatte auf dem betroffenen Rechner ausbaue und als Laufwerk an den Zweitrechner anschließe? Oder muss es zwingend vom betroffenen Rechner aus laufen?

Psychotic · 13.02.2013, 14:40

Es sieht so aus, dass diese tolle CD pauschal mehrere wichtige Systemdateien umbenannt oder gelöscht hat.

Wenn startup repair dies nicht hinbekommt, wirst du um eine Neuinstallation nicht herumkommen.

walter_h · 13.02.2013, 15:36

Das sind ja Nachrichten...
Schon mal ne GUTE Nachricht: das Malwarebytesprogramm lief auf dem Zweitrechner gerade durch (im Quick-Modus, dennoch rund 2 h) und hat NICHTS gefunden.

Aktuell hab ich den Asus-Rechner noch mal vom USB-Stick hochgefahren und jetzt seh ich nach, ob die Systemdateien noch auffindbar sind - dann nenn ich sie um und hoffe, dass das System dann wieder hochfährt.

..hab noch mal nachgehen, malwarebytes sagt, es hätte rund 24 Minuten gescannt.

Mit viel Mühe habe ich jetzt auf dem ASUS die Dateien wieder umbenannt. Und zwar die, die was mit dem System zu tun haben. Die anderen Dateien wie oszi.zip etc., die durch mein eigenes Zutun auf den Rechner gelangt sind, habe ich mal NICHT umbenannt.

Der Asus ist beim ersten mal in den Reparier-Modus gegangen und hat die Platte überprüft, dann hat er normal gestartet und verhält sich jetzt unauffällig.

Natürlich habe ich sofort Malwarebytes heruntergeladen, aktualisiert und nen Quickscan gemacht: 0 Infektionen.

Jetzt lass ich nen ausführlichen Scan drüberlaufen.

walter_h · 13.02.2013, 22:34

So, die große Runde ist jetzt fertig. Allerdings konnte Malwarebytes auch dieses mal nix finden. Anbei die entsprechende log-Datei.

Psychotic · 14.02.2013, 06:22

Prima!

Dann kannst du die Schritte abarbeiten, die ich dir geschickt habe - ich gehe zwar von einer Menge falscher Erkennungen aus, aber wir sollten auf Nummer sicher gehen.

walter_h · 14.02.2013, 11:29

Zitat:

Zitat von Psychotic

Prima!

Dann kannst du die Schritte abarbeiten, die ich dir geschickt habe - ich gehe zwar von einer Menge falscher Erkennungen aus, aber wir sollten auf Nummer sicher gehen.

Also defogger, OTL und GMER abarbeiten?

Psychotic · 14.02.2013, 11:30

richtig!

walter_h · 14.02.2013, 12:58

Ich hab defogger und otl erst mal bei meinem Zweitrechner laufen lassen.
defogger endete mit "ok". Anbei die zwei txt-Dateien, die otl erzeugt hat.

Auf dem Asus lief defogger auch mit ok durch. otl läuft gerade, alles mit den default-Werten und Quickscan.

walter_h · 14.02.2013, 12:59

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.02.2013 12:01:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,29% Memory free
3,85 Gb Paging File | 3,39 Gb Available in Paging File | 88,14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 146,57 Gb Total Space | 17,97 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
 
Computer Name: R40 | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 11:59:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\Downloads\OTL.exe
PRC - [2013.02.10 18:19:38 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.08.08 19:43:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 15:52:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:52:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 15:52:25 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.23 11:09:08 | 000,838,656 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.12.23 17:20:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe
PRC - [2011.05.27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011.05.27 14:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011.05.27 14:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011.05.18 17:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011.04.20 13:02:04 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
PRC - [2010.07.20 11:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2010.01.13 09:12:22 | 000,247,784 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndassvc.exe
PRC - [2009.07.29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\MAFWTray.exe
PRC - [2008.09.30 18:18:36 | 001,062,144 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2008.07.22 21:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2008.07.03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
PRC - [2006.10.02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006.05.30 15:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2003.03.27 01:06:02 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2003.02.16 23:30:48 | 000,032,835 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe
PRC - [2003.01.24 14:36:42 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2002.12.19 10:02:22 | 000,491,520 | ---- | M] (IBM) -- C:\Programme\IBM\Messages By IBM\ibmmessages.exe
PRC - [2002.10.30 01:01:00 | 000,204,800 | ---- | M] (IBM Corp.) -- C:\Programme\ThinkPad\Utilities\NPDTRAY.EXE
PRC - [2002.10.16 09:59:54 | 001,622,016 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Support.com\Bin\tgcmd.exe
PRC - [2001.04.27 10:00:10 | 000,053,248 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.05.08 15:52:28 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.23 11:09:08 | 000,838,656 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2012.02.07 10:16:32 | 001,415,680 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2011.12.23 17:20:42 | 000,192,512 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
MOD - [2011.05.27 14:57:32 | 000,022,944 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011.05.27 14:08:56 | 000,660,480 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
MOD - [2011.04.19 15:29:42 | 000,132,608 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2010.08.22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010.08.22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010.08.22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010.08.22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010.08.22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
MOD - [2008.03.19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
MOD - [2008.03.19 15:54:46 | 000,327,680 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\CGamma.dll
MOD - [2008.03.19 14:37:20 | 000,131,072 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\CSensor.dll
MOD - [2008.02.25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2006.10.02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
MOD - [2005.11.30 20:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005.10.28 20:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005.07.05 23:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll
MOD - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2003.07.03 23:49:30 | 000,024,576 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll
MOD - [2003.03.27 01:06:02 | 000,561,152 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCON.DLL
MOD - [2003.03.27 01:06:02 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
MOD - [2003.02.16 23:30:48 | 000,032,835 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe
MOD - [2002.12.24 16:15:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapHk.dll
MOD - [2002.11.15 00:14:28 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\AIBMRUNL.dll
MOD - [2002.01.08 09:08:22 | 000,051,712 | ---- | M] () -- C:\WINDOWS\system32\ngprtserv.dll
MOD - [2001.04.27 10:00:10 | 000,053,248 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PLSRemote.exe -- (PLSRemoteSvc)
SRV - [2013.02.10 18:19:38 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.02.06 14:41:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 15:52:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 15:52:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.12.23 17:20:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011.05.27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus)
SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2010.01.13 09:12:22 | 000,247,784 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Programme\NDAS\System\ndassvc.exe -- (ndassvc)
SRV - [2009.08.10 21:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.09.30 18:18:36 | 001,062,144 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.03.27 01:06:02 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2003.01.24 14:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003.01.24 14:36:42 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2002.02.21 11:05:36 | 000,196,688 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RNUS_Bus.sys -- (RNUS_BusEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RNUS_HC.sys -- (RNUS)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hexmagic.sys -- (hexmagic)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Michael\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012.05.08 15:52:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 15:52:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.11 14:09:05 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61)
DRV - [2012.04.11 14:08:38 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012.03.01 15:40:30 | 000,452,016 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2012.03.01 15:40:30 | 000,275,504 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2012.03.01 15:40:30 | 000,081,200 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.12.23 17:21:04 | 001,195,200 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2011.12.23 17:20:48 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2010.11.28 22:41:23 | 000,691,696 | ---- | M] () [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.09.29 23:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2010.08.22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010.01.13 09:12:46 | 000,556,008 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\lfsfilt.sys -- (lfsfilt)
DRV - [2010.01.13 09:12:44 | 000,119,784 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lpx.sys -- (lpx)
DRV - [2010.01.13 09:12:40 | 000,385,512 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus)
DRV - [2010.01.13 09:12:36 | 000,562,152 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ndasfs.sys -- (ndasfs)
DRV - [2010.01.13 09:12:36 | 000,461,288 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasfat.sys -- (ndasfat)
DRV - [2010.01.13 09:12:28 | 000,791,528 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasrofs.sys -- (ndasrofs)
DRV - [2010.01.13 09:12:24 | 000,377,320 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi)
DRV - [2009.11.17 10:13:04 | 000,014,592 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.07.29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mafw.sys -- (MAFW)
DRV - [2009.06.22 15:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009.02.17 11:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009.02.17 11:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.12.12 12:11:08 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Spyder3.sys -- (Spyder3)
DRV - [2006.11.28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.12.01 11:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\drhard.sys -- (drhard)
DRV - [2004.06.18 19:23:56 | 000,016,768 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiBulk.sys -- (SiBulk)
DRV - [2003.05.14 16:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera)
DRV - [2003.04.29 21:01:06 | 000,542,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.03.27 01:06:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2003.03.12 13:16:44 | 002,390,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2003.01.12 15:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2002.11.20 13:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002.11.01 00:31:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002.11.01 00:31:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2002.11.01 00:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002.10.30 01:01:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2002.10.18 10:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002.07.16 01:00:00 | 000,498,672 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE)
DRV - [2002.07.16 01:00:00 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2002.07.15 12:45:28 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2002.05.22 08:40:40 | 000,007,552 | ---- | M] (Hewlett-Packard Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpusbfd.sys -- (hpusbfd)
DRV - [2002.02.21 11:05:36 | 000,259,072 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETPPPOI.SYS -- (NETPPPOI)
DRV - [2001.09.18 11:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [2001.08.17 12:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001.08.17 12:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.6rc1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us04.personalitycores.com%3A8000%3B%20PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.10 00:27:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.10 15:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.10 15:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.10 00:27:50 | 000,000,000 | ---D | M]
 
[2011.09.08 19:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions
[2009.06.02 12:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2013.02.12 12:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions
[2012.07.05 22:09:11 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.03.09 18:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\staged(2)
[2013.01.21 16:54:38 | 000,315,066 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.02.12 12:36:21 | 000,531,016 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.01.31 22:36:18 | 000,817,973 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.09 18:16:06 | 000,521,144 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\staged(2)\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.09.27 12:41:08 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\conduit.xml
[2011.09.08 00:42:19 | 000,002,506 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\SearchResults.xml
[2010.02.17 14:25:58 | 000,001,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\wolframalpha.xml
[2013.02.10 15:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.21 20:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.02.06 14:41:17 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2008.12.18 23:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npstrlnk.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2009.06.18 12:16:18 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll
[2009.06.18 12:36:06 | 000,108,272 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011.12.29 09:09:21 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 14:19:14 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.29 09:09:21 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.29 09:09:21 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.08 00:42:19 | 000,002,506 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\SearchResults.xml
[2011.12.29 09:09:21 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.29 09:09:21 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: NapsterLink (Enabled) = C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: NotScripts = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2002.08.29 04:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Lamp] C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe ()
O4 - HKLM..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe File not found
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NPDTRAY] C:\Programme\ThinkPad\Utilities\NPDTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [StorageGuard] c:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tgcmd] C:\Programme\Support.com\bin\tgcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [PC Notes Taker] C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe (Pegasus Technologies)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Geräte-Manager.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Spyder3Utility.lnk = C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TP-LINK Wireless Configuration Utility.lnk = C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart\Telefon- und Branchenbuch Frühjahr 2007 - Schnellstarter.lnk = C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2007\KSTART32.EXE (klickTel GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation)
O8 - Extra context menu item: Bild zum Bildarchiv senden - file://C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MGI\PhotoSuite4\Temp\MGI00000.html File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242923080286 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19356C41-6FB9-4C19-ADA8-9D0A1DBE80BA}: DhcpNameServer = 192.168.169.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A29C7FE0-06D5-4939-85EE-10AC7B3EB02A}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54CB423-672B-427E-8E56-2233D6FB9A46}: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 () - hxxp://bits.wikimedia.org/skins-1.5/common/images/sort_none.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.21 16:20:48 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell - "" = AutoRun
O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell - "" = AutoRun
O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{fd865905-fd77-11df-88db-00061bda36a8}\Shell - "" = Autorun
O33 - MountPoints2\{fd865905-fd77-11df-88db-00061bda36a8}\Shell\AutoRun\command - "" = E:\Install_Nokia_Ovi_Suite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.13 14:07:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes
[2013.02.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.02.13 14:07:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.02.13 14:07:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.02.13 14:07:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.02.10 14:56:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Revo Uninstaller
[2013.02.06 14:40:53 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.02.06 06:47:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\FilmeSchule
[2013.02.05 16:32:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013.02.02 00:00:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\iui
[2013.01.22 06:52:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\Maria
[6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.14 11:59:24 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\defogger_reenable
[2013.02.13 14:07:02 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.13 13:43:56 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.13 13:43:54 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3264421748-380149622-3910952666-1004.job
[2013.02.13 13:42:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.13 13:42:52 | 2146,422,784 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.13 13:42:52 | 000,509,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.13 13:42:49 | 000,394,593 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2013.02.13 13:17:49 | 000,062,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\viren1b2.jpg
[2013.02.13 13:16:48 | 000,088,772 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\viren1b1.jpg
[2013.02.13 12:31:15 | 000,075,412 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\viren1a1.jpg
[2013.02.13 12:30:39 | 000,052,084 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\viren1a2.jpg
[2013.02.13 11:38:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.02.13 11:38:15 | 002,003,790 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2013.02.13 11:26:14 | 000,517,538 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.02.13 11:26:14 | 000,494,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.02.13 11:26:14 | 000,101,584 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.02.13 11:26:14 | 000,084,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.02.13 10:09:04 | 000,046,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\mozillaasus.pdf
[2013.02.13 00:43:03 | 000,077,801 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Tal_Wilkenfeld.jpg
[2013.02.12 17:35:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3264421748-380149622-3910952666-1004.job
[2013.02.12 13:11:56 | 002,146,225 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Marktstudie_Optische_Technologien_bmbf.pdf
[2013.02.12 13:11:10 | 002,146,225 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\marktstudie-op-tech.pdf
[2013.02.12 13:10:35 | 001,346,610 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\optische_technologien.pdf
[2013.02.12 12:46:50 | 001,066,778 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\bmbf_hts_lang.pdf
[2013.02.11 14:45:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2013.02.10 21:00:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013.02.10 14:56:14 | 000,000,900 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Revo Uninstaller.lnk
[2013.02.08 18:19:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013.02.07 00:54:14 | 1178,434,572 | ---- | M] () -- C:\arte_02_07_2013_00_02_01.mpg
[2013.02.07 00:01:40 | 005,223,204 | ---- | M] () -- C:\arte_02_07_2013_00_01_29.mpg
[2013.02.07 00:01:04 | 005,278,476 | ---- | M] () -- C:\arte_02_07_2013_00_00_47.mpg
[2013.02.07 00:00:37 | 013,324,500 | ---- | M] () -- C:\arte_02_07_2013_00_00_01.mpg
[2013.02.05 16:34:16 | 000,171,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\superequ-0.03.zip
[2013.02.04 22:48:14 | 000,081,311 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\quittung tablet.jpg
[2013.02.04 21:54:18 | 000,019,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Paketschein archos.pdf
[2013.02.04 21:49:15 | 000,019,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Bestellungen verwalten (1).pdf
[2013.02.04 01:05:32 | 000,019,896 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Bestellungen verwalten.pdf
[2013.01.29 17:10:57 | 000,011,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Ganzseitiger Fotoausdruck2.pdf
[2013.01.29 17:06:57 | 000,011,668 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Ganzseitiger Faxausdruck.pdf
[2013.01.29 16:25:47 | 000,038,460 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\fax.tif
[2013.01.28 20:08:19 | 000,086,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Flash.pdf
[2013.01.24 08:42:42 | 000,000,198 | ---- | M] () -- C:\WINDOWS\ktel.ini
[2013.01.24 08:00:13 | 000,000,020 | ---- | M] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2013.01.22 20:54:52 | 000,019,579 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Überweisung e-Bass ***.jpg
[2013.01.21 15:17:09 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.17 22:42:52 | 000,046,633 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Zahlungsübersicht.pdf
[2013.01.16 00:30:02 | 667,298,856 | ---- | M] () -- C:\3sat_01_16_2013_00_01_04.mpg
[2013.01.15 22:49:51 | 1562,045,940 | ---- | M] () -- C:\BR-alpha_01_15_2013_21_45_10.mpg
[6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.14 11:59:00 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\defogger_reenable
[2013.02.13 14:07:02 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.13 13:17:47 | 000,062,430 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\viren1b2.jpg
[2013.02.13 13:16:45 | 000,088,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\viren1b1.jpg
[2013.02.13 12:31:12 | 000,075,412 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\viren1a1.jpg
[2013.02.13 12:30:34 | 000,052,084 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\viren1a2.jpg
[2013.02.13 12:13:03 | 000,046,951 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\mozillaasus.pdf
[2013.02.13 00:43:02 | 000,077,801 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Tal_Wilkenfeld.jpg
[2013.02.12 13:11:56 | 002,146,225 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Marktstudie_Optische_Technologien_bmbf.pdf
[2013.02.12 13:11:10 | 002,146,225 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\marktstudie-op-tech.pdf
[2013.02.12 13:10:34 | 001,346,610 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\optische_technologien.pdf
[2013.02.12 12:46:50 | 001,066,778 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\bmbf_hts_lang.pdf
[2013.02.07 00:02:01 | 1178,434,572 | ---- | C] () -- C:\arte_02_07_2013_00_02_01.mpg
[2013.02.07 00:01:29 | 005,223,204 | ---- | C] () -- C:\arte_02_07_2013_00_01_29.mpg
[2013.02.07 00:00:47 | 005,278,476 | ---- | C] () -- C:\arte_02_07_2013_00_00_47.mpg
[2013.02.07 00:00:01 | 013,324,500 | ---- | C] () -- C:\arte_02_07_2013_00_00_01.mpg
[2013.02.05 16:34:30 | 000,171,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\superequ-0.03.zip
[2013.02.04 22:47:49 | 000,081,311 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\quittung tablet.jpg
[2013.02.04 21:54:17 | 000,019,921 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Paketschein archos.pdf
[2013.02.04 21:49:15 | 000,019,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Bestellungen verwalten (1).pdf
[2013.02.04 01:05:32 | 000,019,896 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Bestellungen verwalten.pdf
[2013.01.29 17:10:57 | 000,011,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Ganzseitiger Fotoausdruck2.pdf
[2013.01.29 17:06:56 | 000,011,668 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Ganzseitiger Faxausdruck.pdf
[2013.01.29 16:25:51 | 000,038,460 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\fax.tif
[2013.01.28 20:08:18 | 000,086,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Flash.pdf
[2013.01.22 20:54:48 | 000,019,579 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Überweisung e-Bass ***.jpg
[2013.01.17 22:42:51 | 000,046,633 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Zahlungsübersicht.pdf
[2013.01.16 00:01:04 | 667,298,856 | ---- | C] () -- C:\3sat_01_16_2013_00_01_04.mpg
[2013.01.15 21:45:10 | 1562,045,940 | ---- | C] () -- C:\BR-alpha_01_15_2013_21_45_10.mpg
[2013.01.13 16:56:30 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2013.01.13 16:56:30 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll
[2013.01.13 16:56:30 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2013.01.13 16:56:30 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2013.01.13 16:55:50 | 000,014,181 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012.02.15 07:46:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.10.03 14:00:44 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2011.09.15 21:57:48 | 000,037,755 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Excel.ADR
[2011.09.15 19:38:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.09.15 19:38:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.09.03 23:50:41 | 000,000,496 | RHS- | C] () -- C:\Dokumente und Einstellungen\Michael\ntuser.pol
[2011.06.19 21:32:00 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\RoomEQWizardV5-Path
[2011.06.14 13:48:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.05.29 21:46:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\unVQ3240.dll
[2011.05.29 21:46:31 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Dext536.ini
[2011.03.06 02:11:06 | 010,977,280 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2011.01.06 18:27:38 | 000,011,453 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Excel.TSK
[2011.01.06 18:08:25 | 000,011,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Tabulatorgetrennte Werte (DOS).TSK
[2010.12.04 20:14:38 | 275,454,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\n.wav
[2010.12.04 20:14:06 | 275,454,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\j.wav
[2009.06.21 19:50:13 | 000,127,488 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.22 21:31:06 | 007,294,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\filesync.metadata
 
========== ZeroAccess Check ==========
 
[2009.05.22 18:14:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2009.03.03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.01 16:22:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2012.04.11 15:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010.10.10 12:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Activ Software
[2011.08.19 19:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Affinegy
[2011.08.19 15:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Belkin
[2011.09.08 18:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2010.01.27 17:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.04.11 16:36:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clonehdd
[2010.11.28 22:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.04.04 15:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2012.12.09 19:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.04.11 16:36:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher
[2012.04.11 16:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ftw
[2012.01.17 19:43:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ibm
[2010.12.09 21:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2012.04.11 16:36:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher
[2012.02.21 11:46:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lexware
[2009.05.25 15:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster
[2009.06.02 13:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2012.03.07 21:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2010.12.09 23:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.12.10 00:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2011.09.07 00:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Overlook
[2010.12.09 23:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.11.16 20:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PIXELA
[2010.10.10 12:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Promethean
[2009.05.23 19:29:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2009.05.23 23:47:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teledat
[2010.09.19 12:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.06.02 12:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2013.01.13 16:56:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK
[2010.04.04 15:54:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB
[2011.07.06 15:51:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{075F7537-CA93-49E5-A04A-8EBA1F0F84E7}
[2012.04.11 14:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\7E84B114-7060-428F-ABDB-40EFD790968C
[2012.11.01 16:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Ableton
[2012.04.11 14:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Acronis
[2010.03.20 19:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Amazon
[2012.12.27 12:14:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Audacity
[2010.10.10 15:22:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\beSoft
[2010.01.30 15:25:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Canneverbe Limited
[2010.11.28 22:49:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DAEMON Tools Lite
[2009.11.10 20:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Desktopicon
[2011.01.08 21:13:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\EAC
[2012.12.09 19:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\elsterformular
[2011.07.06 15:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\GetRightToGo
[2010.05.27 18:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\HarmonicTune
[2009.06.07 19:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\IBM
[2011.02.15 21:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\IGC
[2009.09.04 21:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\InterVideo
[2009.12.05 12:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Klett
[2009.06.02 16:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\klickIdent
[2009.06.05 10:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\klickTel
[2012.02.21 11:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Lexware
[2012.07.07 23:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\LibreOffice
[2012.11.18 17:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\mathegrafix
[2012.03.07 21:09:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nitro PDF
[2010.12.10 00:44:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nokia
[2010.12.10 00:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nokia Ovi Suite
[2009.06.21 23:20:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\OpenOffice.org
[2012.07.06 16:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Oracle
[2011.09.07 00:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Overlook
[2010.12.10 00:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PC Suite
[2010.10.10 12:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Promethean
[2013.02.04 22:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\QuickScan
[2009.07.03 06:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\RecordNow
[2009.05.25 15:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Teledat
[2009.06.02 12:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TomTom
[2013.01.14 00:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TP-LINK
[2009.05.21 16:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VERITAS
[2010.03.26 23:48:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VideoReDo-TVSuite
[2010.08.31 10:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VideoReDoPlus
[2011.07.02 09:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 185 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:66633281
@Alternate Data Stream - 175 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0888F409

< End of report >

--- --- ---

otl.txt ist zu groß, mit copy&paste als Text eingefügt.

walter_h · 14.02.2013, 13:08

So, hier nun die entsprechenden Dateien vom ASUS-Notebook (Erstrechner):OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.02.2013 12:52:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,56 Gb Available Physical Memory | 60,19% Memory free
17,74 Gb Paging File | 15,12 Gb Available in Paging File | 85,24% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 13,13 Gb Free Space | 11,28% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 77,03 Gb Free Space | 23,50% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-NOTEBOOK | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13478680-EADC-485A-92CA-07E191CF4468}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{13C39264-36A7-446F-A303-6E177A687BC7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{14294779-B5F9-4F41-A083-88D4A76B811D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{166F271E-04D9-42A3-9764-3C3F995DDA4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17471AF9-2163-4EEA-96CD-B1E7DCC14656}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{17F834B5-B2C8-4DCA-8F5F-50E421A51C72}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{18277085-7594-4844-950A-55B40E4667E6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{24068EEA-C51C-4F63-BF32-7CEA03135FF0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2624726E-9C1B-49D2-9FD3-590C3D3251B2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{26E7CAC5-57DB-4C2A-A9E8-C2B51E92BF00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2D5A3A90-F3AB-4784-9020-4DB300055452}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{33580121-3438-4234-B365-17ED099D6007}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{48B4D6BD-9D98-4DA5-8E52-D731A755D3AE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{523AD966-0B2D-4F60-A73E-8B27C152D4D7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{55F945E4-6383-46FD-9D1E-F2EF8713B8F5}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{652AC9F6-E48B-4CE7-B0FC-BB1107D033C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{662CD2FC-3462-4883-A35F-F6226D06C88A}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{664D1F4B-F36D-49F6-8273-26CDAAF36B30}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{6ECAD096-6B76-4E34-BDD7-73448B7B2ACD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{72C5FA6C-A0F5-4F45-A092-EBA14B1F12B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72D2E7F5-D433-412C-905D-D57DFF18B8A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{819F9EF5-E6CF-4FB2-A024-A1255D190F36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8790EDD3-457C-4094-AE68-B757CF6FDC0D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{898040C0-0A32-4D84-9E20-AB606902FA25}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8AE8D196-5446-42FA-8C01-2D8CD78AAFB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8DE820B5-F293-469F-80FF-1082C088D3A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{940A1AAF-275E-490E-8FD1-6166C1329FE0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9699635C-877D-44A9-800E-5804DA3994F1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9991F7B7-2DCB-4B7F-8414-C5CA7C0B5C1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{9A228E45-B673-4A91-AF82-F6BD9E0AA7F9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A3FDAA57-2E4E-46C8-8ACF-C42C4ABECF6B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A4460357-0C3C-484A-BE05-0375C1094178}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB9398CF-FBF1-4497-85B6-BEAC7B8ED210}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{B253C707-2172-4E77-91F7-165F8C20B270}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C18C9167-EB2D-4417-8612-75F9C76419C9}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{C23B2890-9F7A-4724-BFE9-28DCF3E2330B}" = rport=5353 | protocol=17 | dir=out | name=bonjour port 5353 | 
"{C26A1350-99BB-4420-81E5-C2474F15BFC0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C869D601-DA45-4312-96F2-78E1E953D7F9}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | 
"{E87DED7D-4EFD-4057-9CC5-63CD28C686C4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E8E7C0F6-C126-42DE-8A40-C8264316110B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8051696-D388-4975-B326-437CCB896153}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0433C3D0-F934-4E66-A7C1-005C5E8F018F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BC86D6D-9F3C-4066-B714-0F78A3CA3440}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10DD6092-E719-4EE3-B90F-CD223BBE7CE9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{1DE86EE4-B481-4273-9A26-37675882BDFD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2097D5EE-05F3-4350-B4F7-97CEE28B92C2}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{27058CBD-0A41-47E8-8730-03A3E94DC643}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{331152B2-D994-44E6-8FB3-905374FA74B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{338F53FD-2BD7-459E-9F02-EE0A550F3BBF}" = protocol=6 | dir=in | app=c:\program files\7-zip\7zfm.exe | 
"{3CE6FAAE-05AD-4A23-883C-814C2D3220CF}" = protocol=17 | dir=in | app=c:\program files\7-zip\7zfm.exe | 
"{3E5E3214-F34B-4B30-A27D-8AC76094E02F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{43ECF8E5-5B95-4A62-8CD4-9793F45F36E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{45525D4E-BFCD-49C1-A38E-DC777DA8C566}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4AC1D459-D1BC-4B36-A142-A1B3D093F0A1}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{4F0224AE-5D0D-4017-B0A6-668AC95528DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4F5ED567-B963-41E2-8FEB-B476CD68E2B4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{545274B5-AC27-4C12-92F5-FA0229012ADF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5B22BC80-6E95-4A68-91E9-58746D44396F}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{5DCC60D0-D558-4650-9984-B435715E14C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6126A6FF-BA96-4E05-8212-38DD1D166934}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{675EBE7F-3558-4EA7-9C8D-E27E3BAEDC6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69E2B217-792E-46B5-A3F6-8707F631E9A8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{770ADBF6-4B67-41CF-8F93-049AAB210BAA}" = protocol=6 | dir=out | app=system | 
"{942D047E-79E0-4958-9A20-A12F493B6CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{94731272-49E1-43D6-8F92-E5605028CE64}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{9D6E1CA4-A8DB-4454-8D14-94A89151233D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A26BDE02-345B-4CC3-A403-DDBDD27954D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A9E20B42-2FE6-4CFC-A76E-07F15A817583}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{AAC627A6-C0BB-4764-A2D9-E2AD2B830EF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B19E0A67-621A-471A-BC32-E40D01B70879}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BA8E9403-2041-4DAB-9734-C35E7BCC3511}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{BBE6ED5B-D222-410D-836D-BA75A93EC365}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BDA23C9E-DDE4-4ADF-833A-619457D67B9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8C3C5BA-A4FD-4F9F-8E7F-CC105D4859C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D9DE5C67-1919-4282-B8A0-28AAD0B99B03}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{ED6AA369-AB50-46F9-93E9-3483F168B0D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F01B3B67-6BC3-4078-9141-3C93551C75EB}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{F21F7929-84BE-4421-B636-6ED4507CCC56}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{F40F737C-9926-4BA1-BFA7-15170885C4D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1C53B1FF-54E3-4CC6-8CF3-99AD98929A86}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{3C3D0EDD-1869-4433-917E-353C296872A8}C:\windows\system32\spool\drivers\x64\3\kact.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\kact.exe | 
"TCP Query User{6443BAED-E504-4068-B393-4B1C5BFC1A31}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{AA60AEE3-AFB0-4C13-AEF4-D76EB38E7823}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{B7E16908-F05F-4B1C-A8EC-18FDC71FDCD3}C:\program files (x86)\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\recordingmanager.exe | 
"UDP Query User{13FAF629-93CF-4D40-A898-5D92ED176A08}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{18B1AD48-5B98-4CCF-BF9C-08AE4E3C71D1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{730BE146-A36D-45BF-A38F-FF28966E0039}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{CE85BF00-7B5C-40A8-8E31-2A4D474F5D47}C:\windows\system32\spool\drivers\x64\3\kact.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\kact.exe | 
"UDP Query User{E5EC0E96-46B4-414F-9A9F-926C0DCA8144}C:\program files (x86)\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\recordingmanager.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety
"{D06E205A-1BF7-48D5-BD7F-E072D0FD6A67}" = NDAS-Software 3.72.2080
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"GPL Ghostscript 9.04" = GPL Ghostscript
"Kyocera Product Library" = Kyocera Product Library
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2F8C3308-46DC-4431-B1C0-5C579A5CADBE}" = Joe
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65F11FC9-B1D7-445F-916D-A40764E1D8CE}" = Hercules DJ USB Audio Drivers
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A72FC039-FE41-4BAD-B36E-64368EC54B54}" = ArcSoft MediaConverter 2.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7EB2CF8-BB80-488C-B0E9-26056DF3814F}" = USB-Feuchte Temp.Logger
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD682C54-5AAC-4FC4-AD4C-FBD93E0C5A45}" = DJ Console Rmx2
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D9CC23A3-1BF6-4B2F-95EA-4296CD2CAC74}" = DJUCED 40
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.6
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF790F1C-CB0C-4B95-8C54-60783F3B6661}" = LibreOffice 3.5
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Asus Vibe2.0" = AsusVibe2.0
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digital Editions" = Adobe Digital Editions
"FreeCommander_is1" = FreeCommander 2009.02b
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.802
"NotenManager Heimversion" = NotenManager Heimversion 3.1 
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Overlook Fing 1.4" =  Overlook Fing
"Plants vs Zombies" = Plants vs Zombies
"PrintProjects" = PrintProjects
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"SIUSBXP&10C4&EA61" = Silicon Laboratories USBXpress Device (Driver Removal)
"smartmontools" = smartmontools
"Stellarium_is1" = Stellarium 0.11.3
"Update für Notenmanager Heimversion" = Update für Notenmanager Heimversion 3.1 
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winpcap-overlook" = winpcap-overlook 4.02
"World of Goo" = World of Goo
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.10.2012 16:20:56 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.11.2012 14:56:47 | Computer Name = ASUS-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NManagerHV.exe, Version: 3.1.0.20,
 Zeitstempel: 0x4f2585c6  Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15,
 Zeitstempel: 0x4a5bda6c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00068e4f  ID des fehlerhaften
 Prozesses: 0x1c14  Startzeit der fehlerhaften Anwendung: 0x01cdb8623702a3b8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\beSoft\NManagerHV\NManagerHV.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\MSVBVM60.DLL  Berichtskennung: e2a1fea4-2455-11e2-8deb-bcaec560a7df
 
Error - 01.11.2012 16:25:44 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michael\Downloads\SoftonicDownloader_fuer_gsmartcontrol.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.11.2012 16:25:45 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michael\Downloads\SoftonicDownloader_fuer_gsmartcontrol.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.11.2012 16:25:47 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michael\Downloads\SoftonicDownloader_fuer_gsmartcontrol.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.11.2012 19:32:44 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 03.11.2012 10:39:51 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 02.12.2012 10:30:16 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 10.12.2012 18:53:34 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 12.12.2012 18:56:53 | Computer Name = ASUS-Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.721,
 Zeitstempel: 0x507dc919  Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.721,
 Zeitstempel: 0x507dc919  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000153481
ID
 des fehlerhaften Prozesses: 0x13c4  Startzeit der fehlerhaften Anwendung: 0x01cdd71f816e4412
Pfad
 der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Berichtskennung:
 38592d4f-44af-11e2-8823-bcaec560a7df
 
Error - 25.12.2012 13:44:38 | Computer Name = ASUS-Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 18.07.2012 07:48:36 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.07.2012 07:48:36 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.07.2012 08:49:53 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 18.07.2012 08:49:53 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 18.07.2012 08:49:54 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 18.07.2012 08:49:55 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 18.07.2012 09:39:36 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
 
Error - 18.07.2012 09:39:37 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
 
Error - 18.07.2012 09:39:37 | Computer Name = ASUS-Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
 
Error - 21.07.2012 13:47:33 | Computer Name = ASUS-Notebook | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.02.2013 12:52:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,56 Gb Available Physical Memory | 60,19% Memory free
17,74 Gb Paging File | 15,12 Gb Available in Paging File | 85,24% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 13,13 Gb Free Space | 11,28% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 77,03 Gb Free Space | 23,50% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-NOTEBOOK | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 12:51:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe
PRC - [2013.02.10 14:59:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.26 21:21:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012.10.15 11:58:24 | 002,844,608 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012.10.04 19:52:04 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012.09.10 09:17:48 | 000,436,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2012.08.08 23:16:21 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:28:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:28:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.31 15:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011.06.04 08:53:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.10.07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.07 18:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.19 21:26:00 | 000,383,792 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe
PRC - [2010.07.19 21:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 21:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.07.10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2010.01.21 07:22:03 | 000,909,824 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\Windows\vsnp2uvc.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.05.06 01:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009.05.06 01:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.10 14:59:49 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.01.13 20:37:26 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c2e63623f7a64a35e3dd746b90edbc\PresentationFramework.Classic.ni.dll
MOD - [2013.01.13 20:37:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\91c62efba9d18a59a8aef37729cb5c6d\PresentationFramework.ni.dll
MOD - [2013.01.13 20:36:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8f045547dc39be38a6c3348b524b5d96\System.Drawing.ni.dll
MOD - [2013.01.13 20:36:42 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e397d6058a96fc5b768e330256867567\PresentationCore.ni.dll
MOD - [2013.01.13 20:36:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\49100533f4f9d3bf97a57c5424b51c2b\WindowsBase.ni.dll
MOD - [2013.01.13 20:36:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\39cb017c2a46136cf3ca8a877d4fa741\System.Xml.ni.dll
MOD - [2013.01.13 20:36:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\35a8c4dd1bd18d6100a4974aa272761c\System.Configuration.ni.dll
MOD - [2013.01.13 20:36:25 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f3bcf05501f25211734e003e40c1fc4d\System.ni.dll
MOD - [2013.01.13 20:36:11 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.12 06:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.09.10 09:17:56 | 000,025,592 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
MOD - [2012.09.10 09:17:52 | 000,254,968 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012.09.10 09:17:50 | 000,073,720 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011.08.31 15:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.04 10:50:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.04.17 01:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.01.13 09:11:48 | 000,331,752 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.02.10 15:42:29 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.10 14:59:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.26 21:21:39 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2012.10.19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012.10.15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.10.08 10:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:28:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:28:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.04 08:53:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.25 20:02:40 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.07 14:07:18 | 000,094,064 | ---- | M] ( Hercules) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJusbaudioks_x64.sys -- (HDJusbaudioks)
DRV:64bit: - [2012.08.07 14:07:16 | 000,354,672 | ---- | M] ( Hercules) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJusbaudio_x64.sys -- (HDJusbaudio)
DRV:64bit: - [2012.05.08 21:28:25 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:28:25 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.13 14:12:39 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 17:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.14 03:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.07 10:19:37 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.08.03 11:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.06.23 02:31:11 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.17 01:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.01.13 09:12:14 | 000,738,792 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lfsfilt.sys -- (lfsfilt)
DRV:64bit: - [2010.01.13 09:12:10 | 000,151,528 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lpx6x.sys -- (lpx)
DRV:64bit: - [2010.01.13 09:12:08 | 000,497,640 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndasbus.sys -- (ndasbus)
DRV:64bit: - [2010.01.13 09:12:04 | 000,607,720 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ndasfat.sys -- (ndasfat)
DRV:64bit: - [2010.01.13 09:12:02 | 000,746,472 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ndasfs.sys -- (ndasfs)
DRV:64bit: - [2010.01.13 09:11:54 | 001,053,160 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ndasrofs.sys -- (ndasrofs)
DRV:64bit: - [2010.01.13 09:11:48 | 000,486,888 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndasscsi.sys -- (ndasscsi)
DRV:64bit: - [2009.11.17 16:13:04 | 000,019,456 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV:64bit: - [2009.07.21 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.08 12:12:48 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.autoconfig_url: "aasdf"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.04 19:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.04 19:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 14:59:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.10 14:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.04 20:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.10 14:59:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.10 14:59:45 | 000,000,000 | ---D | M]
 
[2011.05.04 20:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2011.05.04 20:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.10 15:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\k7mseoh9.default\extensions
[2012.05.24 21:23:23 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\k7mseoh9.default\extensions\tineye@ideeinc.com.xpi
[2013.02.06 16:08:54 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\k7mseoh9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.10 15:02:42 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\k7mseoh9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.10 14:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.10 14:59:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.10 14:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.02.10 14:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.10 14:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.10 14:59:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012.10.04 19:52:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013.02.10 14:59:50 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.04 19:52:18 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012.03.06 18:35:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 22:10:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.06 18:35:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.06 18:35:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.06 18:35:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.06 18:35:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: NotScripts = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
CHR - Extension: Google Mail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Hercules DJ Series 2] C:\Program Files\Hercules\Audio\DJ USB Audio\HDJSeries2CPL.exe (Hercules®)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95BC4BB8-ED67-4FC5-AEA1-1B5DF7F15148}: DhcpNameServer = 192.168.1.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c67bcec8-44b9-11e0-bad2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c67bcec8-44b9-11e0-bad2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DJConsoleRMX2.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.14 04:18:34 | 000,000,000 | -HSD | C] -- C:\found.000
[2013.02.13 22:38:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\{EEFA6FDD-B487-449F-9E44-35238835CC80}
[2013.02.13 19:32:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2013.02.13 19:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.13 19:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.13 19:32:47 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.13 19:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.13 19:30:54 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Programs
[2013.02.11 19:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2013.02.10 14:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.14 12:51:25 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable
[2013.02.14 12:42:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.14 12:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.14 12:04:29 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 12:04:29 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 12:04:29 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 12:04:29 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 12:04:29 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 12:03:22 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013.02.14 12:03:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.13 23:55:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 23:55:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 23:49:19 | 000,000,707 | ---- | M] () -- C:\Users\Michael\Desktop\Bibliotheken - Verknüpfung.lnk
[2013.02.13 23:47:18 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.02.13 23:47:17 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 23:45:26 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2013.02.13 23:45:10 | 000,569,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 23:43:59 | 467,480,575 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.13 19:32:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.14 12:51:25 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable
[2013.02.13 23:49:19 | 000,000,707 | ---- | C] () -- C:\Users\Michael\Desktop\Bibliotheken - Verknüpfung.lnk
[2013.02.13 19:32:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.31 01:11:58 | 000,000,366 | ---- | C] () -- C:\Windows\SysWow64\hdjcustom.ini
[2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.07.21 18:36:18 | 000,001,476 | ---- | C] () -- C:\Users\Michael\.recently-used.xbel
[2012.04.14 22:13:53 | 000,000,027 | ---- | C] () -- C:\Windows\EZSET_SP.INI
[2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.01.25 15:49:14 | 000,005,152 | ---- | C] () -- C:\Windows\ouwininit.exe
[2011.11.11 16:29:00 | 1048,576,000 | ---- | C] () -- C:\Users\Michael\1.h2w
[2011.11.11 16:02:15 | 000,000,085 | ---- | C] () -- C:\Users\Michael\.gtk-bookmarks
[2011.09.15 23:49:01 | 000,003,584 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.28 10:36:27 | 000,002,195 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\SAS7_000.DAT
[2011.05.29 17:50:34 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\comBS17j.dll
[2011.05.29 17:31:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.29 17:23:51 | 000,000,017 | ---- | C] () -- C:\Users\Michael\AppData\Local\resmon.resmoncfg
[2011.04.28 12:54:07 | 001,557,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.16 00:07:41 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.04.08 15:18:15 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011.03.02 11:13:05 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.03.02 10:07:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011.03.02 10:06:10 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.04.16 00:48:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Arkadium
[2013.01.25 08:56:42 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Audacity
[2011.05.29 17:50:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\beSoft
[2011.06.05 14:13:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canneverbe Limited
[2012.06.21 22:49:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreeCommander
[2011.09.18 15:56:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FreePDF
[2012.07.21 18:36:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2012.07.07 11:41:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LibreOffice
[2012.02.26 18:10:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nuance
[2011.04.15 23:13:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OpenOffice.org
[2012.04.13 23:07:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Overlook
[2011.08.25 20:22:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SoftGrid Client
[2012.07.10 23:00:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Stellarium
[2011.12.10 13:49:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Temp
[2011.05.04 20:41:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thunderbird
[2011.04.28 12:54:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TP
[2011.08.16 11:12:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\XMedia Recode
[2011.04.16 01:43:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:029E021F

< End of report >

--- --- ---

Psychotic · 14.02.2013, 13:14

Schritt 1: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 2: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

walter_h · 14.02.2013, 13:31

kurze, aber dumme Rückfrage: Bei der Durchsicht der 4 Dateien (2 für den IBM, 2 für den ASUS) habe ich nach irgendwelchen Warnungen oder Zusammenfassungen gesucht - doch nix gefunden oder übersehen.

Sind den auf dem ASUS Schädlinge? Woran erkennt man das in den files?
Und beim IBM? Soll ich da auch asw... und TDSS drüberlaufen lassen?

Kurzum: Suchen wir noch nach Schädlingen oder bekämpfen wir sie schon?

Habe nun aswMBR angeworfen (als admin unter w7 ausführen), update lief durch, doch nun kommt die Meldung "avast antirootkit funtioniert nicht mehr". Dann Melden/nicht Melden. Als Problemdetails gibt es folgendes:

Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: aswMBR.exe
Anwendungsversion: 0.9.9.1707
Anwendungszeitstempel: 509be8bf
Fehlermodulname: ntdll.dll
Fehlermodulversion: 6.1.7601.17725
Fehlermodulzeitstempel: 4ec49b8f
Ausnahmecode: c0000005
Ausnahmeoffset: 0002e3be
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 0a9e
Zusatzinformation 2: 0a9e372d3b4ad19135b953a78882e789
Zusatzinformation 3: 0a9e
Zusatzinformation 4: 0a9e372d3b4ad19135b953a78882e789

Soll ich das Programm noch mal laufen lassen?

Auch beim zweiten Versuch: "funktioniert nicht mehr"

Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: aswMBR.exe
Anwendungsversion: 0.9.9.1707
Anwendungszeitstempel: 509be8bf
Fehlermodulname: ntdll.dll
Fehlermodulversion: 6.1.7601.17725
Fehlermodulzeitstempel: 4ec49b8f
Ausnahmecode: c0000005
Ausnahmeoffset: 0002e3be
Betriebsystemversion: 6.1.7601.2.1.0.768.3
Gebietsschema-ID: 1031
Zusatzinformation 1: 0a9e
Zusatzinformation 2: 0a9e372d3b4ad19135b953a78882e789
Zusatzinformation 3: 0a9e
Zusatzinformation 4: 0a9e372d3b4ad19135b953a78882e789

Virenscanner (avira) ist aus, FW ist eingeschaltet.
Die letzte Zeile in der Anzeige ist jeweils die gleiche. Bild folgt nach.

walter_h · 14.02.2013, 14:15

hier der screenshot

14.02.2013, 11:30	#9
Psychotic /// Malwareteam	Viren-Scan mit c´t-desinfect zeigt 45 Meldungen, jetzt Startprobleme richtig! __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Viren-Scan mit c´t-desinfect zeigt 45 Meldungen, jetzt Startprobleme

Plagegeister aller Art und deren Bekämpfung: Viren-Scan mit c´t-desinfect zeigt 45 Meldungen, jetzt Startprobleme