Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.RewardsArcade in Registrierungsschluessel

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.03.2013, 08:55   #1
RKxxx
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Hallo Foren-Helfer,

ich habe eher zufällig einen Malewarescan mit dem Programm " Malwarebytes Anti-Malware " durchführen lassen. Ich hatte bisher keine Probleme / Auffälligkeiten / Symptome mit meinem PC. Einzig erwähnenswert wäre hier eine PC-Startdauer von ~4min, inklusive Windowsstart.

Bei dem Maleware-Scan wurden 7 infizierte Registrierungsschluessel und 2 infizierte Dateien gemeldet.

Avira Free Antivir hat bei einem vollständigen Systemsuchlauf, inklusive Rootkit- und Bootsektorensuche, keine Bedrohungen gefunden.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.09.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
RK :: ROBERT-PC [Administrator]

09.03.2013 18:57:55
mbam-log-2013-03-09 (18-57-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 455534
Laufzeit: 3 Stunde(n), 25 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Keine Aktion durchgeführt.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Keine Aktion durchgeführt.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\Downloads\installer_driver_philips_pcvc720k_40_webcam_98_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Downloads\MKVPlayerSetup.exe (PUP.Adware.RKN) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Die infizierten Dateien (2) hatte ich nicht nach dem letzten Neuaufsetzen des PC's (Oktober 2011) nicht mehr ausgeführt / installiert, es befanden sich jedeglich noch die Installationsdateien im Download-Ordner.

Aufgrund der Meldungen habe ich die infizierten Dateien in Quarantäne gestellt und diese auch gänzlich gelöscht.
Die infizierten Registrierungsschluessel habe ich beim nächsten Scan in Quarantäne gestellt.

Im Zuge der Erstellung des Themas und des Erbittens Eurer Hilfe habe ich die in "Für alle Hilfesuchenden!" erwähnten Schritte hoffentlich mit aller Korrektheit und Vollständigkeit durchgeführt. Die Forums-Regeln sind mir bekannt.

defogger_disable.txt:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:18 on 14/03/2013 (RK)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL.txt:
Code:
ATTFilter
OTL logfile created on: 14.03.2013 17:23:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RK\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,85% Memory free
3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,00 Gb Total Space | 1,97 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive D: | 46,69 Gb Total Space | 2,79 Gb Free Space | 5,97% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.14 09:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe
PRC - [2013.02.12 16:47:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.12 16:44:28 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.12 16:44:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.12 16:44:10 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.01.29 18:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013.01.29 18:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.08 14:02:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.12 16:47:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.12 16:44:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.01.07 13:28:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.01.04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.12.29 09:58:24 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2011.08.19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.09 11:18:06 | 001,060,864 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011.03.09 11:16:56 | 000,484,352 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011.03.09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.11 16:45:12 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 16:45:12 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.26 18:05:22 | 000,064,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012.11.14 11:36:26 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.01.09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.12.29 09:58:31 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2011.12.29 09:58:31 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2011.12.29 09:58:25 | 000,325,120 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011.08.19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011.08.19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.03.06 22:33:38 | 000,045,440 | ---- | M] (Siano) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smsbda.sys -- (smsbda)
DRV - [2011.02.16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.07.27 11:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 09:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.04.23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\RK\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 7E A8 0C E2 C3 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {553852A3-665D-47A0-8DB6-15C1A116880D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{553852A3-665D-47A0-8DB6-15C1A116880D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKCU\..\SearchScopes\{E84F4033-D7CD-486E-A589-8AA5CCAAAF7F}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6
FF - prefs.js..extensions.enabledAddons: %7Bdaf44bf7-a45e-4450-979c-91cf07434c3d%7D:1.5.8
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.12.02 20:51:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M]
 
[2012.09.18 11:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Extensions
[2013.03.03 17:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions
[2013.03.03 17:49:47 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions\donottrackplus@abine.com
[2012.11.19 13:34:20 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\nosquint@urandom.ca.xpi
[2013.02.04 15:53:08 | 000,023,709 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi
[2013.02.21 17:01:15 | 000,115,869 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013.03.03 17:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.10.18 10:22:04 | 000,115,263 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi
[2013.02.12 06:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2012.11.03 12:50:18 | 000,002,344 | ---- | M] () -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\searchplugins\askcom.xml
[2013.03.08 14:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.02 20:51:52 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2013.03.08 14:02:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - Startup: C:\Users\RK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362648753484 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DCC2B62-5BFD-4AFA-825A-6D910F509E47}: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2D7BDB-400D-48E6-8345-874DFFA9A04D}: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell - "" = AutoRun
O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell - "" = AutoRun
O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.14 09:01:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe
[2013.03.12 23:15:28 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2013.03.09 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Roaming\Malwarebytes
[2013.03.09 18:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.09 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.09 18:25:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.09 18:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.08 23:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.08 14:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.07 10:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.03.06 10:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.05 15:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.27 13:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2013.02.27 13:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.02.27 13:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.02.27 13:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.02.26 14:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.02.14 01:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2013.02.13 10:56:29 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.13 10:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.02.13 10:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.02.13 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Local\Windows Live
[2013.02.13 10:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.14 17:21:04 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.14 17:20:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.14 17:19:49 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.14 17:18:24 | 000,000,000 | ---- | M] () -- C:\Users\RK\defogger_reenable
[2013.03.14 17:01:34 | 000,482,463 | ---- | M] () -- C:\Users\RK\Desktop\FLT_9EMUQP2481_0.pdf
[2013.03.14 16:53:38 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.14 16:53:38 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.14 16:29:32 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.14 14:30:07 | 001,149,657 | ---- | M] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf
[2013.03.14 09:30:54 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.14 09:02:58 | 000,377,856 | ---- | M] () -- C:\Users\RK\Desktop\gmer_2.1.19155.exe
[2013.03.14 09:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe
[2013.03.14 09:01:13 | 000,050,477 | ---- | M] () -- C:\Users\RK\Desktop\Defogger.exe
[2013.03.14 08:26:54 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.14 08:26:54 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.14 08:26:54 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.14 08:26:54 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.14 00:38:36 | 000,684,626 | ---- | M] () -- C:\Users\RK\Desktop\Für alle Hilfesuchenden Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.pdf
[2013.03.12 23:15:28 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2013.03.05 18:40:52 | 000,572,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.27 15:55:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013.02.14 14:43:19 | 000,007,168 | ---- | M] () -- C:\Users\RK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.13 10:49:07 | 000,000,020 | ---- | M] () -- C:\Windows\èù¥
[1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.14 17:18:24 | 000,000,000 | ---- | C] () -- C:\Users\RK\defogger_reenable
[2013.03.14 17:01:28 | 000,482,463 | ---- | C] () -- C:\Users\RK\Desktop\FLT_9EMUQP2481_0.pdf
[2013.03.14 14:30:04 | 001,149,657 | ---- | C] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf
[2013.03.14 09:30:54 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.14 09:02:56 | 000,377,856 | ---- | C] () -- C:\Users\RK\Desktop\gmer_2.1.19155.exe
[2013.03.14 09:01:12 | 000,050,477 | ---- | C] () -- C:\Users\RK\Desktop\Defogger.exe
[2013.03.14 00:38:35 | 000,684,626 | ---- | C] () -- C:\Users\RK\Desktop\Für alle Hilfesuchenden Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.pdf
[2013.02.13 10:56:03 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.13 10:55:41 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.13 10:49:06 | 000,000,020 | ---- | C] () -- C:\Windows\èù¥
[2012.12.03 18:13:33 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini
[2012.08.24 15:49:07 | 000,000,351 | ---- | C] () -- C:\Users\RK\Spiele - Verknüpfung.lnk
[2012.08.19 23:35:19 | 000,007,168 | ---- | C] () -- C:\Users\RK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 17:11:54 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.05.01 09:04:19 | 000,004,096 | -H-- | C] () -- C:\Users\RK\AppData\Local\keyfile3.drm
[2012.04.22 21:06:23 | 000,017,408 | ---- | C] () -- C:\Users\RK\AppData\Local\WebpageIcons.db
[2012.04.16 17:33:31 | 000,000,173 | ---- | C] () -- C:\Users\RK\AppData\Local\msmathematics.qat.RK
[2012.04.05 15:49:54 | 000,180,008 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2012.03.02 17:20:08 | 000,007,600 | ---- | C] () -- C:\Users\RK\AppData\Local\Resmon.ResmonCfg
[2012.01.08 22:13:51 | 000,245,528 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.01.08 22:13:51 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.29 11:18:44 | 000,125,426 | ---- | C] () -- C:\Windows\cgmxp32.ini
[2011.12.28 16:20:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.28 16:14:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.12.28 16:14:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.12.26 18:55:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.01.26 23:49:11 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\DVDVideoSoft
[2013.01.15 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\FileZilla
[2012.01.09 11:32:33 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Leadertech
[2012.08.19 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia
[2012.08.19 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia Suite
[2012.09.18 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Opera
[2012.02.28 10:10:10 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\PC Suite
[2013.02.13 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Swiss Academic Software
[2012.01.11 17:01:46 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Sync App Settings
[2013.03.14 00:35:59 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\temp
[2012.02.01 08:42:27 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Trillian
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 14.03.2013 17:23:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RK\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,85% Memory free
3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,00 Gb Total Space | 1,97 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive D: | 46,69 Gb Total Space | 2,79 Gb Free Space | 5,97% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0079B8EF-A4E2-4862-96F4-F29C00490744}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\set.exe | 
"{0273A601-5074-4EA1-A0EB-CB93792189AB}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideocameraautoplaymanager.exe | 
"{034EADA1-C349-48C3-ABD3-7140A2591315}" = dir=out | app=%programfiles%\google\update\download\{430fd4d0-b729-4f61-aa34-91526481799d}\1.3.21.115\googleupdatesetup.exe | 
"{037B8C48-3A7A-4C0A-AE0A-3E699D7711FD}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe | 
"{043A57E5-78E6-4BF2-8085-2F06265D1790}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe | 
"{04CA5362-B4F9-44C6-9B65-FD62DD091BB1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe | 
"{04CD64A7-28FA-48FB-B71D-90DFBA406298}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_inst.exe | 
"{0546E6A3-D209-407C-A1C6-C5C4ED862E18}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\itype.exe | 
"{05D2FCD1-8442-4FBF-A855-E733040B5633}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe | 
"{073181B5-E6C9-4847-8803-10506DAD49D3}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousinfo.exe | 
"{0A1E443B-D8FA-4BDF-A018-AB86C878BD0E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\touchmousepractice.exe | 
"{0AFA7149-7067-409B-A04A-9A10419BF2EE}" = dir=out | app=%programfiles%\sigmatel\c-major audio\setup.exe | 
"{0C665A56-4AA6-424A-86C5-FF744C8AAC8C}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe | 
"{0CDE49E1-A8C4-4144-BAB1-799BEF0BFB7A}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe | 
"{0EE57F5F-37D7-4E2B-9226-6C86BDA8EA5D}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe | 
"{0F951987-3A50-4662-BA89-8F8847A8BC16}" = dir=out | app=%programfiles%\common files\hewlett-packard\scanjet\bin\hpsjrreg.exe | 
"{10189993-0D07-41E0-9B11-FDC4C745D910}" = dir=out | app=%programfiles%\hp\hp software update\hpwucli.exe | 
"{1097A53B-C01F-459D-BF4D-B2381988DEC9}" = dir=out | app=%programfiles%\common files\nokia\mpapi\mpapi3s.exe | 
"{110B43CC-925E-4A75-99F7-3CE212A1BCD7}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32c.exe | 
"{1110A76C-09F4-4735-9BD9-71EDF40365A5}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe | 
"{14599659-A902-43A2-A23D-8AF8060B7FC0}" = dir=out | app=%programfiles%\microsoft games\freecell\freecell.exe | 
"{15184DF7-4C4D-4416-8A3F-40077CC5DD56}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzrcv01.exe | 
"{1862159F-C8FF-4B1E-8A22-E92E6713D148}" = dir=out | app=%programfiles%\paint.net\pdnrepair.exe | 
"{1C733848-A55B-404F-82BD-C22128465777}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\sweb.exe | 
"{1D2B556E-E6ED-44DE-A4DD-41E31752D590}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbupdatechecker.exe | 
"{1FBE7388-1878-484D-ACF2-78508BB3F9A0}" = dir=out | app=%programfiles%\windows media player\wmpshare.exe | 
"{2410FF93-CCF2-479F-BF5B-C036744AE0C9}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\ipoint.exe | 
"{27E946EE-CFA0-45EC-9565-931544EB4466}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxalbumdownloadwizard.exe | 
"{28B907FB-3D2B-46C3-99D2-649AB4042D17}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\updchecker.exe | 
"{28E414B8-7477-4B11-ADC9-21381958E2E7}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxquicktimecontrolhost.exe | 
"{2B383911-75DE-4125-A3C0-8B379898D560}" = dir=out | app=%programfiles%\windows media player\wmpsideshowgadget.exe | 
"{2C8AB345-5908-446B-AB33-5D54E1C11048}" = dir=out | app=%programfiles%\windows media player\wmpdmc.exe | 
"{2CC348DD-18A9-49EA-BD62-2AA1E251DEA8}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxtranscode.exe | 
"{2D2C77D7-8ADD-40A5-9DF0-1DA9C284222B}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\fifa 09_code.exe | 
"{2DE75529-7D14-4B2E-8FC4-0930D74EE96F}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponentssilent.exe | 
"{2E31EB50-99E9-46DB-A1F7-AEDFA68BBDCC}" = dir=out | app=%programfiles%\microsoft games\solitaire\solitaire.exe | 
"{2F53687F-F82F-4B2C-87A9-810DA94DD1DB}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\set.exe | 
"{32FB258C-19D5-4681-93CE-23499C653910}" = dir=out | app=%programfiles%\allway sync\bin\syncappw.exe | 
"{33369236-BED9-4683-AC43-9E15D881AA5E}" = dir=out | app=%programfiles%\logitech\ereg\ereg.exe | 
"{333F2ED6-A086-4203-8E6C-05A1C9EA845E}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotoacquirewizard.exe | 
"{33586279-F8DF-4554-99B5-D84007358C58}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe | 
"{394343B5-7993-4AE3-AB4C-07A652163D0F}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideoacquirewizard.exe | 
"{3ADADFC8-3AE0-4DE1-B902-E31AD5734E6E}" = dir=out | app=%programfiles%\windows media player\wmprph.exe | 
"{3C590437-E664-4DE9-BACD-7D3962D63FA3}" = dir=out | app=%programfiles%\windows live\contacts\wlcomm.exe | 
"{3D4C55AE-B41E-4578-B6A6-A48F03D246F5}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzpnp01.exe | 
"{3D9C77C5-5332-4F61-8AF9-95D2E66ECDC4}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32.exe | 
"{3DDB5EC0-DC3A-4D37-A41F-9064D1C983DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe | 
"{3E9EB27E-4CD0-40B2-9F47-A2CD608F13B2}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogallery.exe | 
"{3EFA3DBC-F26B-457C-9195-9D8F32011A5E}" = dir=out | app=%programfiles%\activision\thps2\thps2setup.exe | 
"{3FC91082-6B2A-4A64-86AE-D637ED9FDCFB}" = dir=out | app=%programfiles%\microsoft mathematics\mathapp.exe | 
"{414357ED-8F80-4CE2-8687-D13E471B5091}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxcodechost.exe | 
"{4C2121E2-DE58-4329-BBDB-FE41F19D20FE}" = dir=out | app=%programfiles%\windows live\installer\wlarp.exe | 
"{4CE7E69C-34B2-4F5A-9B72-A4038A03A91F}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\btwizard.exe | 
"{536928D9-3BB2-4A10-808D-58581864DE3F}" = dir=out | app=%programfiles%\winamp\uninstwa.exe | 
"{53B8D633-64CE-4F69-803D-E37BD68B7701}" = dir=out | app=%programfiles%\windows media player\wmpenc.exe | 
"{540EBCEF-956D-4256-A6F1-4374636DC748}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe | 
"{55C08F72-E253-4965-96DD-CE471DB3DF20}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\agcp.exe | 
"{56051BF7-7162-40B3-B87B-4AEEBE06F793}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe | 
"{56680FC8-EF51-421A-B42E-DCD8C094768D}" = dir=out | app=%programfiles%\windows media player\wmlaunch.exe | 
"{5908627A-93CD-4CCE-975C-09FB5BA38CFC}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\!isrs1.exe | 
"{5913C5C3-3646-42B6-9F49-27A0BD6AC277}" = dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{59F05DB9-8B87-45AD-9741-B044A81F4594}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C30B6CF-6C43-4956-A6CE-4E8BC0076E7D}" = dir=out | app=%programfiles%\google\update\download\{eeaab3af-8e11-491f-be19-5fb80c829945}\googleupdatesetup.exe | 
"{5EE0DA65-1EFA-45D4-99F9-5BCCA689CE85}" = dir=out | app=%programfiles%\logitech\lws\webcam software\lws.exe | 
"{5F619AE8-02B7-46DF-B467-47FB44250A8E}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzmsi01.exe | 
"{60752969-11C3-4D66-930C-D93F60C89695}" = dir=out | app=%programfiles%\microsoft mathematics\conversiontool.exe | 
"{6158158D-B770-4587-AE4C-3E72D5BC8613}" = dir=out | app=%programfiles%\windows live\installer\wlstartup.exe | 
"{644F8532-F9F7-4E91-B243-7C85E25EDB37}" = dir=out | app=%programfiles%\windows live\installer\langselector.exe | 
"{64925DB3-5082-4415-889F-9714C9A44616}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\directx\dxsetup.exe | 
"{65BE358A-F1E6-4A83-9074-9737997C6640}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_uninst.exe | 
"{66097F35-AC8F-4BB1-B3DF-D398BEBB50C4}" = dir=out | app=%programfiles%\windows live\installer\wlsettings.exe | 
"{665BA24B-9178-4ECE-81B0-6C996A8AB8C1}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tvpi.exe | 
"{684E9CE2-37DC-4452-8E7E-5539A061C227}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\agcp.exe | 
"{6AB8E713-8E3B-48C4-B5F9-8283C749F807}" = dir=out | app=%programfiles%\google\update\googleupdate.exe | 
"{6F307793-BEC9-420A-B88E-46F710489567}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst32.exe | 
"{71CD78B6-AC38-485F-8A29-F52E95D6C1BE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe | 
"{7205C0E1-DB31-403C-8FD6-19791D7A0D3F}" = dir=out | app=%programfiles%\logitech\lws\webcam software\camerahelpershell.exe | 
"{7482FEE6-EF09-4BC1-9EB2-449D08887B48}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\coregen.exe | 
"{76F7A2F2-7A05-4AE3-B658-486ABDB6C878}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe | 
"{774DDA47-C338-4D23-A201-941EC7084CE0}" = dir=out | app=%programfiles%\common files\borland shared\bde\bdeadmin.exe | 
"{7894F630-FAB1-4BCA-9B5B-6DE3376B6924}" = dir=out | app=%programfiles%\paint.net\updatemonitor.exe | 
"{7939DCB3-9E02-448A-B3BF-55E9016D9099}" = dir=out | app=%programfiles%\logitech\lws\webcam software\launcher_main.exe | 
"{7B552D93-3E67-4F09-BC8A-E51FEFFE863B}" = dir=out | app=%programfiles%\microsoft games\mahjong\mahjong.exe | 
"{7B9D42DB-4ADB-4759-AC1E-C8345135B7EE}" = dir=out | app=%programfiles%\common files\logishrd\wuapp32.exe | 
"{7C9CA0E4-BF2A-49BF-BDD8-5FD180140529}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe | 
"{7CAB45A9-B07D-4577-BE47-B27FD48F92A7}" = dir=out | app=%programfiles%\logitech\lws\webcam software\motiondetection.exe | 
"{7E33C7F2-D8A7-4A93-BEAA-5A25D50095B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe | 
"{7F88B92B-342E-4B73-97F1-02D010A38F95}" = dir=out | app=%programfiles%\rainlendar2\rainlendar2.exe | 
"{826BC003-D6A3-4D96-B92C-596A9479D212}" = dir=out | app=%programfiles%\paint.net\setupngen.exe | 
"{82A1E441-9567-4857-833C-70B5EFA75301}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\silverlight.configuration.exe | 
"{840467FE-789E-40E4-94E1-51DB3EECD0BC}" = dir=out | app=%programfiles%\ea sports\fifa 09\fifa09.exe | 
"{842C5A14-6376-46DE-926D-3D15ECA48A87}" = dir=out | app=%programfiles%\hp\digital imaging\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup.exe | 
"{8583CCCF-939F-4584-979C-B3049987E06C}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponents.exe | 
"{861F0389-B226-422A-B3BA-1DCBD1D1B255}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unopkg.exe | 
"{88C4E078-8825-40D7-8675-BF9F2E1B8EF9}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\smath.exe | 
"{89CD7F1A-38F8-48CC-8FF2-B71590B56239}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe | 
"{8CC2A0F0-F5F8-4B6F-8B35-F20F1BEE0CA9}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\earegister.exe | 
"{8CFD21C5-CC02-4ADA-A752-29DA758E7DEB}" = dir=out | app=%programfiles%\microsoft games\hearts\hearts.exe | 
"{8EA5AFC0-17C4-49D8-8473-857871392636}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe | 
"{92543C76-1252-4DAC-B7AA-54E47CC31F63}" = dir=out | app=%programfiles%\microsoft games\spidersolitaire\spidersolitaire.exe | 
"{9486A45A-C8AF-4ACB-9B5A-5B39CD7555FB}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebasegui.exe | 
"{95ED97C4-735D-4969-9ABF-DA4484F56834}" = dir=out | app=%programfiles%\common files\dvdvideosoft\freestudiomanager.exe | 
"{978C1F79-CC11-4D1E-90EC-47670A6DE634}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\eadm\eadm-installer.exe | 
"{9DB418D7-6A03-4A8B-8E11-48D582733978}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\xmas05.exe | 
"{9E53457C-8AEB-4D28-B9D3-82FAB2A02546}" = dir=out | app=%programfiles%\logitech\lws\video mask maker\videomaskmaker.exe | 
"{9F8EEFF6-A27F-49B3-B6E0-4255D98CEFEA}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mskey.exe | 
"{A0705658-781B-40B8-A505-39D0D178A47E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\setup.exe | 
"{A30516E7-B2FD-4737-8FF4-F0F968E2CF61}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A33FC3D3-BDB1-4194-A4CE-767CB0CD28B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe | 
"{A50B5113-B9B5-4FAB-85F5-75F80D7045B0}" = dir=out | app=%programfiles%\microsoft mathematics\triangletool.exe | 
"{A5F9C162-A7F6-4B52-9DB0-1D67AB074EB2}" = dir=out | app=%programfiles%\audiograbber\lame.exe | 
"{A75A25C1-2824-4697-94BE-E42E3ABCC6A8}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmservice.exe | 
"{A7A1526E-131C-4D35-A486-DE71444674DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe | 
"{A8069ED4-B198-4382-BE3F-1DA5D5921C42}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe | 
"{A98ECF79-D641-4C26-9F8B-EEFA520F59CA}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\unins000.exe | 
"{A9DC367D-DFBD-4686-A51E-2935D027C795}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\kte.exe | 
"{AAADD2EB-785C-4C13-8FA5-6CB1A0CDC692}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\python.exe | 
"{AB5B109B-9EF3-47B3-A44B-922B5CDCCBA6}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzscr01.exe | 
"{AE337DB1-7B54-4B7B-8AF6-9D6DBDC5553B}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\edmanager09.exe | 
"{B18B0D2D-5219-45CA-B64D-73F01E7227CA}" = dir=out | app=%programfiles%\windows media player\setup_wm.exe | 
"{B1D5416B-AEDB-4C9A-9D2B-7EB4061AADD7}" = dir=out | app=%programfiles%\winamp\winamp.exe | 
"{B2F4443A-BA33-43C5-9697-300C1545A68B}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\isrs1.exe | 
"{B35D0E49-F205-4AF1-B54F-7547368DFDFD}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\silverlight.configuration.exe | 
"{B419DD5D-ECF7-4696-85E7-B8A08AE94945}" = dir=out | app=%programfiles%\windows media player\wmpconfig.exe | 
"{B43EE9AE-8E3D-4883-9D0D-339476B2312F}" = dir=out | app=%programfiles%\microsoft games\minesweeper\minesweeper.exe | 
"{B621870B-E97F-4B00-AB49-65BA256329A5}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\adrlist.exe | 
"{B752FEFA-7470-4A6B-876E-4F4E40B05FC3}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tmmonitor.exe | 
"{B9637847-0009-40FD-BFA9-3D14B26780CB}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmstatus.exe | 
"{BA4D3944-83F7-4563-A842-371EC8811308}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe | 
"{BB9C3583-AE3A-447C-9901-88EE6708F236}" = dir=out | app=%programfiles%\motogp\motogp.exe | 
"{BBA76351-3959-4EBD-BF08-773D92539526}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unoinfo.exe | 
"{BDB1136C-D200-4FBA-AA90-908C2289594A}" = dir=out | app=%programfiles%\videolan\vlc\vlc.exe | 
"{BE8D3ABA-C74B-402A-BDDF-627268FFB7CB}" = dir=out | app=%programfiles%\ml\englisch\englisch.exe | 
"{C12ED538-6440-4315-99C6-DC6D8F02822B}" = dir=out | app=%programfiles%\microsoft games\purble place\purbleplace.exe | 
"{C341059B-172B-42CC-BCBB-4608E09251B9}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{C57031BE-06BC-4573-8092-B64F450243E1}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe | 
"{C585C3F7-4A21-4179-989D-282E6EB0F2AF}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogalleryrepair.exe | 
"{C58F63C5-2E98-40A3-88A8-41140C67840E}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\eauninstall.exe | 
"{C59C3094-246A-4315-984F-6EE216516178}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe | 
"{C85DD59E-BDA1-4D50-97FB-9C84DC254B66}" = dir=out | app=%programfiles%\windows live\photo gallery\moviemaker.exe | 
"{C9A830FA-D5D4-4309-9533-615784E70F19}" = dir=out | app=%programfiles%\activision\thps2\thawk2.exe | 
"{CD511695-B3E9-4EC3-83D2-82D8520D8898}" = dir=out | app=%programfiles%\winamp\winamp.exe | 
"{CE905723-5A37-4F9C-B914-1622EAFF2653}" = dir=out | app=%programfiles%\dvd maker\dvdmaker.exe | 
"{CEA3EB6D-DA03-47C0-B65C-874A449F6657}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe | 
"{D4D1FC55-C095-4E31-A9F6-36EDE4BAE514}" = dir=out | app=%programfiles%\microsoft mathematics\mathset.exe | 
"{D6DF2EF7-6701-4CCF-BAB5-984A78C1CBD2}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebaseoo.exe | 
"{D86185A4-27A2-42C0-949F-AF1584B82F43}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe | 
"{DF74A2A2-36E3-4212-AB9B-2E969E14FAF7}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzstub.exe | 
"{E02F8F20-486A-4485-846D-C2BE8C0A3FE8}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe | 
"{E0FB6FE3-88C4-4181-B595-CEA7AD9684A8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{E2871BA3-E8B1-4152-AD65-86193DAD5F70}" = dir=out | app=%programfiles%\audiograbber\audiograbber.exe | 
"{E45626BE-6909-43D5-AFE7-3E1198874033}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\manager09.exe | 
"{E654EFE8-D247-45BD-9F2A-B2B07C579979}" = dir=out | app=%programfiles%\paint.net\paintdotnet.exe | 
"{E7786615-0B9D-4EF2-80A4-5F764E541F3A}" = dir=out | app=c:\program files\windows media player | 
"{E7FE04B3-EFC3-4789-99DB-B82FDE5E27C6}" = dir=out | app=%programfiles%\freepdf_xp\freepdf.exe | 
"{E9D3D17A-AC28-4047-9038-55E28B5AE28F}" = dir=out | app=%programfiles%\protectdisc driver installer\uninstall_v10.exe | 
"{EACEDC3E-A669-49CC-843F-B6A38175DB8F}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbstart.exe | 
"{EB0B22FA-169D-4892-B687-6910C8F6A853}" = dir=out | app=%programfiles%\microsoft games\chess\chess.exe | 
"{EC2836AB-0BA8-4D49-BEC9-F44CEB2E7BAC}" = dir=out | app=%programfiles%\microsoft silverlight\sllauncher.exe | 
"{F051501F-952C-43BA-8572-E2050A1DC6F4}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\soffice.exe | 
"{F0F1D133-763F-4ACB-944D-AA45DE994F9E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe | 
"{F33C87A1-017E-4AC1-871E-8616BDABC6E2}" = dir=out | app=%programfiles%\winamp\elevator.exe | 
"{F348BD7D-88BB-4A8F-9E18-36C751B4290F}" = dir=out | app=%programfiles%\tv ir\tv ir.exe | 
"{F81631AF-6C58-4862-8296-191EAE156646}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst.exe | 
"{FB7B74AD-70C9-4B61-B553-A2037D609BFD}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\jpg2pdf.exe | 
"{FC87C50B-7DBB-4E01-AC4F-51069C090792}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\coregen.exe | 
"{FD2C9A1A-F4B8-45DC-8D21-6493C4C8B208}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousekeyboardcenter.exe | 
"{FD4A40BC-739A-4D50-B462-BD10D2A4067E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe | 
"{FD73DA9A-3DF9-4E7F-A2CE-A172885B0DEC}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\!kte.exe | 
"{FE7EEA89-DDCC-44E1-890C-1D38DECAE1F2}" = dir=out | app=%programfiles%\paint.net\wiaproxy32.exe | 
"{FFFA4A84-1142-47B0-8E30-776E34240446}" = dir=out | app=%programfiles%\hp\hp software update\hpwuschd2.exe | 
"TCP Query User{36E2BCBB-4AB4-455D-BC6E-E6626F03B7EB}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{50311390-6BF5-4351-A028-59AD01948D14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{CC40E7FE-AE68-4529-A2DE-E35E61885611}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"TCP Query User{FF98523B-F2D5-4351-9BFB-54A2043AEF5E}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"UDP Query User{0017E05A-4333-4407-8566-4E976F48465A}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{0655DFA6-6095-48F1-8A4F-9BCC0F5D25C9}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"UDP Query User{41D3BBE5-9B5A-4431-BF74-0DF8DE67B6B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{480DDFD5-2EB1-43F4-BEA8-49487A321A9B}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft-Maus- und Tastatur-Center
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1FD1627-2EAF-48CB-A333-42D39BCB096D}" = TV IR
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7B205927ED4CE1D9763ED45C77FBF03B695208C0" = Windows-Treiberpaket - Ricoh R5U870 (UVC)  (02/28/2007 6.1008.207.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 9.4.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.6
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"ISRS1_16_689518" = Interaktive Sprachreise - Sprachkurs 1 Español
"KTE_16_689498" = Interaktive Sprachreise - Kommunikationstrainer English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"MotoGP_is1" = MotoGP
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiLingua Vokabeltrainer Englisch" = MultiLingua Vokabeltrainer Englisch
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PaperCut NG Client_is1" = PaperCut NG Client 10.7
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.03.2013 16:27:57 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
 
Error - 12.03.2013 16:27:57 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 12.03.2013 16:46:09 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
 
Error - 12.03.2013 16:46:09 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 12.03.2013 21:05:25 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
 
Error - 12.03.2013 21:05:25 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 12.03.2013 21:30:34 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
 
Error - 12.03.2013 21:30:34 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 13.03.2013 13:15:41 | Computer Name = Robert-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
 PC Suite 7\TIS_Windows7PIM.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 15:30:18 | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager09.exe, Version: 1.0.0.0, 
Zeitstempel: 0x48e6586a  Name des fehlerhaften Moduls: GfxCore.dll, Version: 0.0.0.0,
 Zeitstempel: 0x48e65406  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00296812  ID des fehlerhaften
 Prozesses: 0x95c  Startzeit der fehlerhaften Anwendung: 0x01ce2021249c1736  Pfad der
 fehlerhaften Anwendung: C:\Program Files\EA Sports\FUSSBALL MANAGER 09\Manager09.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\EA Sports\FUSSBALL MANAGER 09\GfxCore.dll
Berichtskennung:
 6fca68b3-8c14-11e2-9f23-0013a9c0c8e8
 
[ OSession Events ]
Error - 17.02.2012 19:35:08 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 714
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2012 12:41:31 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 237
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.12.2012 20:00:44 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57352
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 27.12.2012 10:00:30 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4519
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.03.2013 12:14:30 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
gmer.txt
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-14 21:14:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 FUJITSU_MHW2120BH rev.00000012 111,79GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\RK\AppData\Local\Temp\kgdiqpow.sys


---- System - GMER 2.1 ----

SSDT    95209306                                  ZwCreateSection
SSDT    95209310                                  ZwRequestWaitReplyPort
SSDT    9520930B                                  ZwSetContextThread
SSDT    95209315                                  ZwSetSecurityObject
SSDT    9520931A                                  ZwSystemDebugControl
SSDT    952092A7                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text   ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82E4C9E9 1 Byte  [06]
.text   ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82E861C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text   ntkrnlpa.exe!KeRemoveQueueEx + 11F7       82E8D30C 4 Bytes  [06, 93, 20, 95]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1553       82E8D668 4 Bytes  [10, 93, 20, 95]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1597       82E8D6AC 4 Bytes  [0B, 93, 20, 95]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1613       82E8D728 4 Bytes  [15, 93, 20, 95]
.text   ntkrnlpa.exe!KeRemoveQueueEx + 1667       82E8D77C 4 Bytes  [1A, 93, 20, 95]
.text   ...                                       
.reloc  C:\Windows\system32\drivers\acehlp10.sys  section is executable [0x94DBBB80, 0x37FC7, 0xE0000060]
.reloc  C:\Windows\system32\drivers\acedrv10.sys  section is executable [0x9816F000, 0x459C1, 0xE0000060]

---- EOF - GMER 2.1 ----
         
Meine Fragen wären nun:
Wie soll ich weiter vorgehen?
Ist eine vollständige Bereinigung des Systems möglich?

Da ich keine weiteren infizierten Dateien und wenig Zeit für ein Neuaufsetzen des PC's habe, hoffe ich sehr, dass ein Bereinigen des Systems möglich ist!?

Ich hoffe sehr, dass Ihr mir weiterhelfen könnt.

Vielen Dank für die Mühen schon einmal im Vorraus.

RK

PS: Leider habe ich es nicht geschafft, die Links von einzelnen Wörtern zu deaktivieren.

Alt 17.03.2013, 16:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 19.03.2013, 09:15   #3
RKxxx
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Hallo cosinus,

zuerst einmal vielen Dank für Deine schnelle und konkrete Hilfe.

Bevor ich die Logs poste, wollte ich noch einmal nachfragen, was ich mit den in Quarantäne verschobenen infizierten Registrierungsschluessel im Programm " Malwarebytes Anti-Malware " machen soll. Kann ich die aus der Quarantäne löschen?

Die Tools habe ich ausgeführt.

1) MBAR (Malwarebytes Anti-Rootkit)
Hier wurde beim ersten Durchlauf 1 Fund gemeldet, CleanUp-Prozess durchgeführt, 2. Suchlauf ohne Fund.
Anm.: Neustart musste manuell durchgeführt werden, das CommandWindow mit dem Löschvorgang kam trotzdem.

Log 1.Durchlauf:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
RK :: ROBERT-PC [administrator]

18.03.2013 21:19:14
mbar-log-2013-03-18 (21-19-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28579
Time elapsed: 14 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\CLASSES\RewardsArcade.BHO (PUP.RewardsArcade) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Log 2.Durchlauf:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
RK :: ROBERT-PC [administrator]

18.03.2013 21:40:12
mbar-log-2013-03-18 (21-40-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28569
Time elapsed: 13 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
2) aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-18 23:06:15
-----------------------------
23:06:15.572    OS Version: Windows 6.1.7601 Service Pack 1
23:06:15.572    Number of processors: 2 586 0xF0D
23:06:15.572    ComputerName: ROBERT-PC  UserName: RK
23:06:16.383    Initialize success
23:08:33.603    AVAST engine defs: 13031800
23:09:22.275    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
23:09:22.275    Disk 0 Vendor: FUJITSU_MHW2120BH 00000012 Size: 114473MB BusType: 11
23:09:22.275    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000074
23:09:22.275    Disk 1 Vendor: (  Size: 114473MB BusType: 0
23:09:22.275    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000075
23:09:22.291    Disk 2 Vendor: (  Size: 114473MB BusType: 0
23:09:22.415    Disk 0 MBR read successfully
23:09:22.415    Disk 0 MBR scan
23:09:22.431    Disk 0 Windows 7 default MBR code
23:09:22.431    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:09:22.447    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        66560 MB offset 206848
23:09:22.493    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        47811 MB offset 136521728
23:09:22.493    Disk 0 scanning sectors +234438656
23:09:22.556    Disk 0 scanning C:\Windows\system32\drivers
23:09:36.596    Service scanning
23:10:09.075    Modules scanning
23:10:23.474    Disk 0 trace - called modules:
23:10:23.490    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
23:10:23.490    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a508a0]
23:10:23.505    3 CLASSPNP.SYS[8922359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8596c908]
23:10:24.082    AVAST engine scan C:\Windows
23:10:27.062    AVAST engine scan C:\Windows\system32
23:13:33.435    AVAST engine scan C:\Windows\system32\drivers
23:13:50.065    AVAST engine scan C:\Users\RK
23:17:18.091    AVAST engine scan C:\ProgramData
23:18:17.590    Scan finished successfully
23:18:50.880    Disk 0 MBR has been saved successfully to "C:\Users\RK\Desktop\MBR.dat"
23:18:50.880    The log file has been saved successfully to "C:\Users\RK\Desktop\aswMBR.txt"
         
3) TDSS-Killer
Code:
ATTFilter
23:22:57.0922 2120  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:22:57.0937 2120  ============================================================
23:22:57.0937 2120  Current date / time: 2013/03/18 23:22:57.0937
23:22:57.0937 2120  SystemInfo:
23:22:57.0937 2120  
23:22:57.0937 2120  OS Version: 6.1.7601 ServicePack: 1.0
23:22:57.0937 2120  Product type: Workstation
23:22:57.0937 2120  ComputerName: ROBERT-PC
23:22:57.0937 2120  UserName: RK
23:22:57.0937 2120  Windows directory: C:\Windows
23:22:57.0937 2120  System windows directory: C:\Windows
23:22:57.0937 2120  Processor architecture: Intel x86
23:22:57.0937 2120  Number of processors: 2
23:22:57.0937 2120  Page size: 0x1000
23:22:57.0937 2120  Boot type: Normal boot
23:22:57.0937 2120  ============================================================
23:23:00.0699 2120  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:23:00.0699 2120  ============================================================
23:23:00.0699 2120  \Device\Harddisk0\DR0:
23:23:00.0699 2120  MBR partitions:
23:23:00.0699 2120  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:23:00.0699 2120  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x8200000
23:23:00.0699 2120  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x8232800, BlocksNum 0x5D61800
23:23:00.0699 2120  ============================================================
23:23:00.0745 2120  C: <-> \Device\Harddisk0\DR0\Partition2
23:23:00.0792 2120  D: <-> \Device\Harddisk0\DR0\Partition3
23:23:00.0792 2120  ============================================================
23:23:00.0792 2120  Initialize success
23:23:00.0792 2120  ============================================================
23:23:51.0134 2512  ============================================================
23:23:51.0134 2512  Scan started
23:23:51.0134 2512  Mode: Manual; SigCheck; TDLFS; 
23:23:51.0134 2512  ============================================================
23:23:52.0413 2512  ================ Scan system memory ========================
23:23:52.0413 2512  System memory - ok
23:23:52.0413 2512  ================ Scan services =============================
23:23:52.0600 2512  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:23:52.0787 2512  1394ohci - ok
23:23:52.0928 2512  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:23:53.0006 2512  ACDaemon - ok
23:23:53.0084 2512  [ 553BA53445795CBC0D4F9FA37EB855A6 ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
23:23:53.0240 2512  acedrv10 - ok
23:23:53.0318 2512  [ 8CE00B6A46962A1808B19CD1DAE5170C ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
23:23:53.0396 2512  acehlp10 - ok
23:23:53.0552 2512  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:23:53.0614 2512  ACPI - ok
23:23:53.0676 2512  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:23:54.0004 2512  AcpiPmi - ok
23:23:54.0238 2512  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:23:54.0254 2512  AdobeARMservice - ok
23:23:54.0347 2512  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:23:54.0394 2512  adp94xx - ok
23:23:54.0456 2512  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:23:54.0488 2512  adpahci - ok
23:23:54.0534 2512  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:23:54.0566 2512  adpu320 - ok
23:23:54.0597 2512  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:23:54.0690 2512  AeLookupSvc - ok
23:23:54.0784 2512  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\Windows\system32\drivers\Afc.sys
23:23:54.0815 2512  Afc ( UnsignedFile.Multi.Generic ) - warning
23:23:54.0815 2512  Afc - detected UnsignedFile.Multi.Generic (1)
23:23:54.0924 2512  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
23:23:55.0205 2512  AFD - ok
23:23:55.0252 2512  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
23:23:55.0330 2512  agp440 - ok
23:23:55.0377 2512  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
23:23:55.0439 2512  aic78xx - ok
23:23:55.0486 2512  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
23:23:55.0580 2512  ALG - ok
23:23:55.0642 2512  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:23:55.0673 2512  aliide - ok
23:23:55.0720 2512  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:23:55.0751 2512  amdagp - ok
23:23:55.0767 2512  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:23:55.0814 2512  amdide - ok
23:23:55.0938 2512  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:23:56.0001 2512  AmdK8 - ok
23:23:56.0016 2512  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:23:56.0079 2512  AmdPPM - ok
23:23:56.0141 2512  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:23:56.0172 2512  amdsata - ok
23:23:56.0235 2512  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:23:56.0282 2512  amdsbs - ok
23:23:56.0297 2512  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:23:56.0313 2512  amdxata - ok
23:23:56.0453 2512  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:23:56.0484 2512  AntiVirSchedulerService - ok
23:23:56.0516 2512  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:23:56.0531 2512  AntiVirService - ok
23:23:56.0640 2512  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
23:23:56.0687 2512  AppID - ok
23:23:56.0734 2512  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:23:56.0812 2512  AppIDSvc - ok
23:23:56.0921 2512  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
23:23:56.0999 2512  Appinfo - ok
23:23:57.0140 2512  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:23:57.0249 2512  AppMgmt - ok
23:23:57.0342 2512  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:23:57.0389 2512  arc - ok
23:23:57.0436 2512  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:23:57.0467 2512  arcsas - ok
23:23:57.0530 2512  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:23:58.0013 2512  AsyncMac - ok
23:23:58.0060 2512  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
23:23:58.0076 2512  atapi - ok
23:23:58.0232 2512  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:23:58.0356 2512  AudioEndpointBuilder - ok
23:23:58.0388 2512  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:23:58.0419 2512  Audiosrv - ok
23:23:58.0481 2512  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:23:58.0544 2512  avgntflt - ok
23:23:58.0606 2512  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:23:58.0668 2512  avipbb - ok
23:23:58.0684 2512  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:23:58.0746 2512  avkmgr - ok
23:23:58.0793 2512  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:23:58.0887 2512  AxInstSV - ok
23:23:58.0934 2512  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
23:23:59.0012 2512  b06bdrv - ok
23:23:59.0043 2512  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:23:59.0074 2512  b57nd60x - ok
23:23:59.0136 2512  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:23:59.0183 2512  BDESVC - ok
23:23:59.0214 2512  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:23:59.0261 2512  Beep - ok
23:23:59.0339 2512  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
23:23:59.0417 2512  BFE - ok
23:23:59.0480 2512  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
23:23:59.0558 2512  BITS - ok
23:23:59.0589 2512  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:23:59.0620 2512  blbdrive - ok
23:23:59.0636 2512  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:23:59.0682 2512  bowser - ok
23:23:59.0714 2512  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:23:59.0792 2512  BrFiltLo - ok
23:23:59.0807 2512  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:23:59.0870 2512  BrFiltUp - ok
23:23:59.0916 2512  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
23:23:59.0979 2512  Browser - ok
23:23:59.0994 2512  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:24:00.0072 2512  Brserid - ok
23:24:00.0088 2512  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:24:00.0135 2512  BrSerWdm - ok
23:24:00.0150 2512  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:24:00.0182 2512  BrUsbMdm - ok
23:24:00.0213 2512  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:24:00.0244 2512  BrUsbSer - ok
23:24:00.0275 2512  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:24:00.0306 2512  BTHMODEM - ok
23:24:00.0369 2512  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
23:24:00.0431 2512  bthserv - ok
23:24:00.0462 2512  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:24:00.0509 2512  cdfs - ok
23:24:00.0572 2512  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:24:00.0603 2512  cdrom - ok
23:24:00.0665 2512  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:24:00.0712 2512  CertPropSvc - ok
23:24:00.0743 2512  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:24:00.0774 2512  circlass - ok
23:24:00.0806 2512  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:24:00.0821 2512  CLFS - ok
23:24:00.0884 2512  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:00.0915 2512  clr_optimization_v2.0.50727_32 - ok
23:24:01.0008 2512  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:01.0055 2512  clr_optimization_v4.0.30319_32 - ok
23:24:01.0086 2512  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:01.0102 2512  CmBatt - ok
23:24:01.0118 2512  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:24:01.0149 2512  cmdide - ok
23:24:01.0180 2512  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
23:24:01.0242 2512  CNG - ok
23:24:01.0274 2512  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:24:01.0289 2512  Compbatt - ok
23:24:01.0352 2512  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:24:01.0367 2512  CompositeBus - ok
23:24:01.0383 2512  COMSysApp - ok
23:24:01.0398 2512  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:24:01.0430 2512  crcdisk - ok
23:24:01.0492 2512  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:24:01.0554 2512  CryptSvc - ok
23:24:01.0617 2512  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
23:24:01.0664 2512  CSC - ok
23:24:01.0695 2512  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
23:24:01.0742 2512  CscService - ok
23:24:01.0851 2512  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
23:24:01.0898 2512  CVirtA - ok
23:24:02.0038 2512  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
23:24:02.0100 2512  CVPND - ok
23:24:02.0210 2512  [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
23:24:02.0256 2512  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
23:24:02.0256 2512  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
23:24:02.0319 2512  [ 418114393BFCCE0B4F7CAE96405F4428 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
23:24:02.0334 2512  dc3d - ok
23:24:02.0397 2512  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:24:02.0444 2512  DcomLaunch - ok
23:24:02.0490 2512  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:24:02.0553 2512  defragsvc - ok
23:24:02.0600 2512  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:24:02.0646 2512  DfsC - ok
23:24:02.0709 2512  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:24:02.0787 2512  Dhcp - ok
23:24:02.0818 2512  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:24:02.0865 2512  discache - ok
23:24:02.0912 2512  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:24:02.0927 2512  Disk - ok
23:24:02.0990 2512  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
23:24:03.0021 2512  DNE - ok
23:24:03.0052 2512  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:24:03.0114 2512  Dnscache - ok
23:24:03.0161 2512  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:24:03.0224 2512  dot3svc - ok
23:24:03.0270 2512  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:24:03.0317 2512  Dot4 - ok
23:24:03.0348 2512  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:24:03.0380 2512  Dot4Print - ok
23:24:03.0395 2512  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
23:24:03.0442 2512  dot4usb - ok
23:24:03.0489 2512  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
23:24:03.0567 2512  DPS - ok
23:24:03.0598 2512  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:24:03.0629 2512  drmkaud - ok
23:24:03.0676 2512  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:24:03.0723 2512  DXGKrnl - ok
23:24:03.0754 2512  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
23:24:03.0801 2512  EapHost - ok
23:24:03.0941 2512  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
23:24:04.0113 2512  ebdrv - ok
23:24:04.0160 2512  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
23:24:04.0206 2512  EFS - ok
23:24:04.0238 2512  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:24:04.0284 2512  elxstor - ok
23:24:04.0331 2512  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:24:04.0362 2512  ErrDev - ok
23:24:04.0409 2512  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
23:24:04.0456 2512  EventSystem - ok
23:24:04.0487 2512  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
23:24:04.0550 2512  exfat - ok
23:24:04.0596 2512  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:24:04.0659 2512  fastfat - ok
23:24:04.0737 2512  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
23:24:04.0799 2512  Fax - ok
23:24:04.0830 2512  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:24:04.0862 2512  fdc - ok
23:24:04.0893 2512  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
23:24:04.0955 2512  fdPHost - ok
23:24:04.0971 2512  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:24:05.0002 2512  FDResPub - ok
23:24:05.0033 2512  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:24:05.0049 2512  FileInfo - ok
23:24:05.0064 2512  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:24:05.0127 2512  Filetrace - ok
23:24:05.0158 2512  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:24:05.0189 2512  flpydisk - ok
23:24:05.0220 2512  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:24:05.0236 2512  FltMgr - ok
23:24:05.0314 2512  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
23:24:05.0423 2512  FontCache - ok
23:24:05.0501 2512  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:24:05.0517 2512  FontCache3.0.0.0 - ok
23:24:05.0548 2512  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:24:05.0564 2512  FsDepends - ok
23:24:05.0610 2512  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:24:05.0626 2512  Fs_Rec - ok
23:24:05.0688 2512  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:24:05.0720 2512  fvevol - ok
23:24:05.0766 2512  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:24:05.0782 2512  gagp30kx - ok
23:24:05.0829 2512  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:24:05.0907 2512  gpsvc - ok
23:24:06.0063 2512  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:24:06.0078 2512  gupdate - ok
23:24:06.0094 2512  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:24:06.0094 2512  gupdatem - ok
23:24:06.0125 2512  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:24:06.0172 2512  hcw85cir - ok
23:24:06.0219 2512  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:24:06.0266 2512  HdAudAddService - ok
23:24:06.0297 2512  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:24:06.0344 2512  HDAudBus - ok
23:24:06.0390 2512  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:24:06.0406 2512  HidBatt - ok
23:24:06.0422 2512  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:24:06.0468 2512  HidBth - ok
23:24:06.0500 2512  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:24:06.0546 2512  HidIr - ok
23:24:06.0578 2512  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
23:24:06.0624 2512  hidserv - ok
23:24:06.0687 2512  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:24:06.0734 2512  HidUsb - ok
23:24:06.0765 2512  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:24:06.0812 2512  hkmsvc - ok
23:24:06.0874 2512  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:24:06.0952 2512  HomeGroupListener - ok
23:24:06.0999 2512  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:24:07.0046 2512  HomeGroupProvider - ok
23:24:07.0186 2512  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:24:07.0217 2512  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:24:07.0217 2512  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:24:07.0248 2512  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:24:07.0280 2512  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:24:07.0280 2512  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:24:07.0342 2512  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:24:07.0373 2512  HpSAMD - ok
23:24:07.0404 2512  [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:24:07.0498 2512  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:24:07.0498 2512  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:24:07.0545 2512  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:24:07.0638 2512  HTTP - ok
23:24:07.0685 2512  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:24:07.0701 2512  hwpolicy - ok
23:24:07.0748 2512  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:24:07.0794 2512  i8042prt - ok
23:24:07.0872 2512  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:24:07.0904 2512  iaStorV - ok
23:24:07.0982 2512  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:24:08.0091 2512  idsvc - ok
23:24:08.0278 2512  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:24:08.0543 2512  igfx - ok
23:24:08.0606 2512  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:24:08.0621 2512  iirsp - ok
23:24:08.0684 2512  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:24:08.0777 2512  IKEEXT - ok
23:24:08.0808 2512  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:24:08.0840 2512  intelide - ok
23:24:08.0855 2512  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:24:08.0886 2512  intelppm - ok
23:24:08.0918 2512  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:24:08.0980 2512  IPBusEnum - ok
23:24:09.0011 2512  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:24:09.0074 2512  IpFilterDriver - ok
23:24:09.0136 2512  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:24:09.0214 2512  iphlpsvc - ok
23:24:09.0261 2512  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:24:09.0308 2512  IPMIDRV - ok
23:24:09.0339 2512  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:24:09.0386 2512  IPNAT - ok
23:24:09.0417 2512  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:24:09.0448 2512  IRENUM - ok
23:24:09.0464 2512  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:24:09.0495 2512  isapnp - ok
23:24:09.0526 2512  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:24:09.0557 2512  iScsiPrt - ok
23:24:09.0573 2512  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:24:09.0604 2512  kbdclass - ok
23:24:09.0666 2512  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:24:09.0698 2512  kbdhid - ok
23:24:09.0713 2512  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
23:24:09.0729 2512  KeyIso - ok
23:24:09.0776 2512  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:24:09.0791 2512  KSecDD - ok
23:24:09.0838 2512  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:24:09.0869 2512  KSecPkg - ok
23:24:09.0900 2512  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:24:09.0963 2512  KtmRm - ok
23:24:10.0025 2512  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:24:10.0072 2512  LanmanServer - ok
23:24:10.0088 2512  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:24:10.0134 2512  LanmanWorkstation - ok
23:24:10.0181 2512  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:24:10.0228 2512  lltdio - ok
23:24:10.0275 2512  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:24:10.0322 2512  lltdsvc - ok
23:24:10.0353 2512  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:24:10.0400 2512  lmhosts - ok
23:24:10.0431 2512  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:24:10.0462 2512  LSI_FC - ok
23:24:10.0478 2512  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:24:10.0509 2512  LSI_SAS - ok
23:24:10.0524 2512  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:24:10.0556 2512  LSI_SAS2 - ok
23:24:10.0571 2512  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:24:10.0602 2512  LSI_SCSI - ok
23:24:10.0618 2512  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
23:24:10.0665 2512  luafv - ok
23:24:10.0712 2512  [ 7521C0C58EE91BE90B6CC33E792D10C7 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
23:24:10.0774 2512  LVRS - ok
23:24:10.0930 2512  [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
23:24:11.0195 2512  LVUVC - ok
23:24:11.0226 2512  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:24:11.0258 2512  megasas - ok
23:24:11.0289 2512  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:24:11.0320 2512  MegaSR - ok
23:24:11.0429 2512  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:24:11.0445 2512  Microsoft Office Groove Audit Service - ok
23:24:11.0492 2512  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
23:24:11.0538 2512  MMCSS - ok
23:24:11.0554 2512  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
23:24:11.0616 2512  Modem - ok
23:24:11.0632 2512  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:24:11.0679 2512  monitor - ok
23:24:11.0710 2512  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:24:11.0741 2512  mouclass - ok
23:24:11.0788 2512  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:24:11.0835 2512  mouhid - ok
23:24:11.0882 2512  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:24:11.0897 2512  mountmgr - ok
23:24:12.0006 2512  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:24:12.0038 2512  MozillaMaintenance - ok
23:24:12.0084 2512  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:24:12.0116 2512  mpio - ok
23:24:12.0131 2512  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:24:12.0178 2512  mpsdrv - ok
23:24:12.0240 2512  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:24:12.0303 2512  MpsSvc - ok
23:24:12.0350 2512  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:24:12.0396 2512  MRxDAV - ok
23:24:12.0428 2512  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:24:12.0474 2512  mrxsmb - ok
23:24:12.0506 2512  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:24:12.0552 2512  mrxsmb10 - ok
23:24:12.0568 2512  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:24:12.0599 2512  mrxsmb20 - ok
23:24:12.0646 2512  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
23:24:12.0662 2512  msahci - ok
23:24:12.0708 2512  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:24:12.0740 2512  msdsm - ok
23:24:12.0771 2512  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
23:24:12.0802 2512  MSDTC - ok
23:24:12.0849 2512  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:24:12.0880 2512  Msfs - ok
23:24:12.0896 2512  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:24:12.0927 2512  mshidkmdf - ok
23:24:12.0989 2512  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:24:13.0005 2512  msisadrv - ok
23:24:13.0036 2512  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:24:13.0098 2512  MSiSCSI - ok
23:24:13.0098 2512  msiserver - ok
23:24:13.0145 2512  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:24:13.0176 2512  MSKSSRV - ok
23:24:13.0192 2512  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:24:13.0254 2512  MSPCLOCK - ok
23:24:13.0270 2512  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:24:13.0301 2512  MSPQM - ok
23:24:13.0332 2512  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:24:13.0364 2512  MsRPC - ok
23:24:13.0379 2512  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:24:13.0410 2512  mssmbios - ok
23:24:13.0442 2512  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:24:13.0473 2512  MSTEE - ok
23:24:13.0488 2512  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:24:13.0520 2512  MTConfig - ok
23:24:13.0551 2512  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:24:13.0566 2512  Mup - ok
23:24:13.0629 2512  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
23:24:13.0660 2512  napagent - ok
23:24:13.0707 2512  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:24:13.0738 2512  NativeWifiP - ok
23:24:13.0800 2512  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:24:13.0863 2512  NDIS - ok
23:24:13.0878 2512  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:24:13.0925 2512  NdisCap - ok
23:24:13.0956 2512  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:24:14.0003 2512  NdisTapi - ok
23:24:14.0050 2512  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:24:14.0097 2512  Ndisuio - ok
23:24:14.0144 2512  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:24:14.0175 2512  NdisWan - ok
23:24:14.0190 2512  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:24:14.0253 2512  NDProxy - ok
23:24:14.0284 2512  [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:24:14.0300 2512  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:24:14.0300 2512  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:24:14.0331 2512  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:24:14.0393 2512  NetBIOS - ok
23:24:14.0456 2512  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:24:14.0502 2512  NetBT - ok
23:24:14.0518 2512  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
23:24:14.0534 2512  Netlogon - ok
23:24:14.0596 2512  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:24:14.0643 2512  Netman - ok
23:24:14.0658 2512  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:24:14.0721 2512  netprofm - ok
23:24:14.0752 2512  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:24:14.0768 2512  NetTcpPortSharing - ok
23:24:14.0939 2512  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
23:24:15.0189 2512  netw5v32 - ok
23:24:15.0220 2512  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:24:15.0251 2512  nfrd960 - ok
23:24:15.0298 2512  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:24:15.0314 2512  NlaSvc - ok
23:24:15.0392 2512  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
23:24:15.0470 2512  nmwcd - ok
23:24:15.0532 2512  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
23:24:15.0579 2512  nmwcdc - ok
23:24:15.0641 2512  [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu        C:\Windows\system32\drivers\nmwcdnsu.sys
23:24:15.0704 2512  nmwcdnsu - ok
23:24:15.0735 2512  [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc       C:\Windows\system32\drivers\nmwcdnsuc.sys
23:24:15.0766 2512  nmwcdnsuc - ok
23:24:15.0797 2512  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:24:15.0844 2512  Npfs - ok
23:24:15.0860 2512  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
23:24:15.0906 2512  nsi - ok
23:24:15.0906 2512  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:24:15.0953 2512  nsiproxy - ok
23:24:16.0047 2512  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:24:16.0156 2512  Ntfs - ok
23:24:16.0172 2512  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:24:16.0203 2512  Null - ok
23:24:16.0250 2512  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:24:16.0281 2512  nvraid - ok
23:24:16.0312 2512  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:24:16.0343 2512  nvstor - ok
23:24:16.0343 2512  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:24:16.0374 2512  nv_agp - ok
23:24:16.0484 2512  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:24:16.0515 2512  odserv - ok
23:24:16.0562 2512  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:24:16.0593 2512  ohci1394 - ok
23:24:16.0655 2512  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:24:16.0686 2512  ose - ok
23:24:16.0733 2512  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:24:16.0796 2512  p2pimsvc - ok
23:24:16.0827 2512  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:24:16.0858 2512  p2psvc - ok
23:24:16.0889 2512  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:24:16.0920 2512  Parport - ok
23:24:16.0967 2512  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:24:16.0983 2512  partmgr - ok
23:24:16.0998 2512  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:24:17.0030 2512  Parvdm - ok
23:24:17.0045 2512  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:24:17.0076 2512  PcaSvc - ok
23:24:17.0108 2512  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
23:24:17.0139 2512  pccsmcfd - ok
23:24:17.0170 2512  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
23:24:17.0186 2512  pci - ok
23:24:17.0217 2512  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
23:24:17.0248 2512  pciide - ok
23:24:17.0279 2512  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:24:17.0310 2512  pcmcia - ok
23:24:17.0326 2512  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
23:24:17.0342 2512  pcw - ok
23:24:17.0388 2512  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:24:17.0466 2512  PEAUTH - ok
23:24:17.0529 2512  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:24:17.0638 2512  PeerDistSvc - ok
23:24:17.0747 2512  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
23:24:17.0872 2512  pla - ok
23:24:17.0934 2512  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:24:17.0981 2512  PlugPlay - ok
23:24:18.0028 2512  [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:24:18.0044 2512  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:24:18.0044 2512  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:24:18.0075 2512  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:24:18.0106 2512  PNRPAutoReg - ok
23:24:18.0137 2512  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:24:18.0153 2512  PNRPsvc - ok
23:24:18.0215 2512  [ 226BAACBFA1BA1A4937935DBC23CB1CD ] Point32         C:\Windows\system32\DRIVERS\point32.sys
23:24:18.0246 2512  Point32 - ok
23:24:18.0293 2512  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:24:18.0356 2512  PolicyAgent - ok
23:24:18.0402 2512  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
23:24:18.0449 2512  Power - ok
23:24:18.0480 2512  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:24:18.0527 2512  PptpMiniport - ok
23:24:18.0543 2512  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:24:18.0590 2512  Processor - ok
23:24:18.0652 2512  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
23:24:18.0699 2512  ProfSvc - ok
23:24:18.0714 2512  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:24:18.0730 2512  ProtectedStorage - ok
23:24:18.0761 2512  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:24:18.0792 2512  Psched - ok
23:24:18.0870 2512  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:24:18.0980 2512  ql2300 - ok
23:24:18.0995 2512  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:24:19.0026 2512  ql40xx - ok
23:24:19.0058 2512  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
23:24:19.0089 2512  QWAVE - ok
23:24:19.0104 2512  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:24:19.0136 2512  QWAVEdrv - ok
23:24:19.0198 2512  [ C7978AB193C145BC82625A5516C5224B ] R5U870FLx86     C:\Windows\system32\Drivers\R5U870FLx86.sys
23:24:19.0245 2512  R5U870FLx86 - ok
23:24:19.0307 2512  [ 0CAF10CFA5A3DBF334ABA05058407291 ] R5U870FUx86     C:\Windows\system32\Drivers\R5U870FUx86.sys
23:24:19.0323 2512  R5U870FUx86 - ok
23:24:19.0354 2512  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:24:19.0401 2512  RasAcd - ok
23:24:19.0448 2512  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:24:19.0510 2512  RasAgileVpn - ok
23:24:19.0541 2512  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
23:24:19.0572 2512  RasAuto - ok
23:24:19.0588 2512  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:24:19.0650 2512  Rasl2tp - ok
23:24:19.0713 2512  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
23:24:19.0791 2512  RasMan - ok
23:24:19.0806 2512  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:24:19.0853 2512  RasPppoe - ok
23:24:19.0884 2512  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:24:19.0931 2512  RasSstp - ok
23:24:19.0978 2512  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:24:20.0040 2512  rdbss - ok
23:24:20.0056 2512  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:24:20.0072 2512  rdpbus - ok
23:24:20.0118 2512  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:24:20.0150 2512  RDPCDD - ok
23:24:20.0165 2512  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:24:20.0228 2512  RDPDR - ok
23:24:20.0259 2512  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:24:20.0290 2512  RDPENCDD - ok
23:24:20.0321 2512  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:24:20.0368 2512  RDPREFMP - ok
23:24:20.0462 2512  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:24:20.0508 2512  RdpVideoMiniport - ok
23:24:20.0555 2512  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:24:20.0618 2512  RDPWD - ok
23:24:20.0680 2512  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:24:20.0711 2512  rdyboost - ok
23:24:20.0727 2512  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:24:20.0789 2512  RemoteAccess - ok
23:24:20.0836 2512  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:24:20.0883 2512  RemoteRegistry - ok
23:24:20.0914 2512  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:24:20.0976 2512  RpcEptMapper - ok
23:24:21.0008 2512  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:24:21.0039 2512  RpcLocator - ok
23:24:21.0070 2512  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
23:24:21.0101 2512  RpcSs - ok
23:24:21.0132 2512  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:24:21.0179 2512  rspndr - ok
23:24:21.0226 2512  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:24:21.0273 2512  s3cap - ok
23:24:21.0304 2512  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
23:24:21.0320 2512  SamSs - ok
23:24:21.0351 2512  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:24:21.0366 2512  sbp2port - ok
23:24:21.0413 2512  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:24:21.0476 2512  SCardSvr - ok
23:24:21.0507 2512  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:24:21.0538 2512  scfilter - ok
23:24:21.0616 2512  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
23:24:21.0694 2512  Schedule - ok
23:24:21.0710 2512  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:24:21.0741 2512  SCPolicySvc - ok
23:24:21.0788 2512  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:24:21.0866 2512  SDRSVC - ok
23:24:21.0912 2512  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:24:21.0944 2512  secdrv - ok
23:24:21.0975 2512  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:24:22.0037 2512  seclogon - ok
23:24:22.0068 2512  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
23:24:22.0100 2512  SENS - ok
23:24:22.0146 2512  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:24:22.0209 2512  SensrSvc - ok
23:24:22.0224 2512  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:24:22.0256 2512  Serenum - ok
23:24:22.0287 2512  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:24:22.0334 2512  Serial - ok
23:24:22.0365 2512  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:24:22.0412 2512  sermouse - ok
23:24:22.0521 2512  [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
23:24:22.0614 2512  ServiceLayer - ok
23:24:22.0661 2512  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:24:22.0708 2512  SessionEnv - ok
23:24:22.0755 2512  [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
23:24:22.0802 2512  SFEP - ok
23:24:22.0848 2512  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:24:22.0911 2512  sffdisk - ok
23:24:22.0926 2512  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:24:22.0973 2512  sffp_mmc - ok
23:24:22.0989 2512  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:24:23.0004 2512  sffp_sd - ok
23:24:23.0036 2512  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:24:23.0067 2512  sfloppy - ok
23:24:23.0098 2512  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:24:23.0176 2512  SharedAccess - ok
23:24:23.0207 2512  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:24:23.0270 2512  ShellHWDetection - ok
23:24:23.0316 2512  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:24:23.0348 2512  sisagp - ok
23:24:23.0363 2512  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:24:23.0394 2512  SiSRaid2 - ok
23:24:23.0410 2512  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:24:23.0426 2512  SiSRaid4 - ok
23:24:23.0504 2512  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:24:23.0566 2512  SkypeUpdate - ok
23:24:23.0613 2512  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:24:23.0660 2512  Smb - ok
23:24:23.0706 2512  [ D169F32EEFCD6EF6B84D12876514E7F8 ] smsbda          C:\Windows\system32\drivers\smsbda.sys
23:24:23.0738 2512  smsbda - ok
23:24:23.0784 2512  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:24:23.0816 2512  SNMPTRAP - ok
23:24:23.0847 2512  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:24:23.0862 2512  spldr - ok
23:24:23.0909 2512  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
23:24:23.0956 2512  Spooler - ok
23:24:24.0096 2512  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:24:24.0252 2512  sppsvc - ok
23:24:24.0299 2512  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:24:24.0362 2512  sppuinotify - ok
23:24:24.0393 2512  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:24:24.0455 2512  srv - ok
23:24:24.0486 2512  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:24:24.0533 2512  srv2 - ok
23:24:24.0564 2512  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:24:24.0611 2512  SrvHsfHDA - ok
23:24:24.0658 2512  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:24:24.0736 2512  SrvHsfV92 - ok
23:24:24.0767 2512  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:24:24.0814 2512  SrvHsfWinac - ok
23:24:24.0845 2512  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:24:24.0876 2512  srvnet - ok
23:24:24.0923 2512  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:24:24.0986 2512  SSDPSRV - ok
23:24:25.0032 2512  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:24:25.0048 2512  ssmdrv - ok
23:24:25.0064 2512  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:24:25.0126 2512  SstpSvc - ok
23:24:25.0157 2512  [ 3A21F06754F4028FEAFEEE85C4E5C01A ] STacSV          C:\Windows\system32\stacsv.exe
23:24:25.0204 2512  STacSV - ok
23:24:25.0235 2512  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:24:25.0266 2512  stexstor - ok
23:24:25.0313 2512  [ 7127CEDECD3E4DE711D679080FAC67D0 ] STHDA           C:\Windows\system32\drivers\stwrt.sys
23:24:25.0344 2512  STHDA - ok
23:24:25.0391 2512  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:24:25.0469 2512  StiSvc - ok
23:24:25.0500 2512  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:24:25.0532 2512  storflt - ok
23:24:25.0563 2512  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
23:24:25.0594 2512  StorSvc - ok
23:24:25.0610 2512  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:24:25.0641 2512  storvsc - ok
23:24:25.0672 2512  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:24:25.0703 2512  swenum - ok
23:24:25.0734 2512  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
23:24:25.0781 2512  swprv - ok
23:24:25.0859 2512  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
23:24:25.0984 2512  SysMain - ok
23:24:26.0031 2512  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:24:26.0078 2512  TabletInputService - ok
23:24:26.0124 2512  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:24:26.0171 2512  TapiSrv - ok
23:24:26.0202 2512  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
23:24:26.0265 2512  TBS - ok
23:24:26.0343 2512  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:24:26.0452 2512  Tcpip - ok
23:24:26.0514 2512  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:24:26.0546 2512  TCPIP6 - ok
23:24:26.0608 2512  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:24:26.0639 2512  tcpipreg - ok
23:24:26.0670 2512  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:24:26.0717 2512  TDPIPE - ok
23:24:26.0748 2512  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:24:26.0795 2512  TDTCP - ok
23:24:26.0842 2512  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:24:26.0889 2512  tdx - ok
23:24:26.0936 2512  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:24:26.0951 2512  TermDD - ok
23:24:27.0014 2512  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
23:24:27.0076 2512  TermService - ok
23:24:27.0123 2512  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:24:27.0170 2512  Themes - ok
23:24:27.0185 2512  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:24:27.0216 2512  THREADORDER - ok
23:24:27.0294 2512  [ 909CD987B54A8179C9AEE874D754721A ] ti21sony        C:\Windows\system32\drivers\ti21sony.sys
23:24:27.0388 2512  ti21sony - ok
23:24:27.0419 2512  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:24:27.0482 2512  TrkWks - ok
23:24:27.0528 2512  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:24:27.0591 2512  TrustedInstaller - ok
23:24:27.0606 2512  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:24:27.0669 2512  tssecsrv - ok
23:24:27.0716 2512  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:24:27.0778 2512  TsUsbFlt - ok
23:24:27.0840 2512  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:24:27.0887 2512  tunnel - ok
23:24:27.0918 2512  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:24:27.0950 2512  uagp35 - ok
23:24:27.0981 2512  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:24:28.0043 2512  udfs - ok
23:24:28.0074 2512  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:24:28.0106 2512  UI0Detect - ok
23:24:28.0121 2512  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:24:28.0152 2512  uliagpkx - ok
23:24:28.0168 2512  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:24:28.0199 2512  umbus - ok
23:24:28.0215 2512  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:24:28.0262 2512  UmPass - ok
23:24:28.0293 2512  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:24:28.0324 2512  UmRdpService - ok
23:24:28.0402 2512  [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:24:28.0496 2512  UMVPFSrv - ok
23:24:28.0527 2512  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:24:28.0589 2512  upnphost - ok
23:24:28.0652 2512  [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
23:24:28.0698 2512  upperdev - ok
23:24:28.0730 2512  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:24:28.0761 2512  usbaudio - ok
23:24:28.0808 2512  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:24:28.0854 2512  usbccgp - ok
23:24:28.0886 2512  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:24:28.0932 2512  usbcir - ok
23:24:28.0979 2512  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:24:28.0995 2512  usbehci - ok
23:24:29.0042 2512  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:24:29.0073 2512  usbhub - ok
23:24:29.0120 2512  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:24:29.0151 2512  usbohci - ok
23:24:29.0182 2512  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:24:29.0198 2512  usbprint - ok
23:24:29.0229 2512  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:24:29.0276 2512  usbscan - ok
23:24:29.0369 2512  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
23:24:29.0416 2512  usbser - ok
23:24:29.0463 2512  [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
23:24:29.0494 2512  UsbserFilt - ok
23:24:29.0541 2512  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:24:29.0588 2512  USBSTOR - ok
23:24:29.0619 2512  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:24:29.0634 2512  usbuhci - ok
23:24:29.0697 2512  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:24:29.0728 2512  usbvideo - ok
23:24:29.0759 2512  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
23:24:29.0806 2512  UxSms - ok
23:24:29.0822 2512  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
23:24:29.0837 2512  VaultSvc - ok
23:24:29.0868 2512  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:24:29.0900 2512  vdrvroot - ok
23:24:29.0946 2512  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
23:24:30.0040 2512  vds - ok
23:24:30.0071 2512  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:24:30.0118 2512  vga - ok
23:24:30.0134 2512  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:24:30.0165 2512  VgaSave - ok
23:24:30.0212 2512  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:24:30.0243 2512  vhdmp - ok
23:24:30.0258 2512  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:24:30.0290 2512  viaagp - ok
23:24:30.0305 2512  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
23:24:30.0336 2512  ViaC7 - ok
23:24:30.0383 2512  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
23:24:30.0399 2512  viaide - ok
23:24:30.0430 2512  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:24:30.0461 2512  vmbus - ok
23:24:30.0477 2512  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:24:30.0492 2512  VMBusHID - ok
23:24:30.0508 2512  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:24:30.0539 2512  volmgr - ok
23:24:30.0570 2512  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:24:30.0602 2512  volmgrx - ok
23:24:30.0617 2512  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:24:30.0648 2512  volsnap - ok
23:24:30.0695 2512  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:24:30.0711 2512  vsmraid - ok
23:24:30.0789 2512  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
23:24:30.0898 2512  VSS - ok
23:24:30.0914 2512  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:24:30.0945 2512  vwifibus - ok
23:24:30.0992 2512  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
23:24:31.0054 2512  W32Time - ok
23:24:31.0085 2512  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:24:31.0116 2512  WacomPen - ok
23:24:31.0148 2512  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:24:31.0210 2512  WANARP - ok
23:24:31.0210 2512  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:24:31.0241 2512  Wanarpv6 - ok
23:24:31.0335 2512  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:24:31.0506 2512  WatAdminSvc - ok
23:24:31.0584 2512  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
23:24:31.0725 2512  wbengine - ok
23:24:31.0772 2512  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:24:31.0818 2512  WbioSrvc - ok
23:24:31.0865 2512  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:24:31.0912 2512  wcncsvc - ok
23:24:31.0943 2512  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:24:31.0990 2512  WcsPlugInService - ok
23:24:32.0021 2512  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:24:32.0052 2512  Wd - ok
23:24:32.0099 2512  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam.sys
23:24:32.0115 2512  WDC_SAM - ok
23:24:32.0208 2512  [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
23:24:32.0224 2512  WDDMService ( UnsignedFile.Multi.Generic ) - warning
23:24:32.0224 2512  WDDMService - detected UnsignedFile.Multi.Generic (1)
23:24:32.0286 2512  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:24:32.0349 2512  Wdf01000 - ok
23:24:32.0427 2512  [ B5966F1DFF6E20576F3C8C2D93D129FD ] WDFME           C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
23:24:32.0536 2512  WDFME ( UnsignedFile.Multi.Generic ) - warning
23:24:32.0536 2512  WDFME - detected UnsignedFile.Multi.Generic (1)
23:24:32.0583 2512  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:24:32.0645 2512  WdiServiceHost - ok
23:24:32.0661 2512  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:24:32.0676 2512  WdiSystemHost - ok
23:24:32.0754 2512  [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC            C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
23:24:32.0786 2512  WDSC ( UnsignedFile.Multi.Generic ) - warning
23:24:32.0786 2512  WDSC - detected UnsignedFile.Multi.Generic (1)
23:24:32.0832 2512  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
23:24:32.0879 2512  WebClient - ok
23:24:32.0926 2512  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:24:32.0957 2512  Wecsvc - ok
23:24:32.0988 2512  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:24:33.0020 2512  wercplsupport - ok
23:24:33.0066 2512  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:24:33.0113 2512  WerSvc - ok
23:24:33.0207 2512  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:24:33.0238 2512  WfpLwf - ok
23:24:33.0254 2512  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:24:33.0285 2512  WIMMount - ok
23:24:33.0347 2512  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:24:33.0425 2512  WinDefend - ok
23:24:33.0425 2512  WinHttpAutoProxySvc - ok
23:24:33.0488 2512  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:24:33.0534 2512  Winmgmt - ok
23:24:33.0612 2512  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
23:24:33.0737 2512  WinRM - ok
23:24:33.0800 2512  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:24:33.0831 2512  WinUsb - ok
23:24:33.0893 2512  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:24:33.0956 2512  Wlansvc - ok
23:24:34.0096 2512  [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:24:34.0190 2512  wlidsvc - ok
23:24:34.0221 2512  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:24:34.0236 2512  WmiAcpi - ok
23:24:34.0268 2512  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:24:34.0314 2512  wmiApSrv - ok
23:24:34.0439 2512  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:24:34.0580 2512  WMPNetworkSvc - ok
23:24:34.0611 2512  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:24:34.0673 2512  WPCSvc - ok
23:24:34.0720 2512  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:24:34.0767 2512  WPDBusEnum - ok
23:24:34.0798 2512  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:24:34.0845 2512  ws2ifsl - ok
23:24:34.0860 2512  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:24:34.0892 2512  wscsvc - ok
23:24:34.0907 2512  WSearch - ok
23:24:35.0016 2512  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:24:35.0126 2512  wuauserv - ok
23:24:35.0172 2512  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:24:35.0204 2512  WudfPf - ok
23:24:35.0235 2512  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:24:35.0282 2512  WUDFRd - ok
23:24:35.0344 2512  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:24:35.0375 2512  wudfsvc - ok
23:24:35.0406 2512  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:24:35.0453 2512  WwanSvc - ok
23:24:35.0500 2512  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7         C:\Windows\system32\DRIVERS\yk62x86.sys
23:24:35.0531 2512  yukonw7 - ok
23:24:35.0547 2512  ================ Scan global ===============================
23:24:35.0594 2512  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:24:35.0640 2512  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
23:24:35.0672 2512  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
23:24:35.0703 2512  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:24:35.0734 2512  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:24:35.0734 2512  [Global] - ok
23:24:35.0734 2512  ================ Scan MBR ==================================
23:24:35.0750 2512  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:24:36.0046 2512  \Device\Harddisk0\DR0 - ok
23:24:36.0046 2512  ================ Scan VBR ==================================
23:24:36.0046 2512  [ CF50D8741F6A1C1153E2A3A8361ABFFB ] \Device\Harddisk0\DR0\Partition1
23:24:36.0062 2512  \Device\Harddisk0\DR0\Partition1 - ok
23:24:36.0077 2512  [ 978089A538A9D24D24480596562E436D ] \Device\Harddisk0\DR0\Partition2
23:24:36.0077 2512  \Device\Harddisk0\DR0\Partition2 - ok
23:24:36.0108 2512  [ 114DB6AD546814EAA0415D8E5C01F52B ] \Device\Harddisk0\DR0\Partition3
23:24:36.0108 2512  \Device\Harddisk0\DR0\Partition3 - ok
23:24:36.0108 2512  ============================================================
23:24:36.0108 2512  Scan finished
23:24:36.0108 2512  ============================================================
23:24:36.0124 2728  Detected object count: 10
23:24:36.0124 2728  Actual detected object count: 10
23:25:09.0290 2728  Afc ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0290 2728  Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0290 2728  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0290 2728  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0305 2728  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0305 2728  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0305 2728  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0305 2728  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0305 2728  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0305 2728  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0321 2728  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0321 2728  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0321 2728  WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0321 2728  WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:25:09.0321 2728  WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:09.0321 2728  WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:26:40.0482 2288  Deinitialize success
         
Vielen Dank schon einmal im Voraus für die weitere Hilfe!
Viele Grüße
RK
__________________

Alt 19.03.2013, 11:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2013, 09:43   #5
RKxxx
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Hallo cosinus,

danke für die weiteren Anweisungen und Tipps:

1) JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Professional x86
Ran by RK on 19.03.2013 at 18:57:09,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\rewardsarcade.fbapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\rewardsarcade.fbapi.1



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\searchplugins\askcom.xml
Emptied folder: C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\minidumps [567 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 19:00:54,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
2) adwCleaner

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 19/03/2013 um 19:04:51 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : RK - ROBERT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\RK\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\RK\AppData\Local\Temp\AskSearch

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\RK\AppData\Roaming\Mozilla\Firefox\Profiles\ukmzecrj.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\RK\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1273 octets] - [19/03/2013 19:04:51]

########## EOF - C:\AdwCleaner[S1].txt - [1333 octets] ##########
         
--- --- ---


3) OTL
Hier habe ich nach der verlinkten Anleitung "LOP Prüfung" und "Purity Prüfung" aktiviert, auch wenn Du das nicht explizit erwähnt hast. Ich hoffe das war richtig.

OTL-Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.03.2013 19:10:54 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RK\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,63% Memory free
3,98 Gb Paging File | 3,03 Gb Available in Paging File | 76,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,00 Gb Total Space | 1,08 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
Drive D: | 46,69 Gb Total Space | 2,77 Gb Free Space | 5,94% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\RK\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WDFME) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (smsbda) -- C:\Windows\System32\drivers\smsbda.sys (Siano)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\RK\Desktop
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 7E A8 0C E2 C3 CC 01  [binary data]
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes\{553852A3-665D-47A0-8DB6-15C1A116880D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\..\SearchScopes\{E84F4033-D7CD-486E-A589-8AA5CCAAAF7F}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6
FF - prefs.js..extensions.enabledAddons: %7Bdaf44bf7-a45e-4450-979c-91cf07434c3d%7D:1.5.8
FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.12.02 20:51:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M]
 
[2012.09.18 11:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Extensions
[2013.03.03 17:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions
[2013.03.03 17:49:47 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions\donottrackplus@abine.com
[2012.11.19 13:34:20 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\nosquint@urandom.ca.xpi
[2013.02.04 15:53:08 | 000,023,709 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi
[2013.02.21 17:01:15 | 000,115,869 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2013.03.03 17:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.10.18 10:22:04 | 000,115,263 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi
[2013.02.12 06:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2013.03.08 14:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.02 20:51:52 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2013.03.08 14:02:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362648753484 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DCC2B62-5BFD-4AFA-825A-6D910F509E47}: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2D7BDB-400D-48E6-8345-874DFFA9A04D}: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell - "" = AutoRun
O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell - "" = AutoRun
O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 18:57:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.19 18:56:35 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.19 18:22:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe
[2013.03.19 18:17:23 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\RK\Desktop\JRT.exe
[2013.03.19 12:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden
[2013.03.19 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Duden
[2013.03.19 12:59:14 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Roaming\Duden
[2013.03.19 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Duden
[2013.03.14 09:30:56 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.14 09:30:56 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.14 09:30:55 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 09:30:55 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 09:30:55 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.14 09:30:55 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 09:30:55 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 09:30:55 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.14 09:30:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.14 09:30:55 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.14 09:30:55 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.14 09:30:55 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.14 09:30:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.14 09:30:55 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.14 09:30:55 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 09:30:55 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.14 09:30:55 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.14 09:30:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.14 09:30:55 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.14 09:30:55 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.14 09:30:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.14 09:30:55 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.14 09:30:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.14 09:30:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.14 09:30:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 09:30:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.14 09:30:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.14 09:30:54 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.14 09:30:54 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.14 09:30:54 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.14 09:30:54 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.14 09:30:54 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 09:30:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.14 09:30:54 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.14 09:30:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.14 09:30:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.14 09:27:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.12 23:15:28 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2013.03.09 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Roaming\Malwarebytes
[2013.03.09 18:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.09 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.09 18:25:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.09 18:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.08 23:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.08 14:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.03.07 10:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013.03.06 10:55:03 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.06 10:54:46 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.06 10:54:46 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.06 10:54:46 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.06 10:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.05 15:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.27 13:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2013.02.27 13:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013.02.27 13:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.02.27 13:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.02.27 13:20:01 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.27 13:19:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.27 13:19:47 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 13:19:47 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 13:19:47 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 13:19:44 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.27 13:19:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 13:19:43 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 13:19:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 13:19:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 13:19:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 13:19:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 13:19:42 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.27 13:19:41 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.27 13:19:41 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.27 13:19:41 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.27 13:19:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.27 13:19:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.27 13:19:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.27 13:19:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.27 13:19:40 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.27 13:19:40 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.27 13:19:40 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.27 13:19:40 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.27 13:19:39 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.26 14:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 19:14:33 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 19:14:33 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 19:07:36 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.19 19:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 19:06:22 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 18:29:21 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.19 18:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe
[2013.03.19 18:22:27 | 000,562,474 | ---- | M] () -- C:\Users\RK\Desktop\OTL - OTLogfile by Oldtimer - Trojaner-Board.pdf
[2013.03.19 18:18:59 | 000,609,993 | ---- | M] () -- C:\Users\RK\Desktop\adwcleaner.exe
[2013.03.19 18:17:57 | 000,039,838 | ---- | M] () -- C:\Users\RK\Desktop\Tools 3.pdf
[2013.03.19 18:17:33 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\RK\Desktop\JRT.exe
[2013.03.14 17:18:24 | 000,000,000 | ---- | M] () -- C:\Users\RK\defogger_reenable
[2013.03.14 14:30:07 | 001,149,657 | ---- | M] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf
[2013.03.14 09:30:56 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.03.14 09:30:56 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.03.14 09:30:55 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 09:30:55 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 09:30:55 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.03.14 09:30:55 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 09:30:55 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 09:30:55 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.03.14 09:30:55 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.03.14 09:30:55 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.03.14 09:30:55 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.03.14 09:30:55 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.03.14 09:30:55 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.03.14 09:30:55 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.03.14 09:30:55 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 09:30:55 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.03.14 09:30:55 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.03.14 09:30:55 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.03.14 09:30:55 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.03.14 09:30:55 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.03.14 09:30:55 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.03.14 09:30:55 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.03.14 09:30:55 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.03.14 09:30:55 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.03.14 09:30:55 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 09:30:55 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.03.14 09:30:55 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.03.14 09:30:54 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.14 09:30:54 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.03.14 09:30:54 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.03.14 09:30:54 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.03.14 09:30:54 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 09:30:54 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.03.14 09:30:54 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.03.14 09:30:54 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.03.14 09:30:54 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.14 09:30:54 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.03.14 08:26:54 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.14 08:26:54 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.14 08:26:54 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.14 08:26:54 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.12 23:15:28 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2013.03.06 10:54:31 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.03.06 10:54:31 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.06 10:54:31 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.03.06 10:54:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.03.06 10:54:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.03.06 10:54:31 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.03.05 18:40:52 | 000,572,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.27 15:59:38 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.27 15:59:38 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.27 15:55:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.19 18:21:53 | 000,562,474 | ---- | C] () -- C:\Users\RK\Desktop\OTL - OTLogfile by Oldtimer - Trojaner-Board.pdf
[2013.03.19 18:18:50 | 000,609,993 | ---- | C] () -- C:\Users\RK\Desktop\adwcleaner.exe
[2013.03.19 18:17:57 | 000,039,838 | ---- | C] () -- C:\Users\RK\Desktop\Tools 3.pdf
[2013.03.14 17:18:24 | 000,000,000 | ---- | C] () -- C:\Users\RK\defogger_reenable
[2013.03.14 14:30:04 | 001,149,657 | ---- | C] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf
[2013.03.14 09:30:54 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.12.03 18:13:33 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini
[2012.08.24 15:49:07 | 000,000,351 | ---- | C] () -- C:\Users\RK\Spiele - Verknüpfung.lnk
[2012.08.19 23:35:19 | 000,007,168 | ---- | C] () -- C:\Users\RK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.03 17:11:54 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.05.01 09:04:19 | 000,004,096 | -H-- | C] () -- C:\Users\RK\AppData\Local\keyfile3.drm
[2012.04.22 21:06:23 | 000,017,408 | ---- | C] () -- C:\Users\RK\AppData\Local\WebpageIcons.db
[2012.04.16 17:33:31 | 000,000,173 | ---- | C] () -- C:\Users\RK\AppData\Local\msmathematics.qat.RK
[2012.04.05 15:49:54 | 000,180,008 | ---- | C] () -- C:\Windows\SETUP1.EXE
[2012.03.02 17:20:08 | 000,007,600 | ---- | C] () -- C:\Users\RK\AppData\Local\Resmon.ResmonCfg
[2012.01.08 22:13:51 | 000,245,528 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.01.08 22:13:51 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.29 11:18:44 | 000,125,426 | ---- | C] () -- C:\Windows\cgmxp32.ini
[2011.12.28 16:20:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.28 16:14:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.12.28 16:14:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.12.26 18:55:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.19 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Duden
[2012.01.26 23:49:11 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\DVDVideoSoft
[2013.01.15 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\FileZilla
[2012.01.09 11:32:33 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Leadertech
[2012.08.19 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia
[2012.08.19 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia Suite
[2012.09.18 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Opera
[2012.02.28 10:10:10 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\PC Suite
[2013.02.13 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Swiss Academic Software
[2012.01.11 17:01:46 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Sync App Settings
[2013.03.17 20:56:18 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\temp
[2012.02.01 08:42:27 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Trillian
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras-Log:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.03.2013 19:10:54 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RK\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,63% Memory free
3,98 Gb Paging File | 3,03 Gb Available in Paging File | 76,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,00 Gb Total Space | 1,08 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
Drive D: | 46,69 Gb Total Space | 2,77 Gb Free Space | 5,94% Space Free | Partition Type: NTFS
 
Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0079B8EF-A4E2-4862-96F4-F29C00490744}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\set.exe | 
"{0273A601-5074-4EA1-A0EB-CB93792189AB}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideocameraautoplaymanager.exe | 
"{034EADA1-C349-48C3-ABD3-7140A2591315}" = dir=out | app=%programfiles%\google\update\download\{430fd4d0-b729-4f61-aa34-91526481799d}\1.3.21.115\googleupdatesetup.exe | 
"{037B8C48-3A7A-4C0A-AE0A-3E699D7711FD}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe | 
"{043A57E5-78E6-4BF2-8085-2F06265D1790}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe | 
"{04CA5362-B4F9-44C6-9B65-FD62DD091BB1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe | 
"{04CD64A7-28FA-48FB-B71D-90DFBA406298}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_inst.exe | 
"{0546E6A3-D209-407C-A1C6-C5C4ED862E18}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\itype.exe | 
"{05D2FCD1-8442-4FBF-A855-E733040B5633}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe | 
"{073181B5-E6C9-4847-8803-10506DAD49D3}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousinfo.exe | 
"{0A1E443B-D8FA-4BDF-A018-AB86C878BD0E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\touchmousepractice.exe | 
"{0AFA7149-7067-409B-A04A-9A10419BF2EE}" = dir=out | app=%programfiles%\sigmatel\c-major audio\setup.exe | 
"{0C665A56-4AA6-424A-86C5-FF744C8AAC8C}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe | 
"{0CDE49E1-A8C4-4144-BAB1-799BEF0BFB7A}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe | 
"{0EE57F5F-37D7-4E2B-9226-6C86BDA8EA5D}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe | 
"{0F951987-3A50-4662-BA89-8F8847A8BC16}" = dir=out | app=%programfiles%\common files\hewlett-packard\scanjet\bin\hpsjrreg.exe | 
"{10189993-0D07-41E0-9B11-FDC4C745D910}" = dir=out | app=%programfiles%\hp\hp software update\hpwucli.exe | 
"{1097A53B-C01F-459D-BF4D-B2381988DEC9}" = dir=out | app=%programfiles%\common files\nokia\mpapi\mpapi3s.exe | 
"{110B43CC-925E-4A75-99F7-3CE212A1BCD7}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32c.exe | 
"{1110A76C-09F4-4735-9BD9-71EDF40365A5}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe | 
"{14599659-A902-43A2-A23D-8AF8060B7FC0}" = dir=out | app=%programfiles%\microsoft games\freecell\freecell.exe | 
"{15184DF7-4C4D-4416-8A3F-40077CC5DD56}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzrcv01.exe | 
"{1862159F-C8FF-4B1E-8A22-E92E6713D148}" = dir=out | app=%programfiles%\paint.net\pdnrepair.exe | 
"{1C733848-A55B-404F-82BD-C22128465777}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\sweb.exe | 
"{1D2B556E-E6ED-44DE-A4DD-41E31752D590}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbupdatechecker.exe | 
"{1FBE7388-1878-484D-ACF2-78508BB3F9A0}" = dir=out | app=%programfiles%\windows media player\wmpshare.exe | 
"{2410FF93-CCF2-479F-BF5B-C036744AE0C9}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\ipoint.exe | 
"{27E946EE-CFA0-45EC-9565-931544EB4466}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxalbumdownloadwizard.exe | 
"{28B907FB-3D2B-46C3-99D2-649AB4042D17}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\updchecker.exe | 
"{28E414B8-7477-4B11-ADC9-21381958E2E7}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxquicktimecontrolhost.exe | 
"{2B383911-75DE-4125-A3C0-8B379898D560}" = dir=out | app=%programfiles%\windows media player\wmpsideshowgadget.exe | 
"{2C8AB345-5908-446B-AB33-5D54E1C11048}" = dir=out | app=%programfiles%\windows media player\wmpdmc.exe | 
"{2CC348DD-18A9-49EA-BD62-2AA1E251DEA8}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxtranscode.exe | 
"{2D2C77D7-8ADD-40A5-9DF0-1DA9C284222B}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\fifa 09_code.exe | 
"{2DE75529-7D14-4B2E-8FC4-0930D74EE96F}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponentssilent.exe | 
"{2E31EB50-99E9-46DB-A1F7-AEDFA68BBDCC}" = dir=out | app=%programfiles%\microsoft games\solitaire\solitaire.exe | 
"{2F53687F-F82F-4B2C-87A9-810DA94DD1DB}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\set.exe | 
"{32FB258C-19D5-4681-93CE-23499C653910}" = dir=out | app=%programfiles%\allway sync\bin\syncappw.exe | 
"{33369236-BED9-4683-AC43-9E15D881AA5E}" = dir=out | app=%programfiles%\logitech\ereg\ereg.exe | 
"{333F2ED6-A086-4203-8E6C-05A1C9EA845E}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotoacquirewizard.exe | 
"{33586279-F8DF-4554-99B5-D84007358C58}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe | 
"{394343B5-7993-4AE3-AB4C-07A652163D0F}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideoacquirewizard.exe | 
"{3ADADFC8-3AE0-4DE1-B902-E31AD5734E6E}" = dir=out | app=%programfiles%\windows media player\wmprph.exe | 
"{3C590437-E664-4DE9-BACD-7D3962D63FA3}" = dir=out | app=%programfiles%\windows live\contacts\wlcomm.exe | 
"{3D4C55AE-B41E-4578-B6A6-A48F03D246F5}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzpnp01.exe | 
"{3D9C77C5-5332-4F61-8AF9-95D2E66ECDC4}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32.exe | 
"{3DDB5EC0-DC3A-4D37-A41F-9064D1C983DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe | 
"{3E9EB27E-4CD0-40B2-9F47-A2CD608F13B2}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogallery.exe | 
"{3EFA3DBC-F26B-457C-9195-9D8F32011A5E}" = dir=out | app=%programfiles%\activision\thps2\thps2setup.exe | 
"{3FC91082-6B2A-4A64-86AE-D637ED9FDCFB}" = dir=out | app=%programfiles%\microsoft mathematics\mathapp.exe | 
"{414357ED-8F80-4CE2-8687-D13E471B5091}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxcodechost.exe | 
"{4C2121E2-DE58-4329-BBDB-FE41F19D20FE}" = dir=out | app=%programfiles%\windows live\installer\wlarp.exe | 
"{4CE7E69C-34B2-4F5A-9B72-A4038A03A91F}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\btwizard.exe | 
"{536928D9-3BB2-4A10-808D-58581864DE3F}" = dir=out | app=%programfiles%\winamp\uninstwa.exe | 
"{53B8D633-64CE-4F69-803D-E37BD68B7701}" = dir=out | app=%programfiles%\windows media player\wmpenc.exe | 
"{540EBCEF-956D-4256-A6F1-4374636DC748}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe | 
"{55C08F72-E253-4965-96DD-CE471DB3DF20}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\agcp.exe | 
"{56051BF7-7162-40B3-B87B-4AEEBE06F793}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe | 
"{56680FC8-EF51-421A-B42E-DCD8C094768D}" = dir=out | app=%programfiles%\windows media player\wmlaunch.exe | 
"{5908627A-93CD-4CCE-975C-09FB5BA38CFC}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\!isrs1.exe | 
"{5913C5C3-3646-42B6-9F49-27A0BD6AC277}" = dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{59F05DB9-8B87-45AD-9741-B044A81F4594}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C30B6CF-6C43-4956-A6CE-4E8BC0076E7D}" = dir=out | app=%programfiles%\google\update\download\{eeaab3af-8e11-491f-be19-5fb80c829945}\googleupdatesetup.exe | 
"{5EE0DA65-1EFA-45D4-99F9-5BCCA689CE85}" = dir=out | app=%programfiles%\logitech\lws\webcam software\lws.exe | 
"{5F619AE8-02B7-46DF-B467-47FB44250A8E}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzmsi01.exe | 
"{60752969-11C3-4D66-930C-D93F60C89695}" = dir=out | app=%programfiles%\microsoft mathematics\conversiontool.exe | 
"{6158158D-B770-4587-AE4C-3E72D5BC8613}" = dir=out | app=%programfiles%\windows live\installer\wlstartup.exe | 
"{644F8532-F9F7-4E91-B243-7C85E25EDB37}" = dir=out | app=%programfiles%\windows live\installer\langselector.exe | 
"{64925DB3-5082-4415-889F-9714C9A44616}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\directx\dxsetup.exe | 
"{65BE358A-F1E6-4A83-9074-9737997C6640}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_uninst.exe | 
"{66097F35-AC8F-4BB1-B3DF-D398BEBB50C4}" = dir=out | app=%programfiles%\windows live\installer\wlsettings.exe | 
"{665BA24B-9178-4ECE-81B0-6C996A8AB8C1}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tvpi.exe | 
"{684E9CE2-37DC-4452-8E7E-5539A061C227}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\agcp.exe | 
"{6AB8E713-8E3B-48C4-B5F9-8283C749F807}" = dir=out | app=%programfiles%\google\update\googleupdate.exe | 
"{6F307793-BEC9-420A-B88E-46F710489567}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst32.exe | 
"{71CD78B6-AC38-485F-8A29-F52E95D6C1BE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe | 
"{7205C0E1-DB31-403C-8FD6-19791D7A0D3F}" = dir=out | app=%programfiles%\logitech\lws\webcam software\camerahelpershell.exe | 
"{7482FEE6-EF09-4BC1-9EB2-449D08887B48}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\coregen.exe | 
"{76F7A2F2-7A05-4AE3-B658-486ABDB6C878}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe | 
"{774DDA47-C338-4D23-A201-941EC7084CE0}" = dir=out | app=%programfiles%\common files\borland shared\bde\bdeadmin.exe | 
"{7894F630-FAB1-4BCA-9B5B-6DE3376B6924}" = dir=out | app=%programfiles%\paint.net\updatemonitor.exe | 
"{7939DCB3-9E02-448A-B3BF-55E9016D9099}" = dir=out | app=%programfiles%\logitech\lws\webcam software\launcher_main.exe | 
"{7B552D93-3E67-4F09-BC8A-E51FEFFE863B}" = dir=out | app=%programfiles%\microsoft games\mahjong\mahjong.exe | 
"{7B9D42DB-4ADB-4759-AC1E-C8345135B7EE}" = dir=out | app=%programfiles%\common files\logishrd\wuapp32.exe | 
"{7C9CA0E4-BF2A-49BF-BDD8-5FD180140529}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe | 
"{7CAB45A9-B07D-4577-BE47-B27FD48F92A7}" = dir=out | app=%programfiles%\logitech\lws\webcam software\motiondetection.exe | 
"{7E33C7F2-D8A7-4A93-BEAA-5A25D50095B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe | 
"{7F88B92B-342E-4B73-97F1-02D010A38F95}" = dir=out | app=%programfiles%\rainlendar2\rainlendar2.exe | 
"{826BC003-D6A3-4D96-B92C-596A9479D212}" = dir=out | app=%programfiles%\paint.net\setupngen.exe | 
"{82A1E441-9567-4857-833C-70B5EFA75301}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\silverlight.configuration.exe | 
"{840467FE-789E-40E4-94E1-51DB3EECD0BC}" = dir=out | app=%programfiles%\ea sports\fifa 09\fifa09.exe | 
"{842C5A14-6376-46DE-926D-3D15ECA48A87}" = dir=out | app=%programfiles%\hp\digital imaging\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup.exe | 
"{8583CCCF-939F-4584-979C-B3049987E06C}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponents.exe | 
"{861F0389-B226-422A-B3BA-1DCBD1D1B255}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unopkg.exe | 
"{88C4E078-8825-40D7-8675-BF9F2E1B8EF9}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\smath.exe | 
"{89CD7F1A-38F8-48CC-8FF2-B71590B56239}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe | 
"{8CC2A0F0-F5F8-4B6F-8B35-F20F1BEE0CA9}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\earegister.exe | 
"{8CFD21C5-CC02-4ADA-A752-29DA758E7DEB}" = dir=out | app=%programfiles%\microsoft games\hearts\hearts.exe | 
"{8EA5AFC0-17C4-49D8-8473-857871392636}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe | 
"{92543C76-1252-4DAC-B7AA-54E47CC31F63}" = dir=out | app=%programfiles%\microsoft games\spidersolitaire\spidersolitaire.exe | 
"{9486A45A-C8AF-4ACB-9B5A-5B39CD7555FB}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebasegui.exe | 
"{95ED97C4-735D-4969-9ABF-DA4484F56834}" = dir=out | app=%programfiles%\common files\dvdvideosoft\freestudiomanager.exe | 
"{978C1F79-CC11-4D1E-90EC-47670A6DE634}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\eadm\eadm-installer.exe | 
"{9DB418D7-6A03-4A8B-8E11-48D582733978}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\xmas05.exe | 
"{9E53457C-8AEB-4D28-B9D3-82FAB2A02546}" = dir=out | app=%programfiles%\logitech\lws\video mask maker\videomaskmaker.exe | 
"{9F8EEFF6-A27F-49B3-B6E0-4255D98CEFEA}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mskey.exe | 
"{A0705658-781B-40B8-A505-39D0D178A47E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\setup.exe | 
"{A30516E7-B2FD-4737-8FF4-F0F968E2CF61}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A33FC3D3-BDB1-4194-A4CE-767CB0CD28B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe | 
"{A50B5113-B9B5-4FAB-85F5-75F80D7045B0}" = dir=out | app=%programfiles%\microsoft mathematics\triangletool.exe | 
"{A5F9C162-A7F6-4B52-9DB0-1D67AB074EB2}" = dir=out | app=%programfiles%\audiograbber\lame.exe | 
"{A75A25C1-2824-4697-94BE-E42E3ABCC6A8}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmservice.exe | 
"{A7A1526E-131C-4D35-A486-DE71444674DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe | 
"{A8069ED4-B198-4382-BE3F-1DA5D5921C42}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe | 
"{A98ECF79-D641-4C26-9F8B-EEFA520F59CA}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\unins000.exe | 
"{A9DC367D-DFBD-4686-A51E-2935D027C795}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\kte.exe | 
"{AAADD2EB-785C-4C13-8FA5-6CB1A0CDC692}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\python.exe | 
"{AB5B109B-9EF3-47B3-A44B-922B5CDCCBA6}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzscr01.exe | 
"{AE337DB1-7B54-4B7B-8AF6-9D6DBDC5553B}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\edmanager09.exe | 
"{B18B0D2D-5219-45CA-B64D-73F01E7227CA}" = dir=out | app=%programfiles%\windows media player\setup_wm.exe | 
"{B1D5416B-AEDB-4C9A-9D2B-7EB4061AADD7}" = dir=out | app=%programfiles%\winamp\winamp.exe | 
"{B2F4443A-BA33-43C5-9697-300C1545A68B}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\isrs1.exe | 
"{B35D0E49-F205-4AF1-B54F-7547368DFDFD}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\silverlight.configuration.exe | 
"{B419DD5D-ECF7-4696-85E7-B8A08AE94945}" = dir=out | app=%programfiles%\windows media player\wmpconfig.exe | 
"{B43EE9AE-8E3D-4883-9D0D-339476B2312F}" = dir=out | app=%programfiles%\microsoft games\minesweeper\minesweeper.exe | 
"{B621870B-E97F-4B00-AB49-65BA256329A5}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\adrlist.exe | 
"{B752FEFA-7470-4A6B-876E-4F4E40B05FC3}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tmmonitor.exe | 
"{B9637847-0009-40FD-BFA9-3D14B26780CB}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmstatus.exe | 
"{BA4D3944-83F7-4563-A842-371EC8811308}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe | 
"{BB9C3583-AE3A-447C-9901-88EE6708F236}" = dir=out | app=%programfiles%\motogp\motogp.exe | 
"{BBA76351-3959-4EBD-BF08-773D92539526}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unoinfo.exe | 
"{BDB1136C-D200-4FBA-AA90-908C2289594A}" = dir=out | app=%programfiles%\videolan\vlc\vlc.exe | 
"{BE8D3ABA-C74B-402A-BDDF-627268FFB7CB}" = dir=out | app=%programfiles%\ml\englisch\englisch.exe | 
"{C12ED538-6440-4315-99C6-DC6D8F02822B}" = dir=out | app=%programfiles%\microsoft games\purble place\purbleplace.exe | 
"{C341059B-172B-42CC-BCBB-4608E09251B9}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\totalmedia.exe | 
"{C57031BE-06BC-4573-8092-B64F450243E1}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe | 
"{C585C3F7-4A21-4179-989D-282E6EB0F2AF}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogalleryrepair.exe | 
"{C58F63C5-2E98-40A3-88A8-41140C67840E}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\eauninstall.exe | 
"{C59C3094-246A-4315-984F-6EE216516178}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe | 
"{C85DD59E-BDA1-4D50-97FB-9C84DC254B66}" = dir=out | app=%programfiles%\windows live\photo gallery\moviemaker.exe | 
"{C9A830FA-D5D4-4309-9533-615784E70F19}" = dir=out | app=%programfiles%\activision\thps2\thawk2.exe | 
"{CD511695-B3E9-4EC3-83D2-82D8520D8898}" = dir=out | app=%programfiles%\winamp\winamp.exe | 
"{CE905723-5A37-4F9C-B914-1622EAFF2653}" = dir=out | app=%programfiles%\dvd maker\dvdmaker.exe | 
"{CEA3EB6D-DA03-47C0-B65C-874A449F6657}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe | 
"{D4D1FC55-C095-4E31-A9F6-36EDE4BAE514}" = dir=out | app=%programfiles%\microsoft mathematics\mathset.exe | 
"{D6DF2EF7-6701-4CCF-BAB5-984A78C1CBD2}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebaseoo.exe | 
"{D86185A4-27A2-42C0-949F-AF1584B82F43}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe | 
"{DF74A2A2-36E3-4212-AB9B-2E969E14FAF7}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzstub.exe | 
"{E02F8F20-486A-4485-846D-C2BE8C0A3FE8}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe | 
"{E0FB6FE3-88C4-4181-B595-CEA7AD9684A8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{E2871BA3-E8B1-4152-AD65-86193DAD5F70}" = dir=out | app=%programfiles%\audiograbber\audiograbber.exe | 
"{E45626BE-6909-43D5-AFE7-3E1198874033}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\manager09.exe | 
"{E654EFE8-D247-45BD-9F2A-B2B07C579979}" = dir=out | app=%programfiles%\paint.net\paintdotnet.exe | 
"{E7786615-0B9D-4EF2-80A4-5F764E541F3A}" = dir=out | app=c:\program files\windows media player | 
"{E7FE04B3-EFC3-4789-99DB-B82FDE5E27C6}" = dir=out | app=%programfiles%\freepdf_xp\freepdf.exe | 
"{E9D3D17A-AC28-4047-9038-55E28B5AE28F}" = dir=out | app=%programfiles%\protectdisc driver installer\uninstall_v10.exe | 
"{EACEDC3E-A669-49CC-843F-B6A38175DB8F}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbstart.exe | 
"{EB0B22FA-169D-4892-B687-6910C8F6A853}" = dir=out | app=%programfiles%\microsoft games\chess\chess.exe | 
"{EC2836AB-0BA8-4D49-BEC9-F44CEB2E7BAC}" = dir=out | app=%programfiles%\microsoft silverlight\sllauncher.exe | 
"{F051501F-952C-43BA-8572-E2050A1DC6F4}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\soffice.exe | 
"{F0F1D133-763F-4ACB-944D-AA45DE994F9E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe | 
"{F33C87A1-017E-4AC1-871E-8616BDABC6E2}" = dir=out | app=%programfiles%\winamp\elevator.exe | 
"{F348BD7D-88BB-4A8F-9E18-36C751B4290F}" = dir=out | app=%programfiles%\tv ir\tv ir.exe | 
"{F81631AF-6C58-4862-8296-191EAE156646}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst.exe | 
"{FB7B74AD-70C9-4B61-B553-A2037D609BFD}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\jpg2pdf.exe | 
"{FC87C50B-7DBB-4E01-AC4F-51069C090792}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\coregen.exe | 
"{FD2C9A1A-F4B8-45DC-8D21-6493C4C8B208}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousekeyboardcenter.exe | 
"{FD4A40BC-739A-4D50-B462-BD10D2A4067E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe | 
"{FD73DA9A-3DF9-4E7F-A2CE-A172885B0DEC}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\!kte.exe | 
"{FE7EEA89-DDCC-44E1-890C-1D38DECAE1F2}" = dir=out | app=%programfiles%\paint.net\wiaproxy32.exe | 
"{FFFA4A84-1142-47B0-8E30-776E34240446}" = dir=out | app=%programfiles%\hp\hp software update\hpwuschd2.exe | 
"TCP Query User{36E2BCBB-4AB4-455D-BC6E-E6626F03B7EB}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{50311390-6BF5-4351-A028-59AD01948D14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{CC40E7FE-AE68-4529-A2DE-E35E61885611}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"TCP Query User{FF98523B-F2D5-4351-9BFB-54A2043AEF5E}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"UDP Query User{0017E05A-4333-4407-8566-4E976F48465A}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{0655DFA6-6095-48F1-8A4F-9BCC0F5D25C9}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
"UDP Query User{41D3BBE5-9B5A-4431-BF74-0DF8DE67B6B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{480DDFD5-2EB1-43F4-BEA8-49487A321A9B}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B697B70-5A3D-4E9A-959F-E3AD8ADC652D}" = Duden-Rechtschreibprüfung 30-Tage-Testversion
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft-Maus- und Tastatur-Center
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1FD1627-2EAF-48CB-A333-42D39BCB096D}" = TV IR
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7B205927ED4CE1D9763ED45C77FBF03B695208C0" = Windows-Treiberpaket - Ricoh R5U870 (UVC)  (02/28/2007 6.1008.207.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 9.4.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.6
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"ISRS1_16_689518" = Interaktive Sprachreise - Sprachkurs 1 Español
"KTE_16_689498" = Interaktive Sprachreise - Kommunikationstrainer English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"MotoGP_is1" = MotoGP
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiLingua Vokabeltrainer Englisch" = MultiLingua Vokabeltrainer Englisch
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PaperCut NG Client_is1" = PaperCut NG Client 10.7
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1359478748-2525356977-761289883-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 17.02.2012 19:35:08 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 714
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2012 12:41:31 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 237
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.12.2012 20:00:44 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57352
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 27.12.2012 10:00:30 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4519
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.03.2013 14:01:34 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 19.03.2013 14:01:34 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 19.03.2013 14:01:34 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 19.03.2013 14:04:10 | Computer Name = Robert-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---


Vielen Dank für die weitere Hilfe.
RK


Alt 20.03.2013, 12:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Zitat:
OS: Windows 7 Professional x86
Hm, das fällt mir jetzt erst auf...

Warum bitte eine Professional-Edition für Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________
--> PUP.RewardsArcade in Registrierungsschluessel

Alt 20.03.2013, 12:58   #7
RKxxx
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Hey,

, das ist kein gewerblich genutzter PC. Oder hast Du bei "Professionell" mehr sicherheitsspezifische Bedenken als bei "Home"?
Fast alle Uni's haben eine Kooperation mit Microsoft, das läuft über MSDNAA. Dort darf man als Student die Softwareversionen für seinen Home-PC nutzen. Dort habe ich auch diese Version von Windows 7 erhalten, eine Andere stand gar nicht zur Verfügung. Bin auch, solange ich Student bin, mit der Version zufrieden.

Grüße
RK

Alt 20.03.2013, 13:38   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Zitat:
das ist kein gewerblich genutzter PC.
Da ich das aber nicht weiß muss ich das fragen
Denn wir haben besondere Regeln und müssen besondere Hinweise posten falls es denn ein gewerblich genutzter Rechner ist, deswegen frag ich lieber einmal zuviel als zuwenig


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2013, 14:02   #9
RKxxx
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Hey,

Zitat:
Zitat von cosinus Beitrag anzeigen
Da ich das aber nicht weiß muss ich das fragen
Denn wir haben besondere Regeln und müssen besondere Hinweise posten falls es denn ein gewerblich genutzter Rechner ist, deswegen frag ich lieber einmal zuviel als zuwenig
Weiß ich doch, das steht ja auch explizit in den Regeln. Deswegen musste ich schmunzeln

Da ich gleich den Quickscan mit Malwarebytes machen soll und ich dem Zuge die Anleitung noch einmal gelesen habe: Dort steht beschrieben, dass alle Funde auch aus der Quarantäne gelöscht werden sollen. Demzufolge kann/soll ich die Funde aus meinem ersten Scan löschen.
Zitat:
Zitat von RKxxx Beitrag anzeigen
Bevor ich die Logs poste, wollte ich noch einmal nachfragen, was ich mit den in Quarantäne verschobenen infizierten Registrierungsschluessel im Programm " Malwarebytes Anti-Malware " machen soll. Kann ich die aus der Quarantäne löschen?
Korrekt?!

Danke für die überaus schnellen Antworten und Hilfen.
RK

Alt 20.03.2013, 14:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Was habt ihr alle immer nur mit der Quarantäne?
Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2013, 09:15   #11
RKxxx
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Na denn,

sind "wir" ja alle schlauer.
Die Scans sehen gut aus, oder!?

1) Quickscan mit Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.20.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
RK :: ROBERT-PC [Administrator]

20.03.2013 23:02:21
mbam-log-2013-03-20 (23-02-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 202339
Laufzeit: 8 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Auch ESET hat nix gefunden:
2) ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=746712ee20c6a944b75af0bd50de63fc
# engine=13441
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-21 12:44:04
# local_time=2013-03-21 01:44:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 21259 229246334 14021 0
# compatibility_mode=5893 16776573 100 94 142532 115457835 0 0
# scanned=266153
# found=0
# cleaned=0
# scan_time=8769
         
Viele Grüße
RK

Alt 21.03.2013, 09:47   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2013, 11:12   #13
RKxxx
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Zitat:
Zitat von cosinus Beitrag anzeigen
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.
Genau die Einstellungen habe ich schon seit Längerem, habe auch keine Ahnung wie ich mir die Viren/Trojaner einfangen konnte (glaube schon länger her).

Zitat:
Zitat von cosinus Beitrag anzeigen
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
Ich weiß nicht, ob Du dazu überhaupt Stellung nehmen kannst, aber ich wundere mich immer wieder über die lange Startzeit meines PC (2 min bis Anmeldefenster, 2-3 min bis Windows voll geladen). Ich habe nach meinem Kenntnisstand eigentlich wenig Programme im Autostart.
Ich habe das aber bisher aus folgenden Gründen ignoriert:
  • Viren-/Maleware-Suchen sind alle ohne Befund
  • wenig Arbeitsspeicher
  • Vielzahl installierter Programme

Hast Du einen Tipp, woran das liegen könnte bzw. welche Abhilfemaßnahmen möglich sind (wenn Ursache Viren/Trojaner). Oder sollte ich dafür einen neuen Thread an geeigneter Stelle aufmachen?

Ansonsten habe ich überhaupt keine Probleme mehr mit dem System. Mich würden aber noch Ideen/Möglichkeiten zum weiteren Systemschutz interessieren. Reicht Windows-Firewall, Avira Free Antivirus sowie regelmäßige Softwareupdates? Kannst Du mir bestimmte No-Go's oder Empfehlungen geben, die einen angemessenen Schutz des System für die Zukunft bieten?!

Vielen Dank
RK

Alt 21.03.2013, 15:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Zitat:
Genau die Einstellungen habe ich schon seit Längerem, habe auch keine Ahnung wie ich mir die Viren/Trojaner einfangen konnte (glaube schon länger her).
Cookies haben nichts mit Viren zu tun, das ist einfach nur Tracking.
Einfach ausgedrückt: Stell dir Cookies so vor, dass wenn du einen Laden besuchst, dir der Ladenbesitzer eine Nummer auf deinen Rücken pinselt, sich dann merkt welche Rücknummer was mach. Betrittst du in Zukunft diesen Laden nochmal, sieht der Ladenbesitzer deine Rückennummer und weiß genau welches Werbeprofil er zB für dich auswählen muss.
Wenn du immer deine Cookies löscht, entfernst du quasi damit deine Rückennummer.
Das ganze hat aber wie gesagt wenig bis garnix mit Schädlingen zu tun.

Zitat:
aber ich wundere mich immer wieder über die lange Startzeit meines PC (2 min bis Anmeldefenster, 2-3 min bis Windows voll geladen)
http://www.trojaner-board.de/71631-p...tml#post425616
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.03.2013, 10:14   #15
RKxxx
 
PUP.RewardsArcade in Registrierungsschluessel - Standard

PUP.RewardsArcade in Registrierungsschluessel



Hallo cosinus,

vielen Dank für die Erklärung bezüglich der Cookies. Ich hatte gedacht, dass ich mir durch Cookies die Viren/Trojaner eingefangen habe, da der Trojaner "PUP.RewardsArcade" meines Erachtens nach so ein "Werbung-Verfolgungs-Trojaner" ist. Aber das scheint ja nicht möglich zu sein.

Vielen Dank für den Link bezüglich der PC-Laufzeit, ich werde mir das einmal genauer anschauen.

Ansonsten müsste es das ja gewesen sein!? Dann bleiben nur noch drei Dinge:
  • Hättest Du noch Sicherheitstipps für die Zukunft?
  • Große Lobhudelei folgt im dafür vorgesehen Thread
  • Wie kann man euch unterstützen? Eine kleine Spende halte ich für angebracht.

Trotzdem ganz persönlich schon einmal hier vielen vielen Dank an Dich für die schnelle, prägnante und zielgerichtete Hilfe.

Ich denke damit ist der Thread dann beendet?!

Viele Grüße
RK

Antwort

Themen zu PUP.RewardsArcade in Registrierungsschluessel
2 infizierte dateien, 32 bit, 7-zip, adobe reader xi, antivir, audiograbber, autorun, becker, browser, converter, defender, error, fehler, firefox, flash player, format, frage, ftp, helper, iexplore.exe, install.exe, kaspersky, logfile, lws.exe, mozilla, office 2007, officejet, programm, registry, rundll, security, senden, software, udp, wörter




Zum Thema PUP.RewardsArcade in Registrierungsschluessel - Hallo Foren-Helfer, ich habe eher zufällig einen Malewarescan mit dem Programm " Malwarebytes Anti-Malware " durchführen lassen. Ich hatte bisher keine Probleme / Auffälligkeiten / Symptome mit meinem PC. Einzig - PUP.RewardsArcade in Registrierungsschluessel...
Archiv
Du betrachtest: PUP.RewardsArcade in Registrierungsschluessel auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.