Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2013, 09:38   #1
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Hallo Zusammen,

hatte in den letzten Tage etwas schwiriegkeiten mit meinem Rechner.
Ich hatte einen "Spion" auf meinem Rechner...

Diesen konnte ich anscheinen mit adwcleaner & Malwarebytes Anti-Malware löschen.
Den ESET Online Scanner habe ich auch noch rüber laufen lassen. Nichts mehr gefunden...

Leider habe ich (oder wie´auch immer) alle logs in Norton2013, Malwarebytes Anti-Malware usw. gelöscht... (Wie blöd muss man sein?)

SecurityCheck wollte ich auch rüber laufen lassen, geht aber nicht. "Befehl nicht bekannt..."


So, nun zu meinem verbleibendem Problem. Malwarebytes Anti-Malware läuft derzit mit und gibt mir folgende Meldung:

Zitat:
2013/04/02 09:07:13 +0200 USER0815-PC User0815 IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51553, Process: hlink64.exe)
2013/04/02 09:18:14 +0200 USER0815-PC User0815 IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51711, Process: hlink64.exe)
2013/04/02 09:18:14 +0200 USER0815-PC User0815 IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51712, Process: hlink64.exe)
2013/04/02 09:18:14 +0200 USER0815-PC User0815 IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51713, Process: hlink64.exe)
2013/04/02 09:18:14 +0200 USER0815-PC User0815 IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51714, Process: hlink64.exe)
Kann mir jemand sagen, was hinter dem Prozess steckt? Ich habe bei Google nichts gefunden...

Besten Dank im Voraus

Alt 04.04.2013, 12:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Hallo und

Zitat:
Diesen konnte ich anscheinen mit adwcleaner & Malwarebytes Anti-Malware löschen.
Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.04.2013, 12:57   #3
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Hallo cosinus,

habe ich ja geschrieben, die Logs sind gelöscht.
Bin mir aber nicht sicher ob noch was drauf ist.

Anliegend die OTL, Extras & Gmer...

Code:
ATTFilter
OTL logfile created on: 04.04.2013 10:52:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User0815\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,82% Memory free
7,99 Gb Paging File | 6,46 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,61 Gb Total Space | 210,95 Gb Free Space | 69,25% Space Free | Partition Type: NTFS
Drive E: | 278,76 Gb Total Space | 160,10 Gb Free Space | 57,43% Space Free | Partition Type: NTFS
Drive Z: | 912,46 Gb Total Space | 706,17 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
 
Computer Name: USER0815-PC | User Name: User0815 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.04 10:13:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User0815\Desktop\OTL.exe
PRC - [2013.02.11 13:19:52 | 000,663,184 | ---- | M] (Star Finanz-Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2013.02.05 15:40:58 | 000,094,416 | ---- | M] () -- C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
PRC - [2013.02.05 15:11:38 | 000,182,784 | ---- | M] () -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.21 15:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.28 11:10:24 | 011,590,528 | ---- | M] (Synology Inc.) -- C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe
PRC - [2012.06.22 18:17:14 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.21 12:55:52 | 000,989,264 | ---- | M] (1&1 Internet AG) -- C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE
PRC - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2009.02.18 19:42:48 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 15:40:58 | 000,094,416 | ---- | M] () -- C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
MOD - [2013.02.05 15:11:28 | 008,100,352 | ---- | M] () -- C:\Program Files (x86)\Allway Sync\Bin\syncapp.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll
MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.16 18:03:55 | 000,118,272 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\hlink64.exe -- (SearchIodexer)
SRV:64bit: - [2009.12.10 09:15:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.03.13 18:34:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.11 13:19:52 | 000,663,184 | ---- | M] (Star Finanz-Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 9.0 OnlineUpdate)
SRV - [2013.02.05 15:11:38 | 000,182,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.12.21 15:48:08 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.28 11:10:34 | 000,381,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe -- (SynoDrService)
SRV - [2012.06.22 18:17:14 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.09.18 20:18:54 | 003,271,496 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.09.06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.16 20:12:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.09.23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.08.05 22:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.22 18:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Disabled | Stopped] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009.07.22 18:53:44 | 002,736,128 | ---- | M] (Firebird Project) [Disabled | Stopped] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2009.01.08 16:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys -- (SymDS)
DRV:64bit: - [2012.12.14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.04 19:49:56 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.06.12 21:40:30 | 000,568,640 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.06.01 19:51:56 | 000,440,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012.03.01 17:39:42 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.12.02 18:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011.11.21 12:52:50 | 000,199,752 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ui11rdr.SYS -- (ui11rdr)
DRV:64bit: - [2011.11.17 16:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011.11.17 16:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011.11.17 16:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011.11.01 01:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.18 08:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.08 01:42:32 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.03.23 01:02:48 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.18 04:13:50 | 007,525,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)
DRV:64bit: - [2010.01.16 20:52:32 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.01.16 20:52:32 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.12.10 11:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.09.21 20:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.30 15:06:04 | 000,734,720 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.11 14:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.05.31 11:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.01.07 23:38:18 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2008.12.07 12:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2008.07.02 14:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2007.10.24 11:47:04 | 000,029,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synUSB64.sys -- (SynUSB64)
DRV:64bit: - [2007.02.12 18:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV - [2013.04.03 12:19:05 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130403.023\ex64.sys -- (NAVEX15)
DRV - [2013.04.03 12:19:05 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130403.023\eng64.sys -- (NAVENG)
DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.12.03 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.12.02 18:32:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130403.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.15 19:55:09 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.08.18 16:46:44 | 000,197,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\WinVd32.sys -- (WinVd32)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.04.13 18:43:10 | 000,105,176 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5738&r=27361109k606l03f8z145t48m1b364
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{72C12208-8A13-419F-B458-00D6E81D5FE9}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\..\SearchScopes\{937BF4A8-1861-4351-A604-1B665598C6FD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\User0815\AppData\Roaming\Mozilla\Firefox\Profiles\73799n8v.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User0815\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.04 10:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.40\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.09.08 17:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.12.04 19:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.29 10:42:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files (x86)\Mobile Master\ext\1\ [2012.10.27 10:28:54 | 000,000,000 | ---D | M]
 
[2013.03.29 10:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User0815\AppData\Roaming\mozilla\Extensions
[2013.03.29 10:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User0815\AppData\Roaming\mozilla\Firefox\Profiles\ezwdy8e4.default\extensions
[2013.03.29 10:50:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User0815\AppData\Roaming\mozilla\firefox\profiles\ezwdy8e4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.29 10:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.08 17:07:37 | 000,441,045 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com      
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 15136 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [1&1_1&1 Upload-Manager] C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKCU..\Run: [Allway Sync] C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe ()
O4 - HKCU..\Run: [Data Replicator 3] C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe (Synology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe File not found
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{096B71E5-0C02-4A9C-8792-238083897661}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a47803fa-a638-11df-a0e0-a34b5d8847fd}\Shell - "" = AutoRun
O33 - MountPoints2\{a47803fa-a638-11df-a0e0-a34b5d8847fd}\Shell\AutoRun\command - "" = I:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.04 10:52:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User0815\Desktop\OTL.exe
[2013.04.03 13:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.03 13:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOXIT SOFTWARE
[2013.03.30 19:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.30 19:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.30 13:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.03.30 13:26:59 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Malwarebytes
[2013.03.30 13:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.30 13:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.30 13:26:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.30 13:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.29 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Mozilla
[2013.03.29 10:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.29 10:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.28 19:34:52 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lexware QuickLine
[2013.03.28 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign
[2013.03.28 18:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickImmobilie2013
[2013.03.27 16:17:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Doerr
[2013.03.27 16:15:40 | 000,000,000 | ---D | C] -- C:\Serie
[2013.03.27 16:15:40 | 000,000,000 | ---D | C] -- \Serie
[2013.03.27 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nebenkosten easy
[2013.03.27 16:13:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2013.03.23 10:14:22 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Foxit Software
[2013.03.21 20:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 9.0
[2013.03.21 20:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0
[2013.03.21 20:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney 9.0
[2013.03.16 18:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\bbc
[2013.03.16 18:03:55 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Opera
[2013.03.16 18:03:50 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2013.03.15 12:43:27 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Buhl
[2013.03.11 21:18:16 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Sync App Settings
[2013.03.11 21:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sync App Settings
[2013.03.11 21:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
[2013.03.11 21:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allway Sync
[2013.03.08 19:33:45 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Local\Temp413ad452e24fcb7d17a027a796342310
[2013.03.08 18:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel Password Recovery
[2009.08.22 10:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.04 10:32:48 | 000,017,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 10:32:48 | 000,017,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 10:24:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.04 10:24:24 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 10:24:21 | 000,722,861 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2013.04.04 10:13:50 | 000,000,020 | ---- | M] () -- C:\Users\User0815\defogger_reenable
[2013.04.04 10:13:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User0815\Desktop\OTL.exe
[2013.04.03 13:46:39 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.03 09:11:25 | 001,644,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.03 09:11:25 | 000,708,994 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.03 09:11:25 | 000,662,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.03 09:11:25 | 000,152,956 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.03 09:11:25 | 000,124,978 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 18:00:01 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-User0815-PC-User0815.job
[2013.04.01 11:47:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 19:01:34 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.30 13:26:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.30 11:15:03 | 001,622,162 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.29 19:19:57 | 000,001,190 | ---- | M] () -- C:\Windows\wiso.ini
[2013.03.29 10:42:56 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.28 19:34:52 | 000,003,061 | ---- | M] () -- C:\Users\User0815\Desktop\QuickImmobilie 2013.lnk
[2013.03.23 19:13:02 | 000,452,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.21 20:23:56 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 9.0.lnk
[2013.03.17 10:53:55 | 001,927,455 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013.03.17 09:55:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.17 09:55:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.16 18:03:56 | 000,119,808 | ---- | M] () -- C:\Windows\SysNative\GFilterSvc.exe
[2013.03.16 18:03:55 | 000,118,272 | ---- | M] () -- C:\Windows\SysNative\hlink64.exe
[2013.03.12 20:09:25 | 000,007,598 | ---- | M] () -- C:\Users\User0815\AppData\Local\resmon.resmoncfg
[2013.03.11 21:17:54 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Allway Sync.lnk
[2013.03.08 19:57:20 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.04 10:13:50 | 000,000,020 | ---- | C] () -- C:\Users\User0815\defogger_reenable
[2013.04.03 13:46:39 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.03.30 19:01:34 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.30 13:26:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.29 10:42:56 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.29 10:42:55 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.28 19:34:52 | 000,003,061 | ---- | C] () -- C:\Users\User0815\Desktop\QuickImmobilie 2013.lnk
[2013.03.21 20:23:56 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 9.0.lnk
[2013.03.17 09:55:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.17 09:55:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.16 18:03:56 | 000,119,808 | ---- | C] () -- C:\Windows\SysNative\GFilterSvc.exe
[2013.03.16 18:03:55 | 000,118,272 | ---- | C] () -- C:\Windows\SysNative\hlink64.exe
[2013.03.16 18:03:50 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2013.03.11 21:17:54 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Allway Sync.lnk
[2012.09.08 09:15:55 | 000,704,512 | ---- | C] () -- C:\Windows\is-C9A31.exe
[2012.04.04 11:40:02 | 000,000,000 | ---- | C] () -- C:\Users\User0815\AppData\Roaming\JFritz.lock
[2012.01.14 18:21:22 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.12.09 20:53:02 | 000,000,680 | RHS- | C] () -- C:\Users\User0815\ntuser.pol
[2011.10.29 23:56:19 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2011.09.27 16:31:32 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2011.09.27 16:31:32 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2011.08.18 16:46:44 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2011.08.18 16:46:39 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2011.05.05 20:34:58 | 000,038,428 | ---- | C] () -- C:\Users\User0815\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.01.20 21:51:03 | 000,007,598 | ---- | C] () -- C:\Users\User0815\AppData\Local\resmon.resmoncfg
[2010.09.25 22:25:35 | 000,016,794 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010.09.18 20:47:00 | 009,621,355 | ---- | C] () -- C:\Users\User0815\0
[2010.09.18 19:38:29 | 000,000,000 | ---- | C] () -- C:\Users\User0815\perl
[2010.05.05 20:54:15 | 000,000,053 | -H-- | C] () -- C:\Users\User0815\maxdesk.ini2
[2010.05.05 20:54:11 | 000,139,011 | -H-- | C] () -- C:\Users\User0815\PP11Thumbs.ptn
[2010.05.05 20:52:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.23 16:41:38 | 000,001,024 | ---- | C] () -- \.rnd
[2010.03.17 20:17:57 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.16 20:26:44 | 000,007,680 | ---- | C] () -- C:\Users\User0815\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.02 07:07:23 | 000,010,639 | RHS- | C] () -- \Patch.rev
[2009.11.01 22:19:56 | 3217,231,872 | -HS- | C] () -- \hiberfil.sys
[2009.08.22 08:01:21 | 000,000,211 | RHS- | C] () -- \Preload.rev
[2009.07.27 22:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009.07.27 22:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr
[2006.12.02 00:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.18 17:02:19 | 000,000,000 | -HSD | M] -- C:\Users\User0815\AppData\Roaming\.#
[2010.05.18 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\.oit
[2011.02.26 10:37:42 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\096A6460-9B1D-4DE4-BD0D-2D185040EEFC
[2013.02.16 20:10:59 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\1&1
[2011.09.27 21:34:56 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\360° PanoramaMaker
[2011.02.26 13:12:30 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Acronis
[2013.02.02 11:59:59 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Audacity
[2012.07.20 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\BOM
[2013.03.15 12:43:27 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Buhl
[2010.02.26 23:00:26 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Buhl Data Service
[2012.06.12 18:32:31 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Buhl Data Service GmbH
[2011.04.22 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.03 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Cimaware
[2010.10.13 20:45:11 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\concept design
[2011.11.02 18:45:35 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\DAEMON Tools Lite
[2010.03.20 15:17:32 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\DataDesign
[2010.01.26 22:08:32 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\dd_bookmarks
[2013.04.03 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Foxit Software
[2012.04.04 11:01:51 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\FRITZ!
[2012.04.06 18:08:43 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.04.04 11:48:38 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\JFritz
[2012.10.27 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Jumping Bytes
[2012.01.14 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Leadertech
[2010.07.04 16:11:45 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\LEGO Company
[2013.03.28 19:43:15 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Lexware
[2013.02.09 11:34:25 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\MediaMonkey
[2012.10.27 12:13:55 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Mobile Master
[2012.09.29 18:24:43 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Nokia
[2010.05.18 23:27:05 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Nokia Ovi Suite
[2011.11.02 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Notepad++
[2010.10.30 10:02:02 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Nuance
[2010.02.03 01:06:14 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\NVD
[2013.03.16 18:03:55 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Opera
[2012.10.26 22:30:35 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\OxyCube
[2010.05.18 21:25:53 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Passware
[2012.09.29 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\PC Suite
[2010.02.04 01:03:01 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\PixelPlanet
[2012.12.07 00:27:42 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\ProtectDisc
[2010.06.25 23:45:05 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\PTV AG
[2010.02.16 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\SieMaSoft
[2010.05.08 23:41:46 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\SmartDraw
[2011.02.16 22:42:02 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\SmartTools
[2010.06.21 23:35:53 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Stereoscopic Player
[2013.03.11 21:18:16 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Sync App Settings
[2010.11.19 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\TaskCoach
[2011.12.29 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Teeworlds
[2010.11.20 01:18:10 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Thinstall
[2009.11.28 17:18:44 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Tific
[2010.02.03 01:06:11 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\TP
[2012.09.29 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\TuneUp Software
[2010.01.16 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Ubisoft
[2010.06.06 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Unity
[2011.11.05 12:32:23 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\wargaming.net
[2010.02.12 14:15:57 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Xilisoft
[2010.05.05 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:DE647502F64A945E
@Alternate Data Stream - 24 bytes -> \Windows:DE647502F64A945E
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8E55808C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B9FB94D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:01C66DD9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:527B6DAD

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.04.2013 10:52:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User0815\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,82% Memory free
7,99 Gb Paging File | 6,46 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,61 Gb Total Space | 210,95 Gb Free Space | 69,25% Space Free | Partition Type: NTFS
Drive E: | 278,76 Gb Total Space | 160,10 Gb Free Space | 57,43% Space Free | Partition Type: NTFS
Drive Z: | 912,46 Gb Total Space | 706,17 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
 
Computer Name: USER0815-PC | User Name: User0815 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05048D63-A03A-444D-8731-AAB7B9F5A380}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{054DBE64-A9B0-4720-9B24-6B183335417A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1780AD61-0EE8-4E4E-B217-278D7A85C612}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A6902F7-15B4-488A-9AC8-E395A9F44CE9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{31560B8D-9B83-436A-8C32-DE3B87C08848}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D428E1C-FF9A-46B7-9F57-15E4A1948850}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{3FDCB29F-EE34-4B63-839E-ED1F71784700}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{528C14B1-FDC4-4C91-98A4-3138C73B9075}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B721E58-892C-4A47-B5AC-A20F1A39B933}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8195E87A-1590-4802-8D9B-10070B3EFF4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{883BC330-0E3F-438B-BC02-4EEF57EFDA5B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8D809531-6E18-4E8E-88D6-DBCDB36B65FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{932068F7-0D10-492A-A274-F8C8280A618E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A243FAD-FF17-4CC5-A199-D67C646BAAE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A15C51D6-9951-4DD0-8A1A-E0D68AE1AC01}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A6DD7B96-A272-439A-8372-032B994871DD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ACCDC09F-4BB6-466D-BAD1-E377758A6104}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B7A04A04-9A85-4EE0-8803-32549E00A991}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C0BBE16C-9BFF-416E-894A-2DDE1275FE39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D0328186-2084-417A-A16D-A6F922725B7A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D2B93CBB-D0B8-4192-894B-873CCB644F4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5539347-00A0-4678-9B65-8B37891924EF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE9D7428-A297-426C-B3C7-325101907576}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F5FEF59B-1751-48AA-ADDE-58A0C8047E73}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{FE9D8BAA-57FA-4DFF-A5A4-25BF9F892955}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5CC524-FC89-496D-9912-3CB590442CAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0D337E53-E16D-41C9-9026-65CD6EE9033D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{0F494519-33A1-4B91-A029-F8D3FB4CAC9F}" = protocol=6 | dir=out | app=system | 
"{1193283B-3C75-4ACF-9548-11C9D328DAE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{13B8A538-C345-404D-B156-A5A66DA7DF6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{185C016B-7A5D-44CC-A8C7-D6C020FB8DF1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{263AB365-8B19-4497-8E0D-38B2E9CE5AD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{26F6B5F4-CDB4-4D9C-B5AB-777ED6CA0AC8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CB5036C-4B0A-4D58-A997-7E93915D8411}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{3467F433-5DE9-44EA-88A0-2AD4863244E6}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 9.0\app\starmoney.exe | 
"{3485AC78-D875-4D94-AC15-496A97527B10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{43CDE3A7-9368-4DC8-BA5B-37CB895CD986}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4B361293-BC12-4AC6-BA8B-CE4694F40B90}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{512A40D1-E7FF-40E3-BF89-2750DF0902FF}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{54C9D507-300B-4DD9-9735-A2758FE3BD19}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{55F8A3B5-77A6-409C-9584-6D012D23B4DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{5887590D-BF66-4AD6-9B68-FCB45CBE8D79}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{59B713CC-AF77-4C02-9BFF-5B9A54256117}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{5EE99E28-9238-44B9-9D1D-A57AC34347D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{614AB493-685A-4F3C-9A94-12D6362B10CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{652D2F73-1880-4669-81B3-FDF40147908B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{65F1706A-8160-4947-9C38-020566D555D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6627D3CB-52E7-4C11-9F5E-DCECC025EFE4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{67CC36B9-A38F-451F-99E6-C8D07A4F6022}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6BC09CC6-E0DB-4EB8-BE6D-7543C7DE5CE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{712A74D8-4DA1-43A2-8A7F-ADB2058F7BBD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7E67F3BF-D01A-47D1-B9B7-B64F3DD6369E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{7F491F5A-44E9-44A2-A5EC-470AABF6DC7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8458973C-390C-4691-9E3F-772DA5FD2D64}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{86988636-89AF-468F-9FC4-A42CA0D9A3AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8744E735-3FB1-4B65-AF62-4CD0D66C1805}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 9.0\ouservice\starmoneyonlineupdate.exe | 
"{8B0846D3-8A6B-4A2B-833C-D17F00A1DE5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8B607A24-31DE-4288-B2FD-5DB1B37D8013}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{970A8A87-56A3-44DE-AEE8-EE2482EF6016}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A4E7B9C1-1720-4CB7-AF55-BBFCED21F728}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A71D9658-9051-41A6-8E55-6E82D1A2C629}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AAAA71F2-90AD-40DA-A786-DF0420B187BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB569A98-047D-4C0A-B5F7-A44A93459FCE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AC850A18-19C6-4388-B0E6-0F740A5410C5}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 9.0\ouservice\starmoneyonlineupdate.exe | 
"{B44F5429-172E-4F6B-838A-C6DD6BBE8562}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{B957926A-CEBF-4A44-8C9F-AE3F5E482723}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{BFEAD707-17EA-46BD-A25E-07849AEC8A3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{C5353C8B-2E3C-414F-AFDC-542D354ECB07}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 9.0\app\starmoney.exe | 
"{C7D4DC9D-4382-4F70-A849-750F5D3ED049}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{C95C2594-2358-46AA-9FC0-D9DE3D4F640F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{D0C49268-900A-4DDF-9727-4E64A2010B38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{D277F9B4-45D3-4A31-B3FF-5CBA15483C19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D2AD6041-BF2E-4416-801C-2F9A56A3210A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{D2D05CA9-68B1-4B96-B06C-6F0FE750122F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D88C7227-DAC7-4170-B969-15E69F19EF1F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{DE63FF7E-7DBE-443D-AE7F-56F35DCEC4FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4179681-1519-4BF0-ACFA-DBEFE28CDA8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{EB3A310D-D4AD-4FCD-A10E-6E1ADE628454}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{EB7842DC-2CD9-4B05-A41B-993F88176D1B}" = dir=in | app=f:\setup\hpznui40.exe | 
"{ED52AA75-2F7B-4EB7-8DFB-34028BC67C0B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EE6EF71E-34EA-4FF4-8142-9A332A787B36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F17093EA-7685-49CE-B928-0DED4231F094}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F9491663-B8F0-4273-8ED8-9DAED26EFB29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{43239902-03DF-A165-7EF6-6A49DE4F8EF1}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"B0BA1B797FB7A52D456711B6A48520BBE1EB8D75" = Windows-Treiberpaket - Intel (NETw5v64) net  (03/18/2010 13.2.0.30)
"CCleaner" = CCleaner
"D7C06C42A25F6AD989ADA3BA0AB6BFC30F77FAA6" = Windows-Treiberpaket - Intel (NETw5s64) net  (03/18/2010 13.2.0.30)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06EF78A1-935E-8982-48EE-DEAF73075BBE}" = Catalyst Control Center InstallProxy
"{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52175683-38AC-4275-A5CD-9CF09E5E16EF}" = QuickImmobilie 2013
"{52306338-9945-41A5-A021-25739C852B58}" = StarMoney
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A6DB7C1-E646-4842-A562-49C5EB8F2B47}" = StarMoney
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66246FF6-130A-483D-B1EE-2FB5A1548662}" = StarMoney 8.0 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6A5D6552-7645-48F4-8922-475ADA18EBD4}" = Zeugnis-Generator 12.0
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5F8BE0-11CB-427C-B536-E71EA3D69614}" = StarMoney 9.0 
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{811E4E77-05C8-422E-8077-B9A80BF15C68}" = DReport Viewer 4
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD624F2C-485E-4074-BC8F-BF86043A71B1}" = Mobile Master
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DEBC6EBF-FF7A-4E30-9C49-DCFB53B446F0}" = Lexware Elster
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{E81F9653-892E-43E0-8273-CCA68F351F17}" = QuickImmobilie 2013 - Hotfix 1
"{E8D82F42-EBD8-478C-917B-28F5BA6EAAAA}" = StarMoney
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{F902AB2B-7816-4CBD-A385-F2549F62956B}" = StarMoney
"{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}" = Foxit Reader
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 SmartFax" = 1&1 SmartFax
"1&1 Upload-Manager" = 1&1 Upload-Manager
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Allway Sync_is1" = Allway Sync version 12.14.2
"Arbeitszeugnis-Generator_is1" = Deinstallation Arbeitszeugnis-Generator
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"Identity Card" = Identity Card
"InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"JDownloader" = JDownloader
"lavfilters_is1" = LAV Filters 0.51.3
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"Mobile Master" = Mobile Master 7.9.10
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"NIS" = Norton Internet Security
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealMedia" = RealMedia (remove only)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Synology Assistant" = Synology Assistant (remove only)
"UltraISO_is1" = UltraISO Premium V8.62
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-Clone Wars" = Clone Wars
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2013 14:01:15 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 42744
 
Error - 02.04.2013 14:01:15 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 42744
 
Error - 02.04.2013 14:01:18 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2013 14:01:18 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46083
 
Error - 02.04.2013 14:01:18 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46083
 
Error - 03.04.2013 07:14:31 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.04.2013 07:14:31 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15631
 
Error - 03.04.2013 07:14:31 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15631
 
Error - 03.04.2013 15:54:42 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 04.04.2013 04:06:41 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15632
 
Error - 04.04.2013 04:06:41 | Computer Name = User0815-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15632
 
[ Media Center Events ]
Error - 23.02.2012 05:58:03 | Computer Name = User0815-PC | Source = MCUpdate | ID = 0
Description = 10:58:03 - Fehler beim Herstellen der Internetverbindung.  10:58:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.02.2012 11:41:41 | Computer Name = User0815-PC | Source = MCUpdate | ID = 0
Description = 16:41:41 - Fehler beim Herstellen der Internetverbindung.  16:41:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.02.2012 12:42:25 | Computer Name = User0815-PC | Source = MCUpdate | ID = 0
Description = 17:42:25 - Fehler beim Herstellen der Internetverbindung.  17:42:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.02.2012 13:43:02 | Computer Name = User0815-PC | Source = MCUpdate | ID = 0
Description = 18:43:02 - Fehler beim Herstellen der Internetverbindung.  18:43:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 04.04.2013 04:18:48 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   UimBus  Uim_IM  Uim_VIM
 
Error - 04.04.2013 04:19:15 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst MBAMService erreicht.
 
Error - 04.04.2013 04:21:43 | Computer Name = User0815-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 04:21:43 | Computer Name = User0815-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 04:21:43 | Computer Name = User0815-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 04:21:46 | Computer Name = User0815-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 04.04.2013 04:24:36 | Computer Name = User0815-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?04.?2013 um 10:23:25 unerwartet heruntergefahren.
 
Error - 04.04.2013 04:24:55 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Vstor2 P2V30 Virtual Storage Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 04.04.2013 04:24:58 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   UimBus  Uim_IM  Uim_VIM
 
Error - 04.04.2013 04:29:02 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
__________________

Alt 04.04.2013, 13:00   #4
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-04 12:40:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19155(1).exe; Driver: C:\Users\User0815\AppData\Local\Temp\uxryrkob.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                              fffff960000d3c00 7 bytes [00, 96, F3, FF, 01, A2, F0]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                          fffff960000d3c08 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                      0000000077befc90 5 bytes JMP 000000010029091c
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                    0000000077befdf4 5 bytes JMP 0000000100290048
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                             0000000077befe88 5 bytes JMP 00000001002902ee
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                          0000000077beffe4 5 bytes JMP 00000001002904b2
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                  0000000077bf0018 5 bytes JMP 00000001002909fe
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                          0000000077bf0048 5 bytes JMP 0000000100290ae0
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                       0000000077bf0064 5 bytes JMP 000000010003004c
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                          0000000077bf077c 5 bytes JMP 000000010029012a
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                              0000000077bf086c 5 bytes JMP 0000000100290758
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                        0000000077bf0884 5 bytes JMP 0000000100290676
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                            0000000077bf0dd4 5 bytes JMP 00000001002903d0
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                      0000000077bf1900 5 bytes JMP 0000000100290594
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                  0000000077bf1bc4 5 bytes JMP 000000010029083a
.text    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[1624] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                         0000000077bf1d50 5 bytes JMP 000000010029020c
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                          0000000077befc90 5 bytes JMP 00000001000a091c
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                        0000000077befdf4 5 bytes JMP 00000001000a0048
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                 0000000077befe88 5 bytes JMP 00000001000a02ee
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                              0000000077beffe4 5 bytes JMP 00000001000a04b2
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                      0000000077bf0018 5 bytes JMP 00000001000a09fe
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                              0000000077bf0048 5 bytes JMP 00000001000a0ae0
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                           0000000077bf0064 5 bytes JMP 000000010002004c
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                              0000000077bf077c 5 bytes JMP 00000001000a012a
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000077bf086c 5 bytes JMP 00000001000a0758
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                            0000000077bf0884 5 bytes JMP 00000001000a0676
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                0000000077bf0dd4 5 bytes JMP 00000001000a03d0
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          0000000077bf1900 5 bytes JMP 00000001000a0594
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                      0000000077bf1bc4 5 bytes JMP 00000001000a083a
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                             0000000077bf1d50 5 bytes JMP 00000001000a020c
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                 00000000763a1492 7 bytes JMP 00000001000b059e
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                            0000000076b1524f 7 bytes JMP 00000001000a0f52
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                0000000076b153d0 7 bytes JMP 00000001000b0210
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                               0000000076b15677 1 byte JMP 00000001000b0048
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                               0000000076b15679 5 bytes {JMP 0xffffffff8959a9d1}
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                      0000000076b1589a 7 bytes JMP 00000001000a0ca6
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                      0000000076b15a1d 7 bytes JMP 00000001000b03d8
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                 0000000076b15c9b 7 bytes JMP 00000001000b012c
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                   0000000076b15d87 7 bytes JMP 00000001000b02f4
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1736] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                  0000000076b17240 7 bytes JMP 00000001000a0e6e
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                          0000000077befc90 5 bytes JMP 000000010010091c
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                        0000000077befdf4 5 bytes JMP 0000000100100048
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                 0000000077befe88 5 bytes JMP 00000001001002ee
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                              0000000077beffe4 5 bytes JMP 00000001001004b2
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                      0000000077bf0018 5 bytes JMP 00000001001009fe
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                              0000000077bf0048 5 bytes JMP 0000000100100ae0
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                           0000000077bf0064 5 bytes JMP 000000010002004c
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                              0000000077bf077c 5 bytes JMP 000000010010012a
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                  0000000077bf086c 5 bytes JMP 0000000100100758
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                            0000000077bf0884 5 bytes JMP 0000000100100676
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                0000000077bf0dd4 5 bytes JMP 00000001001003d0
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                          0000000077bf1900 5 bytes JMP 0000000100100594
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                      0000000077bf1bc4 5 bytes JMP 000000010010083a
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                             0000000077bf1d50 5 bytes JMP 000000010010020c
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206            0000000076b1524f 7 bytes JMP 0000000100100f52
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                0000000076b153d0 7 bytes JMP 0000000100110210
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149               0000000076b15677 1 byte JMP 0000000100110048
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151               0000000076b15679 5 bytes {JMP 0xffffffff895fa9d1}
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                      0000000076b1589a 7 bytes JMP 0000000100100ca6
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                      0000000076b15a1d 7 bytes JMP 00000001001103d8
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                 0000000076b15c9b 7 bytes JMP 000000010011012c
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                   0000000076b15d87 7 bytes JMP 00000001001102f4
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123  0000000076b17240 7 bytes JMP 0000000100100e6e
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1880] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                 00000000763a1492 7 bytes JMP 00000001001104bc
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                0000000077befc90 5 bytes JMP 000000010010091c
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                              0000000077befdf4 5 bytes JMP 0000000100100048
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                       0000000077befe88 5 bytes JMP 00000001001002ee
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                    0000000077beffe4 5 bytes JMP 00000001001004b2
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                            0000000077bf0018 5 bytes JMP 00000001001009fe
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                    0000000077bf0048 5 bytes JMP 0000000100100ae0
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                 0000000077bf0064 5 bytes JMP 000000010002004c
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                    0000000077bf077c 5 bytes JMP 000000010010012a
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                        0000000077bf086c 5 bytes JMP 0000000100100758
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                  0000000077bf0884 5 bytes JMP 0000000100100676
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                      0000000077bf0dd4 5 bytes JMP 00000001001003d0
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                0000000077bf1900 5 bytes JMP 0000000100100594
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                            0000000077bf1bc4 5 bytes JMP 000000010010083a
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                   0000000077bf1d50 5 bytes JMP 000000010010020c
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                  0000000076b1524f 7 bytes JMP 0000000100100f52
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                      0000000076b153d0 7 bytes JMP 0000000100250210
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                     0000000076b15677 1 byte JMP 0000000100250048
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                     0000000076b15679 5 bytes {JMP 0xffffffff8973a9d1}
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                            0000000076b1589a 7 bytes JMP 0000000100100ca6
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                            0000000076b15a1d 7 bytes JMP 00000001002503d8
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                       0000000076b15c9b 7 bytes JMP 000000010025012c
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                         0000000076b15d87 7 bytes JMP 00000001002502f4
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                        0000000076b17240 7 bytes JMP 0000000100100e6e
.text    C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe[1940] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                       00000000763a1492 7 bytes JMP 000000010025059e
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                   0000000077befc90 5 bytes JMP 000000010012091c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                 0000000077befdf4 5 bytes JMP 0000000100120048
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                          0000000077befe88 5 bytes JMP 00000001001202ee
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                       0000000077beffe4 5 bytes JMP 00000001001204b2
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                               0000000077bf0018 5 bytes JMP 00000001001209fe
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                       0000000077bf0048 5 bytes JMP 0000000100120ae0
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                    0000000077bf0064 5 bytes JMP 000000010010004c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                       0000000077bf077c 5 bytes JMP 000000010012012a
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                           0000000077bf086c 5 bytes JMP 0000000100120758
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                     0000000077bf0884 5 bytes JMP 0000000100120676
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                         0000000077bf0dd4 5 bytes JMP 00000001001203d0
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                   0000000077bf1900 5 bytes JMP 0000000100120594
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                               0000000077bf1bc4 5 bytes JMP 000000010012083a
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                      0000000077bf1d50 5 bytes JMP 000000010012020c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                          00000000763a1492 7 bytes JMP 000000010013059e
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                     0000000076b1524f 7 bytes JMP 0000000100120f52
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                         0000000076b153d0 7 bytes JMP 0000000100130210
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                        0000000076b15677 1 byte JMP 0000000100130048
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                        0000000076b15679 5 bytes {JMP 0xffffffff8961a9d1}
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                               0000000076b1589a 7 bytes JMP 0000000100120ca6
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                               0000000076b15a1d 7 bytes JMP 00000001001303d8
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                          0000000076b15c9b 7 bytes JMP 000000010013012c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                            0000000076b15d87 7 bytes JMP 00000001001302f4
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1700] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                           0000000076b17240 7 bytes JMP 0000000100120e6e
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                     0000000077befc90 5 bytes JMP 000000010013091c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                   0000000077befdf4 5 bytes JMP 0000000100130048
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                            0000000077befe88 5 bytes JMP 00000001001302ee
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                         0000000077beffe4 5 bytes JMP 00000001001304b2
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                 0000000077bf0018 5 bytes JMP 00000001001309fe
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                         0000000077bf0048 5 bytes JMP 0000000100130ae0
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                      0000000077bf0064 5 bytes JMP 000000010011004c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                         0000000077bf077c 5 bytes JMP 000000010013012a
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                             0000000077bf086c 5 bytes JMP 0000000100130758
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                       0000000077bf0884 5 bytes JMP 0000000100130676
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                           0000000077bf0dd4 5 bytes JMP 00000001001303d0
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                     0000000077bf1900 5 bytes JMP 0000000100130594
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                 0000000077bf1bc4 5 bytes JMP 000000010013083a
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                        0000000077bf1d50 5 bytes JMP 000000010013020c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                       0000000076b1524f 7 bytes JMP 0000000100130f52
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                           0000000076b153d0 7 bytes JMP 0000000100140210
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                          0000000076b15677 1 byte JMP 0000000100140048
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                          0000000076b15679 5 bytes {JMP 0xffffffff8962a9d1}
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                 0000000076b1589a 7 bytes JMP 0000000100130ca6
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                 0000000076b15a1d 7 bytes JMP 00000001001403d8
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                            0000000076b15c9b 7 bytes JMP 000000010014012c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                              0000000076b15d87 7 bytes JMP 00000001001402f4
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                             0000000076b17240 7 bytes JMP 0000000100130e6e
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1776] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                            00000000763a1492 7 bytes JMP 000000010014059e
.text    C:\Program Files\OO Software\Defrag\oodag.exe[1820] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter                                                             00000000777e9b80 13 bytes {MOV R11, 0x140003a70; JMP R11}
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                              0000000077befc90 5 bytes JMP 000000010014091c
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                            0000000077befdf4 5 bytes JMP 0000000100140048
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                     0000000077befe88 5 bytes JMP 00000001001402ee
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                  0000000077beffe4 5 bytes JMP 00000001001404b2
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                          0000000077bf0018 5 bytes JMP 00000001001409fe
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                  0000000077bf0048 5 bytes JMP 0000000100140ae0
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                               0000000077bf0064 5 bytes JMP 000000010012004c
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                  0000000077bf077c 5 bytes JMP 000000010014012a
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                      0000000077bf086c 5 bytes JMP 0000000100140758
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                0000000077bf0884 5 bytes JMP 0000000100140676
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                    0000000077bf0dd4 5 bytes JMP 00000001001403d0
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                              0000000077bf1900 5 bytes JMP 0000000100140594
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                          0000000077bf1bc4 5 bytes JMP 000000010014083a
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                 0000000077bf1d50 5 bytes JMP 000000010014020c
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                     00000000763a1492 7 bytes JMP 000000010015059e
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                0000000076b1524f 7 bytes JMP 0000000100140f52
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                    0000000076b153d0 7 bytes JMP 0000000100150210
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                   0000000076b15677 1 byte JMP 0000000100150048
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                   0000000076b15679 5 bytes {JMP 0xffffffff8963a9d1}
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                          0000000076b1589a 7 bytes JMP 0000000100140ca6
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                          0000000076b15a1d 7 bytes JMP 00000001001503d8
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                     0000000076b15c9b 7 bytes JMP 000000010015012c
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                       0000000076b15d87 7 bytes JMP 00000001001502f4
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                      0000000076b17240 7 bytes JMP 0000000100140e6e
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000762f1465 2 bytes [2F, 76]
.text    C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000762f14bb 2 bytes [2F, 76]
.text    ...                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                              0000000077befc90 5 bytes JMP 00000001002e091c
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                            0000000077befdf4 5 bytes JMP 00000001002e0048
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                     0000000077befe88 5 bytes JMP 00000001002e02ee
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                  0000000077beffe4 5 bytes JMP 00000001002e04b2
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                          0000000077bf0018 5 bytes JMP 00000001002e09fe
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                  0000000077bf0048 5 bytes JMP 00000001002e0ae0
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                               0000000077bf0064 5 bytes JMP 00000001001c004c
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                  0000000077bf077c 5 bytes JMP 00000001002e012a
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                      0000000077bf086c 5 bytes JMP 00000001002e0758
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                0000000077bf0884 5 bytes JMP 00000001002e0676
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                    0000000077bf0dd4 5 bytes JMP 00000001002e03d0
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                              0000000077bf1900 5 bytes JMP 00000001002e0594
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                          0000000077bf1bc4 5 bytes JMP 00000001002e083a
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                 0000000077bf1d50 5 bytes JMP 00000001002e020c
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                     00000000763a1492 7 bytes JMP 000000010037059e
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                0000000076b1524f 7 bytes JMP 00000001002e0f52
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                    0000000076b153d0 7 bytes JMP 0000000100370210
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                   0000000076b15677 1 byte JMP 0000000100370048
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                   0000000076b15679 5 bytes {JMP 0xffffffff8985a9d1}
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                          0000000076b1589a 7 bytes JMP 00000001002e0ca6
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                          0000000076b15a1d 7 bytes JMP 00000001003703d8
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                     0000000076b15c9b 7 bytes JMP 000000010037012c
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                       0000000076b15d87 7 bytes JMP 00000001003702f4
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                      0000000076b17240 7 bytes JMP 00000001002e0e6e
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                       00000000762f1465 2 bytes [2F, 76]
.text    C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                      00000000762f14bb 2 bytes [2F, 76]
.text    ...                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                        0000000077befc90 5 bytes JMP 000000010022091c
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                      0000000077befdf4 5 bytes JMP 0000000100220048
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                               0000000077befe88 5 bytes JMP 00000001002202ee
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                            0000000077beffe4 5 bytes JMP 00000001002204b2
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                    0000000077bf0018 5 bytes JMP 00000001002209fe
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                            0000000077bf0048 5 bytes JMP 0000000100220ae0
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                         0000000077bf0064 5 bytes JMP 000000010002004c
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                            0000000077bf077c 5 bytes JMP 000000010022012a
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                0000000077bf086c 5 bytes JMP 0000000100220758
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                          0000000077bf0884 5 bytes JMP 0000000100220676
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                              0000000077bf0dd4 5 bytes JMP 00000001002203d0
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                        0000000077bf1900 5 bytes JMP 0000000100220594
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                    0000000077bf1bc4 5 bytes JMP 000000010022083a
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                           0000000077bf1d50 5 bytes JMP 000000010022020c
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                               00000000763a1492 7 bytes JMP 000000010032059e
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                          0000000076b1524f 7 bytes JMP 0000000100220f52
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                              0000000076b153d0 7 bytes JMP 0000000100320210
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                             0000000076b15677 1 byte JMP 0000000100320048
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                             0000000076b15679 5 bytes {JMP 0xffffffff8980a9d1}
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                    0000000076b1589a 7 bytes JMP 0000000100220ca6
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                    0000000076b15a1d 7 bytes JMP 00000001003203d8
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                               0000000076b15c9b 7 bytes JMP 000000010032012c
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                 0000000076b15d87 7 bytes JMP 00000001003202f4
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                0000000076b17240 7 bytes JMP 0000000100220e6e
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 00000000762f1465 2 bytes [2F, 76]
.text    C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000762f14bb 2 bytes [2F, 76]
.text    ...                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                         0000000077befc90 5 bytes JMP 000000010012091c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                       0000000077befdf4 5 bytes JMP 0000000100120048
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                0000000077befe88 5 bytes JMP 00000001001202ee
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                             0000000077beffe4 5 bytes JMP 00000001001204b2
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                     0000000077bf0018 5 bytes JMP 00000001001209fe
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                             0000000077bf0048 5 bytes JMP 0000000100120ae0
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                          0000000077bf0064 5 bytes JMP 000000010010004c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                             0000000077bf077c 5 bytes JMP 000000010012012a
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                 0000000077bf086c 5 bytes JMP 0000000100120758
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                           0000000077bf0884 5 bytes JMP 0000000100120676
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                               0000000077bf0dd4 5 bytes JMP 00000001001203d0
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                         0000000077bf1900 5 bytes JMP 0000000100120594
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                     0000000077bf1bc4 5 bytes JMP 000000010012083a
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                            0000000077bf1d50 5 bytes JMP 000000010012020c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                00000000763a1492 7 bytes JMP 000000010013059e
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                           0000000076b1524f 7 bytes JMP 0000000100120f52
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                               0000000076b153d0 7 bytes JMP 0000000100130210
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                              0000000076b15677 1 byte JMP 0000000100130048
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                              0000000076b15679 5 bytes {JMP 0xffffffff8961a9d1}
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                     0000000076b1589a 7 bytes JMP 0000000100120ca6
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                     0000000076b15a1d 7 bytes JMP 00000001001303d8
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                0000000076b15c9b 7 bytes JMP 000000010013012c
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                  0000000076b15d87 7 bytes JMP 00000001001302f4
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3732] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                 0000000076b17240 7 bytes JMP 0000000100120e6e
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                         0000000077befc90 5 bytes JMP 000000010021091c
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                       0000000077befdf4 5 bytes JMP 0000000100210048
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                0000000077befe88 5 bytes JMP 00000001002102ee
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                             0000000077beffe4 5 bytes JMP 00000001002104b2
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                     0000000077bf0018 5 bytes JMP 00000001002109fe
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                             0000000077bf0048 5 bytes JMP 0000000100210ae0
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                          0000000077bf0064 5 bytes JMP 000000010002004c
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                             0000000077bf077c 5 bytes JMP 000000010021012a
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                 0000000077bf086c 5 bytes JMP 0000000100210758
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                           0000000077bf0884 5 bytes JMP 0000000100210676
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                               0000000077bf0dd4 5 bytes JMP 00000001002103d0
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                         0000000077bf1900 5 bytes JMP 0000000100210594
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                     0000000077bf1bc4 5 bytes JMP 000000010021083a
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                            0000000077bf1d50 5 bytes JMP 000000010021020c
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                           0000000076b1524f 7 bytes JMP 0000000100210f52
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                               0000000076b153d0 7 bytes JMP 0000000100220210
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                              0000000076b15677 1 byte JMP 0000000100220048
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                              0000000076b15679 5 bytes {JMP 0xffffffff8970a9d1}
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                     0000000076b1589a 7 bytes JMP 0000000100210ca6
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                     0000000076b15a1d 7 bytes JMP 00000001002203d8
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                0000000076b15c9b 7 bytes JMP 000000010022012c
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                  0000000076b15d87 7 bytes JMP 00000001002202f4
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                 0000000076b17240 7 bytes JMP 0000000100210e6e
.text    C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe[2696] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                00000000763a1492 7 bytes JMP 000000010022059e
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                              0000000077befc90 5 bytes JMP 000000010029091c
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                            0000000077befdf4 5 bytes JMP 0000000100290048
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                     0000000077befe88 5 bytes JMP 00000001002902ee
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                  0000000077beffe4 5 bytes JMP 00000001002904b2
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                          0000000077bf0018 5 bytes JMP 00000001002909fe
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                  0000000077bf0048 5 bytes JMP 0000000100290ae0
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                               0000000077bf0064 5 bytes JMP 000000010002004c
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                  0000000077bf077c 5 bytes JMP 000000010029012a
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                      0000000077bf086c 5 bytes JMP 0000000100290758
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                0000000077bf0884 5 bytes JMP 0000000100290676
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                    0000000077bf0dd4 5 bytes JMP 00000001002903d0
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                              0000000077bf1900 5 bytes JMP 0000000100290594
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                          0000000077bf1bc4 5 bytes JMP 000000010029083a
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                 0000000077bf1d50 5 bytes JMP 000000010029020c
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                     00000000763a1492 7 bytes JMP 00000001002a059e
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                0000000076b1524f 7 bytes JMP 0000000100290f52
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                    0000000076b153d0 7 bytes JMP 00000001002a0210
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                   0000000076b15677 1 byte JMP 00000001002a0048
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                   0000000076b15679 5 bytes {JMP 0xffffffff8978a9d1}
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                          0000000076b1589a 7 bytes JMP 0000000100290ca6
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                          0000000076b15a1d 7 bytes JMP 00000001002a03d8
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                     0000000076b15c9b 7 bytes JMP 00000001002a012c
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                       0000000076b15d87 7 bytes JMP 00000001002a02f4
.text    C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE[3808] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                      0000000076b17240 7 bytes JMP 0000000100290e6e
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                   0000000077befc90 5 bytes JMP 000000010030091c
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                 0000000077befdf4 5 bytes JMP 0000000100300048
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                          0000000077befe88 5 bytes JMP 00000001003002ee
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                       0000000077beffe4 5 bytes JMP 00000001003004b2
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                               0000000077bf0018 5 bytes JMP 00000001003009fe
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                       0000000077bf0048 5 bytes JMP 0000000100300ae0
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                    0000000077bf0064 5 bytes JMP 000000010002004c
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                       0000000077bf077c 5 bytes JMP 000000010030012a
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                           0000000077bf086c 5 bytes JMP 0000000100300758
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                     0000000077bf0884 5 bytes JMP 0000000100300676
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                         0000000077bf0dd4 5 bytes JMP 00000001003003d0
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                   0000000077bf1900 5 bytes JMP 0000000100300594
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                               0000000077bf1bc4 5 bytes JMP 000000010030083a
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                      0000000077bf1d50 5 bytes JMP 000000010030020c
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                          00000000763a1492 7 bytes JMP 00000001003104bc
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                     0000000076b1524f 7 bytes JMP 0000000100300f52
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                         0000000076b153d0 7 bytes JMP 0000000100310210
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                        0000000076b15677 1 byte JMP 0000000100310048
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                        0000000076b15679 5 bytes {JMP 0xffffffff897fa9d1}
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                               0000000076b1589a 7 bytes JMP 0000000100300ca6
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                               0000000076b15a1d 7 bytes JMP 00000001003103d8
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                          0000000076b15c9b 7 bytes JMP 000000010031012c
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                            0000000076b15d87 7 bytes JMP 00000001003102f4
.text    C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe[2296] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                           0000000076b17240 7 bytes JMP 0000000100300e6e
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                    0000000077befc90 5 bytes JMP 000000010020091c
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077befdf4 5 bytes JMP 0000000100200048
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                           0000000077befe88 5 bytes JMP 00000001002002ee
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                        0000000077beffe4 5 bytes JMP 00000001002004b2
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                0000000077bf0018 5 bytes JMP 00000001002009fe
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                        0000000077bf0048 5 bytes JMP 0000000100200ae0
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                     0000000077bf0064 5 bytes JMP 00000001001e004c
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                        0000000077bf077c 5 bytes JMP 000000010020012a
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                            0000000077bf086c 5 bytes JMP 0000000100200758
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                      0000000077bf0884 5 bytes JMP 0000000100200676
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                          0000000077bf0dd4 5 bytes JMP 00000001002003d0
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                    0000000077bf1900 5 bytes JMP 0000000100200594
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                0000000077bf1bc4 5 bytes JMP 000000010020083a
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                       0000000077bf1d50 5 bytes JMP 000000010020020c
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                           00000000763a1492 7 bytes JMP 000000010021059e
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                      0000000076b1524f 7 bytes JMP 0000000100200f52
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                          0000000076b153d0 7 bytes JMP 0000000100210210
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                         0000000076b15677 1 byte JMP 0000000100210048
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                         0000000076b15679 5 bytes {JMP 0xffffffff896fa9d1}
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                0000000076b1589a 7 bytes JMP 0000000100200ca6
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                0000000076b15a1d 7 bytes JMP 00000001002103d8
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                           0000000076b15c9b 7 bytes JMP 000000010021012c
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                             0000000076b15d87 7 bytes JMP 00000001002102f4
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3880] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                            0000000076b17240 7 bytes JMP 0000000100200e6e
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                       0000000077befc90 5 bytes JMP 000000010029091c
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                     0000000077befdf4 5 bytes JMP 0000000100290048
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                              0000000077befe88 5 bytes JMP 00000001002902ee
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                           0000000077beffe4 5 bytes JMP 00000001002904b2
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                   0000000077bf0018 5 bytes JMP 00000001002909fe
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                           0000000077bf0048 5 bytes JMP 0000000100290ae0
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                        0000000077bf0064 5 bytes JMP 000000010002004c
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                           0000000077bf077c 5 bytes JMP 000000010029012a
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                               0000000077bf086c 5 bytes JMP 0000000100290758
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                         0000000077bf0884 5 bytes JMP 0000000100290676
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                             0000000077bf0dd4 5 bytes JMP 00000001002903d0
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                       0000000077bf1900 5 bytes JMP 0000000100290594
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                   0000000077bf1bc4 5 bytes JMP 000000010029083a
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                          0000000077bf1d50 5 bytes JMP 000000010029020c
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                         0000000076b1524f 7 bytes JMP 0000000100290f52
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                             0000000076b153d0 7 bytes JMP 00000001002a0210
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                            0000000076b15677 1 byte JMP 00000001002a0048
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                            0000000076b15679 5 bytes {JMP 0xffffffff8978a9d1}
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                   0000000076b1589a 7 bytes JMP 0000000100290ca6
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                   0000000076b15a1d 7 bytes JMP 00000001002a03d8
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                              0000000076b15c9b 7 bytes JMP 00000001002a012c
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                0000000076b15d87 7 bytes JMP 00000001002a02f4
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                               0000000076b17240 7 bytes JMP 0000000100290e6e
.text    C:\Users\User0815\Desktop\gmer_2.1.19155(1).exe[4688] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                              00000000763a1492 7 bytes JMP 00000001002a04bc

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a310                                                                                                  
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a310@0017e5b60b44                                                                                     0xDF 0x6D 0xC3 0x35 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                       0xA3 0xC5 0x34 0x3A ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                          1
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                       0x74 0xE1 0xD0 0x6E ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)                                                                              
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a310@0017e5b60b44                                                                                         0xDF 0x6D 0xC3 0x35 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                              0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                           0xA3 0xC5 0x34 0x3A ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                         
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                              1
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                           0x74 0xE1 0xD0 0x6E ...

---- Files - GMER 2.1 ----

File     C:\Users\User0815\AppData\Roaming\systemfl.$dk                                                                                                                               990 bytes
File     C:\Windows\SysWOW64\sys_drv_2.dat                                                                                                                                            6024 bytes
File     C:\Windows\SysWOW64\WinFLdrv.sys                                                                                                                                             21888 bytes executable                                      <-- ROOTKIT !!!

---- Services - GMER 2.1 ----

Service  C:\Windows\SysWOW64\WinFLdrv.sys                                                                                                                                             [AUTO] WinFLdrv                                             <-- ROOTKIT !!!

---- EOF - GMER 2.1 ----
         
--- --- ---


Letztendlich bin ich mir nicht sicher, ob ich noch etwas machen sollte (scannen etc.)?
Mir ist klar, dass es bescheuert war so aufzuräumen... sprich die Logs zu löschen.

Norton Internet Security 2013 hat sich nicht wieder gemeldet. Aber Malwarebytes Anti-Malware meldet sich weiterhin...

Was soll ich machen?

Code:
ATTFilter
2013/04/04 10:07:38 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 53370, Process: hlink64.exe)
2013/04/04 10:07:38 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 53371, Process: hlink64.exe)
2013/04/04 10:07:38 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 53372, Process: hlink64.exe)
2013/04/04 10:07:38 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 53373, Process: hlink64.exe)
2013/04/04 10:15:47 +0200	USER0815-PC	User0815	MESSAGE	Starting protection
2013/04/04 10:15:48 +0200	USER0815-PC	User0815	MESSAGE	Protection started successfully
2013/04/04 10:15:48 +0200	USER0815-PC	User0815	MESSAGE	Starting IP protection
2013/04/04 10:18:37 +0200	USER0815-PC	(null)	MESSAGE	Starting protection
2013/04/04 10:18:39 +0200	USER0815-PC	(null)	MESSAGE	Protection started successfully
2013/04/04 10:18:39 +0200	USER0815-PC	(null)	MESSAGE	Starting IP protection
2013/04/04 10:19:00 +0200	USER0815-PC	User0815	MESSAGE	IP Protection started successfully
2013/04/04 10:24:48 +0200	USER0815-PC	(null)	MESSAGE	Starting protection
2013/04/04 10:24:50 +0200	USER0815-PC	(null)	MESSAGE	Protection started successfully
2013/04/04 10:24:50 +0200	USER0815-PC	(null)	MESSAGE	Starting IP protection
2013/04/04 10:25:11 +0200	USER0815-PC	(null)	MESSAGE	IP Protection started successfully
2013/04/04 10:26:25 +0200	USER0815-PC	(null)	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49166, Process: hlink64.exe)
2013/04/04 10:26:25 +0200	USER0815-PC	(null)	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49167, Process: hlink64.exe)
2013/04/04 10:26:25 +0200	USER0815-PC	(null)	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49168, Process: hlink64.exe)
2013/04/04 10:26:25 +0200	USER0815-PC	(null)	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49169, Process: hlink64.exe)
2013/04/04 10:37:24 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49194, Process: hlink64.exe)
2013/04/04 10:37:24 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49195, Process: hlink64.exe)
2013/04/04 10:37:24 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49196, Process: hlink64.exe)
2013/04/04 10:37:24 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49197, Process: hlink64.exe)
2013/04/04 10:48:22 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49207, Process: hlink64.exe)
2013/04/04 10:48:22 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49208, Process: hlink64.exe)
2013/04/04 10:48:22 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49209, Process: hlink64.exe)
2013/04/04 10:48:22 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49210, Process: hlink64.exe)
2013/04/04 10:59:25 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49260, Process: hlink64.exe)
2013/04/04 10:59:25 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49261, Process: hlink64.exe)
2013/04/04 10:59:25 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49262, Process: hlink64.exe)
2013/04/04 10:59:25 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49263, Process: hlink64.exe)
2013/04/04 11:10:23 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49272, Process: hlink64.exe)
2013/04/04 11:10:23 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49273, Process: hlink64.exe)
2013/04/04 11:10:23 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49274, Process: hlink64.exe)
2013/04/04 11:10:23 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49275, Process: hlink64.exe)
2013/04/04 12:44:36 +0200	USER0815-PC	(null)	MESSAGE	Starting protection
2013/04/04 12:44:36 +0200	USER0815-PC	(null)	MESSAGE	Protection started successfully
2013/04/04 12:44:36 +0200	USER0815-PC	(null)	MESSAGE	Starting IP protection
2013/04/04 12:44:57 +0200	USER0815-PC	User0815	MESSAGE	IP Protection started successfully
2013/04/04 12:46:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49175, Process: hlink64.exe)
2013/04/04 12:46:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49176, Process: hlink64.exe)
2013/04/04 12:46:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49177, Process: hlink64.exe)
2013/04/04 12:46:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49178, Process: hlink64.exe)
2013/04/04 12:57:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49266, Process: hlink64.exe)
2013/04/04 12:57:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49267, Process: hlink64.exe)
2013/04/04 12:57:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49268, Process: hlink64.exe)
2013/04/04 12:57:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49269, Process: hlink64.exe)
2013/04/04 13:07:58 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49436, Process: hlink64.exe)
2013/04/04 13:07:58 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49437, Process: hlink64.exe)
2013/04/04 13:07:58 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49438, Process: hlink64.exe)
2013/04/04 13:07:58 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49439, Process: hlink64.exe)
         

Alt 04.04.2013, 13:57   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Hast du die verlintken Artikel nicht gelesen? Ich wollte die "echten" Logs mit Funden von Malwarebytes sehen


__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.04.2013, 18:46   #6
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Hallo cosinus,

anliegend die aktuellen Logs.

Es wurde nichts mehr gefunden. Wie gesagt, die alten Logs mit habe ich leider nicht mehr.
Kann ich dann davon ausgehen, das mein Rechner sauber ist?

Vorweg schonmal tausen Dank für Deine/Eure Hilfe

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
User0815 :: USER0815-PC [Administrator]

Schutz: Aktiviert

04.04.2013 14:09:04
mbam-log-2013-04-04 (14-09-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 542650
Laufzeit: 1 Stunde(n), 12 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
User0815 :: USER0815-PC [Administrator]

Schutz: Aktiviert

04.04.2013 14:08:01
mbam-log-2013-04-04 (14-08-01).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 239175
Laufzeit: 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
User0815 :: USER0815-PC [Administrator]

Schutz: Aktiviert

04.04.2013 14:03:44
mbam-log-2013-04-04 (14-03-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 275787
Laufzeit: 3 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 05.04.2013, 00:18   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.04.2013, 20:56   #8
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



MBAR (Malwarebytes Anti-Rootkit)

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
User0815 :: USER0815-PC [administrator]

05.04.2013 10:33:38
mbar-log-2013-04-05 (10-33-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 33377
Time elapsed: 15 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR

Bricht immer mit folgendem Fehler ab...

Siehe Anhang -->
Miniaturansicht angehängter Grafiken
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert-05.04.jpg  

Alt 06.04.2013, 20:57   #9
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



TDSS-Killer

Code:
ATTFilter
20:49:43.0733 3236  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:49:44.0123 3236  ============================================================
20:49:44.0123 3236  Current date / time: 2013/04/06 20:49:44.0123
20:49:44.0123 3236  SystemInfo:
20:49:44.0123 3236  
20:49:44.0123 3236  OS Version: 6.1.7601 ServicePack: 1.0
20:49:44.0123 3236  Product type: Workstation
20:49:44.0123 3236  ComputerName: USER0815-PC
20:49:44.0123 3236  UserName: User0815
20:49:44.0123 3236  Windows directory: C:\Windows
20:49:44.0123 3236  System windows directory: C:\Windows
20:49:44.0123 3236  Running under WOW64
20:49:44.0123 3236  Processor architecture: Intel x64
20:49:44.0123 3236  Number of processors: 2
20:49:44.0123 3236  Page size: 0x1000
20:49:44.0123 3236  Boot type: Normal boot
20:49:44.0123 3236  ============================================================
20:49:44.0903 3236  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:49:44.0918 3236  ============================================================
20:49:44.0918 3236  \Device\Harddisk0\DR0:
20:49:44.0918 3236  MBR partitions:
20:49:44.0918 3236  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
20:49:44.0918 3236  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x26139AB0
20:49:44.0934 3236  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x27AD1000, BlocksNum 0x22D86800
20:49:44.0934 3236  ============================================================
20:49:44.0965 3236  C: <-> \Device\Harddisk0\DR0\Partition2
20:49:45.0012 3236  E: <-> \Device\Harddisk0\DR0\Partition3
20:49:45.0012 3236  ============================================================
20:49:45.0012 3236  Initialize success
20:49:45.0012 3236  ============================================================
20:50:20.0580 4108  ============================================================
20:50:20.0580 4108  Scan started
20:50:20.0580 4108  Mode: Manual; SigCheck; TDLFS; 
20:50:20.0580 4108  ============================================================
20:50:20.0908 4108  ================ Scan system memory ========================
20:50:20.0908 4108  System memory - ok
20:50:20.0908 4108  ================ Scan services =============================
20:50:21.0064 4108  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:50:21.0188 4108  1394ohci - ok
20:50:21.0235 4108  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:50:21.0251 4108  ACPI - ok
20:50:21.0282 4108  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:50:21.0344 4108  AcpiPmi - ok
20:50:21.0422 4108  [ C004F38974F4D321B4C20A240E1175C0 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
20:50:21.0438 4108  AdobeActiveFileMonitor9.0 - ok
20:50:21.0532 4108  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:50:21.0547 4108  AdobeARMservice - ok
20:50:21.0688 4108  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:50:21.0703 4108  AdobeFlashPlayerUpdateSvc - ok
20:50:21.0750 4108  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:50:21.0781 4108  adp94xx - ok
20:50:21.0781 4108  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:50:21.0812 4108  adpahci - ok
20:50:21.0828 4108  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:50:21.0844 4108  adpu320 - ok
20:50:21.0875 4108  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:50:22.0031 4108  AeLookupSvc - ok
20:50:22.0078 4108  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:50:22.0124 4108  AFD - ok
20:50:22.0171 4108  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
20:50:22.0202 4108  AgereModemAudio - ok
20:50:22.0249 4108  [ 2173E070647AC68C16B8214FE5C05EC3 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
20:50:22.0327 4108  AgereSoftModem - ok
20:50:22.0358 4108  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:50:22.0374 4108  agp440 - ok
20:50:22.0405 4108  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:50:22.0436 4108  ALG - ok
20:50:22.0452 4108  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:50:22.0468 4108  aliide - ok
20:50:22.0514 4108  [ 41A0813F22D3330C0CA71CE5BBD42B12 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:50:22.0577 4108  AMD External Events Utility - ok
20:50:22.0608 4108  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:50:22.0624 4108  amdide - ok
20:50:22.0655 4108  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:50:22.0686 4108  AmdK8 - ok
20:50:22.0702 4108  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:50:22.0733 4108  AmdPPM - ok
20:50:22.0780 4108  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:50:22.0795 4108  amdsata - ok
20:50:22.0826 4108  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:50:22.0842 4108  amdsbs - ok
20:50:22.0858 4108  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:50:22.0873 4108  amdxata - ok
20:50:22.0889 4108  [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
20:50:22.0920 4108  ApfiltrService - ok
20:50:22.0951 4108  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:50:23.0107 4108  AppID - ok
20:50:23.0138 4108  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:50:23.0185 4108  AppIDSvc - ok
20:50:23.0216 4108  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:50:23.0263 4108  Appinfo - ok
20:50:23.0341 4108  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:50:23.0341 4108  Apple Mobile Device - ok
20:50:23.0372 4108  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:50:23.0388 4108  arc - ok
20:50:23.0388 4108  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:50:23.0419 4108  arcsas - ok
20:50:23.0544 4108  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:50:23.0560 4108  aspnet_state - ok
20:50:23.0591 4108  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:50:23.0638 4108  AsyncMac - ok
20:50:23.0669 4108  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:50:23.0684 4108  atapi - ok
20:50:23.0825 4108  [ 37456BE85384E4CC38DC899F07F88C45 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:50:24.0012 4108  atikmdag - ok
20:50:24.0043 4108  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
20:50:24.0074 4108  atksgt - ok
20:50:24.0106 4108  [ BA1BBD0E8EF9892A57586DD47049C632 ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
20:50:24.0137 4108  ATSwpWDF - ok
20:50:24.0168 4108  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:50:24.0230 4108  AudioEndpointBuilder - ok
20:50:24.0262 4108  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:50:24.0308 4108  AudioSrv - ok
20:50:24.0340 4108  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:50:24.0386 4108  AxInstSV - ok
20:50:24.0433 4108  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:50:24.0464 4108  b06bdrv - ok
20:50:24.0496 4108  [ 93AF5CCCE5145AA3C2F0A41E7F65149A ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:50:24.0511 4108  b57nd60a - ok
20:50:24.0542 4108  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
20:50:24.0636 4108  BCM43XX - ok
20:50:24.0667 4108  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:50:24.0698 4108  BDESVC - ok
20:50:24.0698 4108  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:50:24.0745 4108  Beep - ok
20:50:24.0792 4108  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:50:24.0839 4108  BFE - ok
20:50:25.0010 4108  [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
20:50:25.0057 4108  BHDrvx64 - ok
20:50:25.0104 4108  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:50:25.0198 4108  BITS - ok
20:50:25.0229 4108  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:50:25.0260 4108  blbdrive - ok
20:50:25.0307 4108  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:50:25.0322 4108  Bonjour Service - ok
20:50:25.0416 4108  BotkindSyncService - ok
20:50:25.0447 4108  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:50:25.0478 4108  bowser - ok
20:50:25.0494 4108  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:50:25.0525 4108  BrFiltLo - ok
20:50:25.0541 4108  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:50:25.0556 4108  BrFiltUp - ok
20:50:25.0588 4108  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:50:25.0603 4108  Browser - ok
20:50:25.0619 4108  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:50:25.0650 4108  Brserid - ok
20:50:25.0666 4108  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:50:25.0697 4108  BrSerWdm - ok
20:50:25.0697 4108  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:50:25.0728 4108  BrUsbMdm - ok
20:50:25.0728 4108  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:50:25.0744 4108  BrUsbSer - ok
20:50:25.0759 4108  BT - ok
20:50:25.0759 4108  Btcsrusb - ok
20:50:25.0790 4108  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:50:25.0822 4108  BthEnum - ok
20:50:25.0853 4108  [ 992D8C032884DC4C837C40BF52CB5C89 ] BtHidBus        C:\Windows\system32\Drivers\BtHidBus.sys
20:50:25.0868 4108  BtHidBus - ok
20:50:25.0884 4108  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:50:25.0915 4108  BTHMODEM - ok
20:50:25.0931 4108  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:50:25.0962 4108  BthPan - ok
20:50:25.0993 4108  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:50:26.0056 4108  BTHPORT - ok
20:50:26.0087 4108  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:50:26.0149 4108  bthserv - ok
20:50:26.0180 4108  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:50:26.0212 4108  BTHUSB - ok
20:50:26.0243 4108  [ 40AAAB64465E42C72B6411AAEB3EEF0F ] btnetBUs        C:\Windows\system32\Drivers\btnetBus.sys
20:50:26.0243 4108  btnetBUs - ok
20:50:26.0305 4108  [ FC278504BFA3AC7E9ED92359D0EE7282 ] busenum         C:\Windows\system32\DRIVERS\busenum.sys
20:50:26.0321 4108  busenum - ok
20:50:26.0414 4108  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys
20:50:26.0414 4108  ccSet_NIS - ok
20:50:26.0461 4108  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:50:26.0524 4108  cdfs - ok
20:50:26.0555 4108  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:50:26.0617 4108  cdrom - ok
20:50:26.0648 4108  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:50:26.0711 4108  CertPropSvc - ok
20:50:26.0726 4108  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:50:26.0758 4108  circlass - ok
20:50:26.0789 4108  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:50:26.0820 4108  CLFS - ok
20:50:26.0867 4108  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:50:26.0882 4108  clr_optimization_v2.0.50727_32 - ok
20:50:26.0914 4108  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:50:26.0929 4108  clr_optimization_v2.0.50727_64 - ok
20:50:27.0038 4108  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:50:27.0070 4108  clr_optimization_v4.0.30319_32 - ok
20:50:27.0085 4108  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:50:27.0101 4108  clr_optimization_v4.0.30319_64 - ok
20:50:27.0132 4108  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:50:27.0163 4108  CmBatt - ok
20:50:27.0179 4108  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:50:27.0194 4108  cmdide - ok
20:50:27.0226 4108  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:50:27.0257 4108  CNG - ok
20:50:27.0272 4108  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:50:27.0288 4108  Compbatt - ok
20:50:27.0304 4108  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:50:27.0335 4108  CompositeBus - ok
20:50:27.0335 4108  COMSysApp - ok
20:50:27.0366 4108  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:50:27.0382 4108  crcdisk - ok
20:50:27.0397 4108  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:50:27.0444 4108  CryptSvc - ok
20:50:27.0475 4108  [ 48297BF3339BC56DD7D7524D7A1740AA ] DBService       C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
20:50:27.0491 4108  DBService ( UnsignedFile.Multi.Generic ) - warning
20:50:27.0491 4108  DBService - detected UnsignedFile.Multi.Generic (1)
20:50:27.0538 4108  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:50:27.0600 4108  DcomLaunch - ok
20:50:27.0631 4108  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:50:27.0678 4108  defragsvc - ok
20:50:27.0709 4108  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:50:27.0756 4108  DfsC - ok
20:50:27.0772 4108  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:50:27.0803 4108  Dhcp - ok
20:50:27.0818 4108  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:50:27.0865 4108  discache - ok
20:50:27.0881 4108  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:50:27.0896 4108  Disk - ok
20:50:27.0974 4108  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
20:50:27.0990 4108  DKbFltr - ok
20:50:28.0052 4108  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:50:28.0068 4108  Dnscache - ok
20:50:28.0099 4108  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:50:28.0146 4108  dot3svc - ok
20:50:28.0177 4108  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:50:28.0224 4108  DPS - ok
20:50:28.0240 4108  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:50:28.0271 4108  drmkaud - ok
20:50:28.0318 4108  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:50:28.0349 4108  DXGKrnl - ok
20:50:28.0380 4108  EagleX64 - ok
20:50:28.0411 4108  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:50:28.0474 4108  EapHost - ok
20:50:28.0552 4108  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:50:28.0676 4108  ebdrv - ok
20:50:28.0770 4108  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:50:28.0786 4108  eeCtrl - ok
20:50:28.0817 4108  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:50:28.0848 4108  EFS - ok
20:50:28.0910 4108  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:50:28.0942 4108  ehRecvr - ok
20:50:28.0957 4108  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:50:28.0988 4108  ehSched - ok
20:50:29.0035 4108  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:50:29.0051 4108  elxstor - ok
20:50:29.0160 4108  [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:50:29.0176 4108  ePowerSvc - ok
20:50:29.0238 4108  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:50:29.0254 4108  EraserUtilRebootDrv - ok
20:50:29.0269 4108  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:50:29.0300 4108  ErrDev - ok
20:50:29.0347 4108  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:50:29.0410 4108  EventSystem - ok
20:50:29.0441 4108  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:50:29.0472 4108  exfat - ok
20:50:29.0519 4108  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:50:29.0581 4108  fastfat - ok
20:50:29.0612 4108  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:50:29.0659 4108  Fax - ok
20:50:29.0675 4108  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:50:29.0706 4108  fdc - ok
20:50:29.0722 4108  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:50:29.0768 4108  fdPHost - ok
20:50:29.0784 4108  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:50:29.0831 4108  FDResPub - ok
20:50:29.0846 4108  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:50:29.0862 4108  FileInfo - ok
20:50:29.0878 4108  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:50:29.0924 4108  Filetrace - ok
20:50:29.0987 4108  [ B9963C336A2BF054520DC09CE7C81476 ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
20:50:30.0018 4108  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
20:50:30.0018 4108  FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
20:50:30.0065 4108  [ DB8EE43C90536A07D4BA481079AE214C ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
20:50:30.0158 4108  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
20:50:30.0158 4108  FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
20:50:30.0205 4108  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:50:30.0221 4108  FLEXnet Licensing Service - ok
20:50:30.0236 4108  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:50:30.0268 4108  flpydisk - ok
20:50:30.0299 4108  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:50:30.0314 4108  FltMgr - ok
20:50:30.0361 4108  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:50:30.0424 4108  FontCache - ok
20:50:30.0470 4108  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:50:30.0486 4108  FontCache3.0.0.0 - ok
20:50:30.0517 4108  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:50:30.0533 4108  FsDepends - ok
20:50:30.0564 4108  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:50:30.0580 4108  Fs_Rec - ok
20:50:30.0611 4108  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:50:30.0626 4108  fvevol - ok
20:50:30.0658 4108  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:50:30.0673 4108  gagp30kx - ok
20:50:30.0720 4108  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:50:30.0736 4108  GEARAspiWDM - ok
20:50:30.0767 4108  [ 022807B149127B8FAA3DBEB13A7D9B41 ] GenericMount    C:\Windows\system32\DRIVERS\GenericMount.sys
20:50:30.0782 4108  GenericMount - ok
20:50:30.0814 4108  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:50:30.0876 4108  gpsvc - ok
20:50:30.0954 4108  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:50:30.0970 4108  gupdate - ok
20:50:31.0016 4108  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:50:31.0032 4108  gupdatem - ok
20:50:31.0048 4108  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:50:31.0079 4108  hcw85cir - ok
20:50:31.0126 4108  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:50:31.0141 4108  HdAudAddService - ok
20:50:31.0172 4108  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:50:31.0188 4108  HDAudBus - ok
20:50:31.0219 4108  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:50:31.0250 4108  HidBatt - ok
20:50:31.0250 4108  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:50:31.0282 4108  HidBth - ok
20:50:31.0282 4108  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:50:31.0313 4108  HidIr - ok
20:50:31.0328 4108  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:50:31.0391 4108  hidserv - ok
20:50:31.0422 4108  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:50:31.0438 4108  HidUsb - ok
20:50:31.0469 4108  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:50:31.0516 4108  hkmsvc - ok
20:50:31.0531 4108  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:50:31.0578 4108  HomeGroupListener - ok
20:50:31.0609 4108  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:50:31.0640 4108  HomeGroupProvider - ok
20:50:31.0718 4108  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:50:31.0718 4108  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:50:31.0718 4108  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:50:31.0750 4108  [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:50:31.0765 4108  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:50:31.0765 4108  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:50:31.0796 4108  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:50:31.0812 4108  HpSAMD - ok
20:50:31.0859 4108  [ 2ADF33F93991C4E24E86FFA5F906417B ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:50:31.0890 4108  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
20:50:31.0890 4108  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
20:50:31.0937 4108  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:50:32.0015 4108  HTTP - ok
20:50:32.0030 4108  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:50:32.0046 4108  hwpolicy - ok
20:50:32.0077 4108  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:50:32.0093 4108  i8042prt - ok
20:50:32.0124 4108  [ 88D26E2881646FAD2B2114CF8C75FC3C ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:50:32.0140 4108  iaStor - ok
20:50:32.0202 4108  [ E649C7C8591D71A0489E356402D16F4C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:50:32.0218 4108  IAStorDataMgrSvc - ok
20:50:32.0264 4108  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:50:32.0296 4108  iaStorV - ok
20:50:32.0358 4108  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:50:32.0389 4108  idsvc - ok
20:50:32.0545 4108  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130404.001\IDSvia64.sys
20:50:32.0576 4108  IDSVia64 - ok
20:50:32.0717 4108  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:50:32.0888 4108  igfx - ok
20:50:32.0888 4108  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:50:32.0904 4108  iirsp - ok
20:50:32.0951 4108  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:50:33.0013 4108  IKEEXT - ok
20:50:33.0107 4108  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:50:33.0247 4108  IntcAzAudAddService - ok
20:50:33.0278 4108  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:50:33.0294 4108  intelide - ok
20:50:33.0325 4108  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:50:33.0341 4108  intelppm - ok
20:50:33.0372 4108  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:50:33.0419 4108  IPBusEnum - ok
20:50:33.0450 4108  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:50:33.0497 4108  IpFilterDriver - ok
20:50:33.0544 4108  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:50:33.0590 4108  iphlpsvc - ok
20:50:33.0622 4108  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:50:33.0637 4108  IPMIDRV - ok
20:50:33.0668 4108  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:50:33.0715 4108  IPNAT - ok
20:50:33.0809 4108  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:50:33.0824 4108  iPod Service - ok
20:50:33.0856 4108  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:50:33.0887 4108  IRENUM - ok
20:50:33.0902 4108  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:50:33.0918 4108  isapnp - ok
20:50:33.0949 4108  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:50:33.0965 4108  iScsiPrt - ok
20:50:34.0012 4108  [ 9A0A9708E73B91EE502D79719EA34450 ] ISODrive        C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
20:50:34.0027 4108  ISODrive - ok
20:50:34.0058 4108  [ 1C6D68A0BF108A5B3D40B2E84AE3CCDA ] IvtBtBUs        C:\Windows\system32\Drivers\IvtBtBus.sys
20:50:34.0074 4108  IvtBtBUs - ok
20:50:34.0105 4108  [ 3C20F584BEF50C26D1B198039658A80C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:50:34.0136 4108  k57nd60a - ok
20:50:34.0152 4108  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:50:34.0168 4108  kbdclass - ok
20:50:34.0199 4108  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:50:34.0214 4108  kbdhid - ok
20:50:34.0230 4108  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:50:34.0261 4108  KeyIso - ok
20:50:34.0261 4108  KMService - ok
20:50:34.0292 4108  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:50:34.0308 4108  KSecDD - ok
20:50:34.0355 4108  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:50:34.0370 4108  KSecPkg - ok
20:50:34.0417 4108  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:50:34.0464 4108  ksthunk - ok
20:50:34.0495 4108  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:50:34.0558 4108  KtmRm - ok
20:50:34.0573 4108  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
20:50:34.0604 4108  L1E - ok
20:50:34.0636 4108  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:50:34.0698 4108  LanmanServer - ok
20:50:34.0714 4108  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:50:34.0776 4108  LanmanWorkstation - ok
20:50:34.0807 4108  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
20:50:34.0823 4108  lirsgt - ok
20:50:34.0932 4108  [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
20:50:35.0041 4108  LiveUpdate - ok
20:50:35.0072 4108  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:50:35.0119 4108  lltdio - ok
20:50:35.0166 4108  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:50:35.0228 4108  lltdsvc - ok
20:50:35.0228 4108  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:50:35.0275 4108  lmhosts - ok
20:50:35.0291 4108  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:50:35.0322 4108  LSI_FC - ok
20:50:35.0322 4108  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:50:35.0338 4108  LSI_SAS - ok
20:50:35.0353 4108  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:50:35.0369 4108  LSI_SAS2 - ok
20:50:35.0369 4108  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:50:35.0384 4108  LSI_SCSI - ok
20:50:35.0416 4108  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:50:35.0462 4108  luafv - ok
20:50:35.0509 4108  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:50:35.0525 4108  MBAMProtector - ok
20:50:35.0603 4108  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:50:35.0618 4108  MBAMScheduler - ok
20:50:35.0665 4108  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:50:35.0681 4108  MBAMService - ok
20:50:35.0712 4108  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:50:35.0759 4108  Mcx2Svc - ok
20:50:35.0774 4108  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:50:35.0790 4108  megasas - ok
20:50:35.0806 4108  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:50:35.0821 4108  MegaSR - ok
20:50:35.0899 4108  Microsoft SharePoint Workspace Audit Service - ok
20:50:35.0930 4108  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:50:35.0993 4108  MMCSS - ok
20:50:36.0008 4108  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:50:36.0055 4108  Modem - ok
20:50:36.0086 4108  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:50:36.0118 4108  monitor - ok
20:50:36.0149 4108  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:50:36.0164 4108  mouclass - ok
20:50:36.0180 4108  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:50:36.0196 4108  mouhid - ok
20:50:36.0242 4108  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:50:36.0258 4108  mountmgr - ok
20:50:36.0320 4108  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:50:36.0336 4108  MozillaMaintenance - ok
20:50:36.0383 4108  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:50:36.0398 4108  mpio - ok
20:50:36.0445 4108  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:50:36.0476 4108  mpsdrv - ok
20:50:36.0508 4108  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:50:36.0570 4108  MpsSvc - ok
20:50:36.0601 4108  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:50:36.0648 4108  MRxDAV - ok
20:50:36.0664 4108  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:50:36.0695 4108  mrxsmb - ok
20:50:36.0742 4108  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:50:36.0773 4108  mrxsmb10 - ok
20:50:36.0773 4108  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:50:36.0804 4108  mrxsmb20 - ok
20:50:36.0820 4108  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
20:50:36.0835 4108  msahci - ok
20:50:36.0866 4108  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:50:36.0882 4108  msdsm - ok
20:50:36.0913 4108  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:50:36.0944 4108  MSDTC - ok
20:50:36.0991 4108  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:50:37.0038 4108  Msfs - ok
20:50:37.0054 4108  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:50:37.0100 4108  mshidkmdf - ok
20:50:37.0116 4108  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:50:37.0132 4108  msisadrv - ok
20:50:37.0147 4108  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:50:37.0210 4108  MSiSCSI - ok
20:50:37.0210 4108  msiserver - ok
20:50:37.0241 4108  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:50:37.0288 4108  MSKSSRV - ok
20:50:37.0303 4108  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:50:37.0350 4108  MSPCLOCK - ok
20:50:37.0350 4108  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:50:37.0412 4108  MSPQM - ok
20:50:37.0444 4108  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:50:37.0475 4108  MsRPC - ok
20:50:37.0506 4108  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:50:37.0522 4108  mssmbios - ok
20:50:37.0537 4108  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:50:37.0600 4108  MSTEE - ok
20:50:37.0600 4108  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:50:37.0631 4108  MTConfig - ok
20:50:37.0646 4108  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:50:37.0662 4108  Mup - ok
20:50:37.0709 4108  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:50:37.0771 4108  napagent - ok
20:50:37.0802 4108  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:50:37.0834 4108  NativeWifiP - ok
20:50:37.0896 4108  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130405.005\ENG64.SYS
20:50:37.0912 4108  NAVENG - ok
20:50:37.0974 4108  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130405.005\EX64.SYS
20:50:38.0021 4108  NAVEX15 - ok
20:50:38.0068 4108  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:50:38.0099 4108  NDIS - ok
20:50:38.0130 4108  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:50:38.0177 4108  NdisCap - ok
20:50:38.0208 4108  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:50:38.0255 4108  NdisTapi - ok
20:50:38.0270 4108  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:50:38.0317 4108  Ndisuio - ok
20:50:38.0333 4108  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:50:38.0380 4108  NdisWan - ok
20:50:38.0411 4108  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:50:38.0442 4108  NDProxy - ok
20:50:38.0489 4108  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:50:38.0520 4108  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:50:38.0520 4108  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:50:38.0551 4108  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:50:38.0598 4108  NetBIOS - ok
20:50:38.0614 4108  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:50:38.0660 4108  NetBT - ok
20:50:38.0676 4108  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:50:38.0692 4108  Netlogon - ok
20:50:38.0723 4108  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:50:38.0785 4108  Netman - ok
20:50:38.0894 4108  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:50:38.0910 4108  NetMsmqActivator - ok
20:50:38.0910 4108  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:50:38.0926 4108  NetPipeActivator - ok
20:50:38.0972 4108  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:50:39.0035 4108  netprofm - ok
20:50:39.0066 4108  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:50:39.0082 4108  NetTcpActivator - ok
20:50:39.0097 4108  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:50:39.0113 4108  NetTcpPortSharing - ok
20:50:39.0284 4108  [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
20:50:39.0518 4108  NETw5s64 - ok
20:50:39.0690 4108  [ BB470EBC4222E3749C9264F0646FC904 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
20:50:39.0893 4108  netw5v64 - ok
20:50:40.0298 4108  [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
20:50:40.0548 4108  NETwNs64 - ok
20:50:40.0579 4108  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:50:40.0595 4108  nfrd960 - ok
20:50:40.0751 4108  [ 241BD3019FB31E812A51B31B06906335 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
20:50:40.0766 4108  NIS - ok
20:50:40.0798 4108  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:50:40.0829 4108  NlaSvc - ok
20:50:40.0891 4108  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
20:50:40.0938 4108  nmwcd - ok
20:50:40.0985 4108  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
20:50:41.0016 4108  nmwcdc - ok
20:50:41.0063 4108  [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64    C:\Windows\system32\drivers\nmwcdnsucx64.sys
20:50:41.0110 4108  nmwcdnsucx64 - ok
20:50:41.0125 4108  [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
20:50:41.0157 4108  nmwcdnsux64 - ok
20:50:41.0188 4108  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:50:41.0219 4108  Npfs - ok
20:50:41.0250 4108  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:50:41.0313 4108  nsi - ok
20:50:41.0328 4108  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:50:41.0375 4108  nsiproxy - ok
20:50:41.0453 4108  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:50:41.0515 4108  Ntfs - ok
20:50:41.0531 4108  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:50:41.0593 4108  Null - ok
20:50:41.0625 4108  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:50:41.0640 4108  nvraid - ok
20:50:41.0656 4108  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:50:41.0671 4108  nvstor - ok
20:50:41.0703 4108  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:50:41.0734 4108  nv_agp - ok
20:50:41.0749 4108  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:50:41.0765 4108  ohci1394 - ok
20:50:41.0890 4108  [ 6AAF515829C68C2CC52994FBD32D3F6C ] OODefragAgent   C:\Program Files\OO Software\Defrag\oodag.exe
20:50:41.0937 4108  OODefragAgent - ok
20:50:42.0015 4108  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:50:42.0030 4108  ose - ok
20:50:42.0186 4108  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:50:42.0342 4108  osppsvc - ok
20:50:42.0389 4108  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:50:42.0420 4108  p2pimsvc - ok
20:50:42.0451 4108  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:50:42.0483 4108  p2psvc - ok
20:50:42.0498 4108  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:50:42.0529 4108  Parport - ok
20:50:42.0561 4108  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:50:42.0576 4108  partmgr - ok
20:50:42.0607 4108  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:50:42.0654 4108  PcaSvc - ok
20:50:42.0685 4108  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:50:42.0701 4108  pccsmcfd - ok
20:50:42.0748 4108  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:50:42.0763 4108  pci - ok
20:50:42.0779 4108  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:50:42.0795 4108  pciide - ok
20:50:42.0810 4108  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:50:42.0841 4108  pcmcia - ok
20:50:42.0841 4108  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:50:42.0857 4108  pcw - ok
20:50:42.0888 4108  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:50:42.0935 4108  PEAUTH - ok
20:50:43.0029 4108  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:50:43.0060 4108  PerfHost - ok
20:50:43.0122 4108  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:50:43.0231 4108  pla - ok
20:50:43.0247 4108  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:50:43.0278 4108  PlugPlay - ok
20:50:43.0309 4108  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:50:43.0325 4108  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:50:43.0325 4108  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:50:43.0356 4108  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:50:43.0403 4108  PNRPAutoReg - ok
20:50:43.0419 4108  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:50:43.0450 4108  PNRPsvc - ok
20:50:43.0481 4108  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:50:43.0543 4108  PolicyAgent - ok
20:50:43.0575 4108  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:50:43.0637 4108  Power - ok
20:50:43.0668 4108  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:50:43.0699 4108  PptpMiniport - ok
20:50:43.0731 4108  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:50:43.0746 4108  Processor - ok
20:50:43.0777 4108  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:50:43.0809 4108  ProfSvc - ok
20:50:43.0824 4108  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:50:43.0840 4108  ProtectedStorage - ok
20:50:43.0887 4108  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:50:43.0933 4108  Psched - ok
20:50:43.0965 4108  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:50:43.0980 4108  PxHlpa64 - ok
20:50:44.0027 4108  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:50:44.0105 4108  ql2300 - ok
20:50:44.0105 4108  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:50:44.0136 4108  ql40xx - ok
20:50:44.0167 4108  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:50:44.0199 4108  QWAVE - ok
20:50:44.0214 4108  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:50:44.0245 4108  QWAVEdrv - ok
20:50:44.0292 4108  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
20:50:44.0308 4108  RapiMgr - ok
20:50:44.0339 4108  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:50:44.0401 4108  RasAcd - ok
20:50:44.0433 4108  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:50:44.0479 4108  RasAgileVpn - ok
20:50:44.0511 4108  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:50:44.0557 4108  RasAuto - ok
20:50:44.0589 4108  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:50:44.0635 4108  Rasl2tp - ok
20:50:44.0667 4108  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:50:44.0713 4108  RasMan - ok
20:50:44.0745 4108  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:50:44.0791 4108  RasPppoe - ok
20:50:44.0807 4108  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:50:44.0854 4108  RasSstp - ok
20:50:44.0885 4108  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:50:44.0932 4108  rdbss - ok
20:50:44.0963 4108  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:50:44.0979 4108  rdpbus - ok
20:50:44.0994 4108  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:50:45.0041 4108  RDPCDD - ok
20:50:45.0057 4108  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:50:45.0088 4108  RDPENCDD - ok
20:50:45.0103 4108  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:50:45.0135 4108  RDPREFMP - ok
20:50:45.0197 4108  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:50:45.0244 4108  RdpVideoMiniport - ok
20:50:45.0259 4108  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:50:45.0291 4108  RDPWD - ok
20:50:45.0322 4108  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:50:45.0337 4108  rdyboost - ok
20:50:45.0384 4108  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:50:45.0447 4108  RemoteAccess - ok
20:50:45.0447 4108  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:50:45.0509 4108  RemoteRegistry - ok
20:50:45.0540 4108  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:50:45.0571 4108  RFCOMM - ok
20:50:45.0603 4108  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
20:50:45.0649 4108  ROOTMODEM - ok
20:50:45.0696 4108  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:50:45.0743 4108  RpcEptMapper - ok
20:50:45.0774 4108  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:50:45.0790 4108  RpcLocator - ok
20:50:45.0821 4108  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:50:45.0868 4108  RpcSs - ok
20:50:45.0915 4108  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:50:45.0961 4108  rspndr - ok
20:50:45.0993 4108  [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:50:46.0024 4108  RSUSBSTOR - ok
20:50:46.0071 4108  [ C20F64FCD5E2B40310A1774495877ACD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
20:50:46.0086 4108  RTHDMIAzAudService - ok
20:50:46.0086 4108  RtsUIR - ok
20:50:46.0117 4108  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:50:46.0133 4108  SamSs - ok
20:50:46.0180 4108  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:50:46.0195 4108  sbp2port - ok
20:50:46.0258 4108  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:50:46.0320 4108  SCardSvr - ok
20:50:46.0336 4108  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:50:46.0383 4108  scfilter - ok
20:50:46.0429 4108  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:50:46.0507 4108  Schedule - ok
20:50:46.0539 4108  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:50:46.0570 4108  SCPolicySvc - ok
20:50:46.0601 4108  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:50:46.0632 4108  sdbus - ok
20:50:46.0663 4108  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:50:46.0695 4108  SDRSVC - ok
20:50:46.0773 4108  [ 01B90DC259917B9E7002D039D0C46F05 ] SearchIodexer   C:\Windows\system32\hlink64.exe
20:50:46.0773 4108  SearchIodexer ( UnsignedFile.Multi.Generic ) - warning
20:50:46.0773 4108  SearchIodexer - detected UnsignedFile.Multi.Generic (1)
20:50:46.0804 4108  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:50:46.0866 4108  secdrv - ok
20:50:46.0882 4108  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:50:46.0944 4108  seclogon - ok
20:50:46.0960 4108  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:50:47.0022 4108  SENS - ok
20:50:47.0022 4108  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:50:47.0053 4108  SensrSvc - ok
20:50:47.0100 4108  [ 2CD118925F9CDF665F7C08AECD8177EF ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl64.sys
20:50:47.0131 4108  Ser2pl - ok
20:50:47.0147 4108  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:50:47.0163 4108  Serenum - ok
20:50:47.0178 4108  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:50:47.0194 4108  Serial - ok
20:50:47.0209 4108  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:50:47.0241 4108  sermouse - ok
20:50:47.0334 4108  [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:50:47.0365 4108  ServiceLayer - ok
20:50:47.0412 4108  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:50:47.0475 4108  SessionEnv - ok
20:50:47.0490 4108  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:50:47.0521 4108  sffdisk - ok
20:50:47.0521 4108  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:50:47.0568 4108  sffp_mmc - ok
20:50:47.0568 4108  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:50:47.0584 4108  sffp_sd - ok
20:50:47.0599 4108  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:50:47.0631 4108  sfloppy - ok
20:50:47.0677 4108  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:50:47.0724 4108  SharedAccess - ok
20:50:47.0755 4108  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:50:47.0818 4108  ShellHWDetection - ok
20:50:47.0849 4108  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:50:47.0865 4108  SiSRaid2 - ok
20:50:47.0880 4108  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:50:47.0896 4108  SiSRaid4 - ok
20:50:47.0911 4108  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:50:47.0958 4108  Smb - ok
20:50:48.0005 4108  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:50:48.0021 4108  SNMPTRAP - ok
20:50:48.0052 4108  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:50:48.0067 4108  spldr - ok
20:50:48.0114 4108  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:50:48.0161 4108  Spooler - ok
20:50:48.0270 4108  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:50:48.0395 4108  sppsvc - ok
20:50:48.0426 4108  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:50:48.0473 4108  sppuinotify - ok
20:50:48.0520 4108  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
20:50:48.0535 4108  sptd - ok
20:50:48.0645 4108  [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1403000.024\SRTSP64.SYS
20:50:48.0676 4108  SRTSP - ok
20:50:48.0691 4108  [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX          C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS
20:50:48.0691 4108  SRTSPX - ok
20:50:48.0723 4108  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:50:48.0769 4108  srv - ok
20:50:48.0801 4108  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:50:48.0832 4108  srv2 - ok
20:50:48.0879 4108  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:50:48.0910 4108  SrvHsfHDA - ok
20:50:48.0957 4108  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:50:49.0050 4108  SrvHsfV92 - ok
20:50:49.0113 4108  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:50:49.0144 4108  SrvHsfWinac - ok
20:50:49.0175 4108  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:50:49.0206 4108  srvnet - ok
20:50:49.0237 4108  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:50:49.0300 4108  SSDPSRV - ok
20:50:49.0331 4108  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:50:49.0378 4108  SstpSvc - ok
20:50:49.0518 4108  [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
20:50:49.0534 4108  StarMoney 8.0 OnlineUpdate - ok
20:50:49.0643 4108  [ E71F906E7994A9403D7C5A8CE5C5F583 ] StarMoney 9.0 OnlineUpdate C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
20:50:49.0659 4108  StarMoney 9.0 OnlineUpdate - ok
20:50:49.0705 4108  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:50:49.0721 4108  stexstor - ok
20:50:49.0768 4108  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:50:49.0799 4108  StillCam - ok
20:50:49.0861 4108  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:50:49.0908 4108  stisvc - ok
20:50:49.0924 4108  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:50:49.0939 4108  swenum - ok
20:50:49.0986 4108  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:50:50.0064 4108  swprv - ok
20:50:50.0127 4108  [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS           C:\Windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS
20:50:50.0142 4108  SymDS - ok
20:50:50.0205 4108  [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA          C:\Windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS
20:50:50.0267 4108  SymEFA - ok
20:50:50.0314 4108  [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:50:50.0329 4108  SymEvent - ok
20:50:50.0361 4108  [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON         C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS
20:50:50.0376 4108  SymIRON - ok
20:50:50.0423 4108  [ 1605EBD8CB86AFC4430116065995279A ] SymNetS         C:\Windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS
20:50:50.0454 4108  SymNetS - ok
20:50:50.0563 4108  [ AA0881F8FAC7E8283F28A243C349B5D6 ] SynoDrService   C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
20:50:50.0579 4108  SynoDrService - ok
20:50:50.0626 4108  [ 0A535B4F638D5BBCF3EE6C997BF33892 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:50:50.0641 4108  SynTP - ok
20:50:50.0688 4108  [ 7C24FA401C5BBFEA8553ABC4DB983E83 ] SynUSB64        C:\Windows\system32\DRIVERS\SynUSB64.sys
20:50:50.0704 4108  SynUSB64 - ok
20:50:50.0782 4108  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:50:50.0860 4108  SysMain - ok
20:50:50.0891 4108  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:50:50.0938 4108  TabletInputService - ok
20:50:50.0953 4108  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:50:51.0000 4108  TapiSrv - ok
20:50:51.0016 4108  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:50:51.0078 4108  TBS - ok
20:50:51.0156 4108  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:50:51.0234 4108  Tcpip - ok
20:50:51.0281 4108  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:50:51.0328 4108  TCPIP6 - ok
20:50:51.0375 4108  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:50:51.0390 4108  tcpipreg - ok
20:50:51.0421 4108  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:50:51.0453 4108  TDPIPE - ok
20:50:51.0484 4108  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:50:51.0499 4108  TDTCP - ok
20:50:51.0562 4108  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:50:51.0593 4108  tdx - ok
20:50:51.0624 4108  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:50:51.0640 4108  TermDD - ok
20:50:51.0671 4108  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:50:51.0749 4108  TermService - ok
20:50:51.0780 4108  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:50:51.0811 4108  Themes - ok
20:50:51.0843 4108  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:50:51.0889 4108  THREADORDER - ok
20:50:51.0921 4108  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:50:51.0983 4108  TrkWks - ok
20:50:52.0030 4108  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:50:52.0092 4108  TrustedInstaller - ok
20:50:52.0108 4108  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:50:52.0155 4108  tssecsrv - ok
20:50:52.0217 4108  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:50:52.0248 4108  TsUsbFlt - ok
20:50:52.0279 4108  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:50:52.0326 4108  tunnel - ok
20:50:52.0357 4108  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:50:52.0373 4108  uagp35 - ok
20:50:52.0420 4108  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:50:52.0467 4108  udfs - ok
20:50:52.0513 4108  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:50:52.0545 4108  UI0Detect - ok
20:50:52.0607 4108  [ 90EB009FB4EBFD70B51A771876CAA160 ] ui11rdr         C:\Windows\system32\DRIVERS\ui11rdr.sys
20:50:52.0623 4108  ui11rdr - ok
20:50:52.0701 4108  [ 34859D3801F4BD3DACFA131DD928455A ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
20:50:52.0716 4108  UimBus - ok
20:50:52.0763 4108  [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
20:50:52.0794 4108  Uim_IM - ok
20:50:52.0810 4108  [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
20:50:52.0825 4108  Uim_VIM - ok
20:50:52.0857 4108  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:50:52.0872 4108  uliagpkx - ok
20:50:52.0903 4108  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:50:52.0935 4108  umbus - ok
20:50:52.0950 4108  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:50:52.0966 4108  UmPass - ok
20:50:53.0013 4108  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:50:53.0075 4108  upnphost - ok
20:50:53.0122 4108  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:50:53.0153 4108  upperdev - ok
20:50:53.0200 4108  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:50:53.0247 4108  USBAAPL64 - ok
20:50:53.0278 4108  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:50:53.0309 4108  usbaudio - ok
20:50:53.0340 4108  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:50:53.0371 4108  usbccgp - ok
20:50:53.0371 4108  USBCCID - ok
20:50:53.0418 4108  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:50:53.0434 4108  usbcir - ok
20:50:53.0512 4108  [ 6AF12011C88C80920D0543616E107CFF ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
20:50:53.0527 4108  UsbClientService ( UnsignedFile.Multi.Generic ) - warning
20:50:53.0527 4108  UsbClientService - detected UnsignedFile.Multi.Generic (1)
20:50:53.0559 4108  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:50:53.0574 4108  usbehci - ok
20:50:53.0621 4108  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:50:53.0652 4108  usbhub - ok
20:50:53.0683 4108  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:50:53.0699 4108  usbohci - ok
20:50:53.0715 4108  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:50:53.0746 4108  usbprint - ok
20:50:53.0761 4108  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
20:50:53.0793 4108  usbser - ok
20:50:53.0824 4108  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:50:53.0855 4108  UsbserFilt - ok
20:50:53.0871 4108  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:50:53.0902 4108  USBSTOR - ok
20:50:53.0933 4108  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:50:53.0964 4108  usbuhci - ok
20:50:54.0011 4108  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:50:54.0042 4108  usbvideo - ok
20:50:54.0105 4108  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:50:54.0167 4108  UxSms - ok
20:50:54.0198 4108  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:50:54.0214 4108  VaultSvc - ok
20:50:54.0229 4108  VComm - ok
20:50:54.0245 4108  VcommMgr - ok
20:50:54.0292 4108  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:50:54.0307 4108  vdrvroot - ok
20:50:54.0339 4108  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:50:54.0432 4108  vds - ok
20:50:54.0463 4108  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:50:54.0479 4108  vga - ok
20:50:54.0510 4108  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:50:54.0557 4108  VgaSave - ok
20:50:54.0573 4108  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:50:54.0604 4108  vhdmp - ok
20:50:54.0604 4108  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:50:54.0619 4108  viaide - ok
20:50:54.0635 4108  VMnetAdapter - ok
20:50:54.0651 4108  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:50:54.0666 4108  volmgr - ok
20:50:54.0682 4108  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:50:54.0713 4108  volmgrx - ok
20:50:54.0713 4108  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:50:54.0744 4108  volsnap - ok
20:50:54.0760 4108  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:50:54.0775 4108  vsmraid - ok
20:50:54.0853 4108  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:50:54.0947 4108  VSS - ok
20:50:54.0978 4108  vstor2-p2v30 - ok
20:50:54.0994 4108  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:50:55.0025 4108  vwifibus - ok
20:50:55.0041 4108  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:50:55.0087 4108  vwififlt - ok
20:50:55.0103 4108  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:50:55.0119 4108  vwifimp - ok
20:50:55.0165 4108  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:50:55.0228 4108  W32Time - ok
20:50:55.0259 4108  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:50:55.0306 4108  WacomPen - ok
20:50:55.0337 4108  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:50:55.0384 4108  WANARP - ok
20:50:55.0384 4108  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:50:55.0431 4108  Wanarpv6 - ok
20:50:55.0477 4108  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:50:55.0555 4108  wbengine - ok
20:50:55.0587 4108  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:50:55.0618 4108  WbioSrvc - ok
20:50:55.0649 4108  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
20:50:55.0665 4108  WcesComm - ok
20:50:55.0680 4108  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:50:55.0727 4108  wcncsvc - ok
20:50:55.0758 4108  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:50:55.0789 4108  WcsPlugInService - ok
20:50:55.0821 4108  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:50:55.0836 4108  Wd - ok
20:50:55.0899 4108  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:50:55.0930 4108  Wdf01000 - ok
20:50:55.0945 4108  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:50:55.0992 4108  WdiServiceHost - ok
20:50:55.0992 4108  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:50:56.0023 4108  WdiSystemHost - ok
20:50:56.0055 4108  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:50:56.0101 4108  WebClient - ok
20:50:56.0148 4108  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:50:56.0211 4108  Wecsvc - ok
20:50:56.0211 4108  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:50:56.0273 4108  wercplsupport - ok
20:50:56.0289 4108  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:50:56.0351 4108  WerSvc - ok
20:50:56.0382 4108  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:50:56.0413 4108  WfpLwf - ok
20:50:56.0445 4108  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:50:56.0460 4108  WIMMount - ok
20:50:56.0491 4108  WinDefend - ok
20:50:56.0616 4108  [ 84D7AF0A5B2E5AC36941E5A9F33C1850 ] WinFLdrv        C:\Windows\syswow64\WinFLdrv.sys
20:50:56.0616 4108  Suspicious file (Hidden): C:\Windows\syswow64\WinFLdrv.sys. md5: 84D7AF0A5B2E5AC36941E5A9F33C1850
20:50:56.0647 4108  WinFLdrv ( HiddenFile.Multi.Generic ) - warning
20:50:56.0647 4108  WinFLdrv - detected HiddenFile.Multi.Generic (1)
20:50:56.0679 4108  WinHttpAutoProxySvc - ok
20:50:56.0741 4108  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:50:56.0788 4108  Winmgmt - ok
20:50:56.0866 4108  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:50:56.0975 4108  WinRM - ok
20:50:57.0037 4108  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:50:57.0069 4108  WinUsb - ok
20:50:57.0100 4108  [ 8938DA7B728AD4987DF3E5C0FE22A24E ] WinVd32         C:\Windows\WinVd32.sys
20:50:57.0115 4108  WinVd32 - ok
20:50:57.0162 4108  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:50:57.0209 4108  Wlansvc - ok
20:50:57.0240 4108  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:50:57.0271 4108  WmiAcpi - ok
20:50:57.0303 4108  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:50:57.0334 4108  wmiApSrv - ok
20:50:57.0365 4108  WMPNetworkSvc - ok
20:50:57.0381 4108  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:50:57.0427 4108  WPCSvc - ok
20:50:57.0443 4108  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:50:57.0474 4108  WPDBusEnum - ok
20:50:57.0505 4108  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:50:57.0552 4108  ws2ifsl - ok
20:50:57.0599 4108  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:50:57.0646 4108  wscsvc - ok
20:50:57.0646 4108  WSearch - ok
20:50:57.0724 4108  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:50:57.0802 4108  wuauserv - ok
20:50:57.0833 4108  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:50:57.0880 4108  WudfPf - ok
20:50:57.0911 4108  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:50:57.0927 4108  WUDFRd - ok
20:50:57.0958 4108  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:50:57.0989 4108  wudfsvc - ok
20:50:58.0036 4108  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:50:58.0083 4108  WwanSvc - ok
20:50:58.0129 4108  ================ Scan global ===============================
20:50:58.0176 4108  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:50:58.0223 4108  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:50:58.0239 4108  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:50:58.0285 4108  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:50:58.0332 4108  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:50:58.0332 4108  [Global] - ok
20:50:58.0332 4108  ================ Scan MBR ==================================
20:50:58.0348 4108  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:50:58.0691 4108  \Device\Harddisk0\DR0 - ok
20:50:58.0691 4108  ================ Scan VBR ==================================
20:50:58.0691 4108  [ 8B0D31AA39380AF8334BDBB7E1ECE41A ] \Device\Harddisk0\DR0\Partition1
20:50:58.0691 4108  \Device\Harddisk0\DR0\Partition1 - ok
20:50:58.0738 4108  [ 6CA6B1ABC6198C522B049C33A31B0923 ] \Device\Harddisk0\DR0\Partition2
20:50:58.0738 4108  \Device\Harddisk0\DR0\Partition2 - ok
20:50:58.0769 4108  [ 113F3CD8F10FD2718FEFB25F67CE7A6D ] \Device\Harddisk0\DR0\Partition3
20:50:58.0769 4108  \Device\Harddisk0\DR0\Partition3 - ok
20:50:58.0769 4108  ============================================================
20:50:58.0769 4108  Scan finished
20:50:58.0769 4108  ============================================================
20:50:58.0785 3636  Detected object count: 11
20:50:58.0785 3636  Actual detected object count: 11
20:51:42.0716 3636  DBService ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0716 3636  DBService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0716 3636  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0716 3636  FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0716 3636  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0716 3636  FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0716 3636  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0716 3636  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0716 3636  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0716 3636  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0716 3636  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0716 3636  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0732 3636  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0732 3636  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0732 3636  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0732 3636  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0732 3636  SearchIodexer ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0732 3636  SearchIodexer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0732 3636  UsbClientService ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:42.0732 3636  UsbClientService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:51:42.0732 3636  WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
20:51:42.0732 3636  WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip 
20:51:44.0791 0760  Deinitialize success
         
Hallo Cosinus,

leider bin ich die nächsten Tage (bis Samstag) nicht online.
Besten Dank aber schonmal im Voraus, ich melde mich dann wieder.

Tausend Dank

NewtonZ4

Mir ist noch folgendes aufgefallen...

Sobald ich den aktiven Schutz von Malwarebytes Anti-Malware ausschalte und der Zugriff von dem Prozess hlink64.exe nicht mehr blockiert wird, stürzt Firefox ständig ab.
Wir der Prozess hlink64.exe geblockt, so stürzt Firefox auch nicht mehr ab.

Merkwürdig, oder????

Code:
ATTFilter
2013/04/05 09:19:28 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51537, Process: hlink64.exe)
2013/04/05 10:15:36 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51562, Process: hlink64.exe)
2013/04/05 10:15:36 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51563, Process: hlink64.exe)
2013/04/05 10:15:36 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51564, Process: hlink64.exe)
2013/04/05 10:15:36 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51565, Process: hlink64.exe)
2013/04/05 10:17:48 +0200	USER0815-PC	User0815	MESSAGE	Starting database refresh
2013/04/05 10:17:48 +0200	USER0815-PC	User0815	MESSAGE	Stopping IP protection
2013/04/05 10:17:49 +0200	USER0815-PC	User0815	MESSAGE	IP Protection stopped successfully
2013/04/05 10:17:54 +0200	USER0815-PC	User0815	MESSAGE	Database refreshed successfully
2013/04/05 10:17:54 +0200	USER0815-PC	User0815	MESSAGE	Starting IP protection
2013/04/05 10:18:11 +0200	USER0815-PC	User0815	MESSAGE	IP Protection started successfully
2013/04/05 10:26:42 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51667, Process: hlink64.exe)
2013/04/05 10:26:42 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51668, Process: hlink64.exe)
2013/04/05 10:26:42 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51669, Process: hlink64.exe)
2013/04/05 10:26:42 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51670, Process: hlink64.exe)
2013/04/05 10:37:45 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51685, Process: hlink64.exe)
2013/04/05 10:37:45 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51687, Process: hlink64.exe)
2013/04/05 10:37:45 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51688, Process: hlink64.exe)
2013/04/05 10:37:45 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51689, Process: hlink64.exe)
2013/04/05 10:48:39 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51748, Process: hlink64.exe)
2013/04/05 10:48:39 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51749, Process: hlink64.exe)
2013/04/05 10:48:39 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51750, Process: hlink64.exe)
2013/04/05 10:48:39 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51751, Process: hlink64.exe)
2013/04/05 10:59:26 +0200	USER0815-PC	(null)	MESSAGE	Starting protection
2013/04/05 10:59:26 +0200	USER0815-PC	(null)	MESSAGE	Protection started successfully
2013/04/05 10:59:26 +0200	USER0815-PC	(null)	MESSAGE	Starting IP protection
2013/04/05 10:59:53 +0200	USER0815-PC	User0815	MESSAGE	IP Protection started successfully
2013/04/05 11:01:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49174, Process: hlink64.exe)
2013/04/05 11:01:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49175, Process: hlink64.exe)
2013/04/05 11:01:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49176, Process: hlink64.exe)
2013/04/05 11:01:00 +0200	USER0815-PC	User0815	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49177, Process: hlink64.exe)
2013/04/05 11:01:05 +0200	USER0815-PC	User0815	MESSAGE	Stopping protection
2013/04/05 11:01:05 +0200	USER0815-PC	User0815	MESSAGE	Protection stopped successfully
2013/04/05 11:01:05 +0200	USER0815-PC	User0815	MESSAGE	Stopping IP protection
2013/04/05 11:01:06 +0200	USER0815-PC	User0815	MESSAGE	IP Protection stopped successfully
2013/04/05 11:01:07 +0200	USER0815-PC	User0815	MESSAGE	Protection stopped
2013/04/05 17:51:35 +0200	USER0815-PC	User0815	MESSAGE	Starting protection
2013/04/05 17:51:35 +0200	USER0815-PC	User0815	MESSAGE	Protection started successfully
2013/04/05 17:51:35 +0200	USER0815-PC	User0815	MESSAGE	Starting IP protection
2013/04/05 17:51:50 +0200	USER0815-PC	User0815	MESSAGE	IP Protection started successfully
         
So, habe den aswMBR Scanner jetzt mit der Einstellung AV Scann: (none) durchgeführt.

Anliegend das Ergebniss...

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-06 22:13:48
-----------------------------
22:13:48.124    OS Version: Windows x64 6.1.7601 Service Pack 1
22:13:48.124    Number of processors: 2 586 0x170A
22:13:48.124    ComputerName: USER0815-PC  UserName: User0815
22:13:49.731    Initialize success
22:13:59.138    AVAST engine defs: 13040500
22:14:18.825    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:14:18.825    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
22:14:18.966    Disk 0 MBR read successfully
22:14:18.981    Disk 0 MBR scan
22:14:18.981    Disk 0 Windows VISTA default MBR code
22:14:18.997    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13000 MB offset 2048
22:14:19.012    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 26626048
22:14:19.028    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       311923 MB offset 26830848
22:14:19.028    Disk 0 Partition - 00     0F Extended LBA            285454 MB offset 665651200
22:14:19.059    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       285453 MB offset 665653248
22:14:19.246    Disk 0 scanning C:\Windows\system32\drivers
22:14:31.760    Service scanning
22:15:03.287    Modules scanning
22:15:03.287    Disk 0 trace - called modules:
22:15:03.318    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
22:15:03.318    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048db580]
22:15:03.318    3 CLASSPNP.SYS[fffff88000e6143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046f0050]
22:15:03.334    Scan finished successfully
22:15:42.552    Disk 0 MBR has been saved successfully to "C:\Users\User0815\Desktop\MBR.dat"
22:15:42.552    The log file has been saved successfully to "C:\Users\User0815\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-06 22:13:48
-----------------------------
22:13:48.124    OS Version: Windows x64 6.1.7601 Service Pack 1
22:13:48.124    Number of processors: 2 586 0x170A
22:13:48.124    ComputerName: USER0815-PC  UserName: User0815
22:13:49.731    Initialize success
22:13:59.138    AVAST engine defs: 13040500
22:14:18.825    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:14:18.825    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
22:14:18.966    Disk 0 MBR read successfully
22:14:18.981    Disk 0 MBR scan
22:14:18.981    Disk 0 Windows VISTA default MBR code
22:14:18.997    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13000 MB offset 2048
22:14:19.012    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 26626048
22:14:19.028    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       311923 MB offset 26830848
22:14:19.028    Disk 0 Partition - 00     0F Extended LBA            285454 MB offset 665651200
22:14:19.059    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       285453 MB offset 665653248
22:14:19.246    Disk 0 scanning C:\Windows\system32\drivers
22:14:31.760    Service scanning
22:15:03.287    Modules scanning
22:15:03.287    Disk 0 trace - called modules:
22:15:03.318    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
22:15:03.318    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048db580]
22:15:03.318    3 CLASSPNP.SYS[fffff88000e6143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046f0050]
22:15:03.334    Scan finished successfully
22:15:42.552    Disk 0 MBR has been saved successfully to "C:\Users\User0815\Desktop\MBR.dat"
22:15:42.552    The log file has been saved successfully to "C:\Users\User0815\Desktop\aswMBR.txt"
22:16:25.267    Disk 0 MBR has been saved successfully to "C:\Users\User0815\Desktop\MBR.dat"
22:16:25.282    The log file has been saved successfully to "C:\Users\User0815\Desktop\aswMBR.txt"
         

Alt 07.04.2013, 01:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2013, 11:01   #11
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Guten Morgen cosinus

anliegen der Log von ComboFix.

Bin dann erstmal bis Samstag offline. Bitte nicht wundern, wenn ich mich die Tage nicht melde.

Code:
ATTFilter
ComboFix 13-04-06.02 - User0815 07.04.2013  10:27:23.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2832 [GMT 2:00]
ausgeführt von:: c:\users\User0815\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\1&1
c:\programdata\1&1\1&1 SmartFax\Settings.xml
c:\programdata\1&1\1&1 Upload-Manager\ULMSettings.xml
c:\programdata\Microsoft\Windows\Msnetlog64.dll
c:\users\User0815\AppData\Local\assembly\tmp
c:\users\User0815\AppData\Roaming\.#
c:\users\User0815\AppData\Roaming\1&1
c:\users\User0815\AppData\Roaming\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\users\User0815\AppData\Roaming\1&1\1&1 SmartFax\Settings.xml
c:\users\User0815\AppData\Roaming\1&1\1&1 Upload-Manager\ULMSettings.xml
c:\windows\Downloaded Program Files\tgctlsr.dll
c:\windows\IsUn0407.exe
c:\windows\SysWow64\CoolXPProgress.ocx
c:\windows\wininit.ini
c:\windows\XSxS
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-07 bis 2013-04-07  ))))))))))))))))))))))))))))))
.
.
2013-04-07 08:38 . 2013-04-07 08:38	--------	d-----w-	c:\users\Kinder\AppData\Local\temp
2013-04-07 08:38 . 2013-04-07 08:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-06 20:31 . 2013-04-06 20:31	--------	d-----w-	c:\users\User0815\AppData\Roaming\LavasoftStatistics
2013-04-06 20:28 . 2013-04-06 20:28	--------	d-----w-	c:\programdata\blekko toolbars
2013-04-06 20:28 . 2013-04-06 20:28	--------	d-----w-	c:\users\User0815\AppData\Local\adawarebp
2013-04-06 20:28 . 2013-04-06 20:28	--------	d-----w-	c:\programdata\Ad-Aware Browsing Protection
2013-04-06 20:28 . 2013-04-06 20:28	--------	d-----w-	c:\program files (x86)\adawaretb
2013-04-06 20:28 . 2013-04-06 20:28	--------	d-----w-	c:\program files (x86)\Toolbar Cleaner
2013-04-06 20:26 . 2013-04-06 20:26	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-04-03 11:46 . 2013-04-03 11:46	--------	d-----w-	c:\program files (x86)\FOXIT SOFTWARE
2013-03-30 17:01 . 2013-03-30 17:01	--------	d-----w-	c:\program files\CCleaner
2013-03-30 11:50 . 2013-03-30 11:50	--------	d-----w-	c:\program files (x86)\ESET
2013-03-30 11:26 . 2013-03-30 11:26	--------	d-----w-	c:\users\User0815\AppData\Roaming\Malwarebytes
2013-03-30 11:26 . 2013-03-30 11:26	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-30 11:26 . 2013-03-30 11:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-30 11:26 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-29 08:42 . 2013-03-29 08:42	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2013-03-28 17:34 . 2013-03-28 17:34	--------	d-----w-	c:\program files (x86)\Common Files\DataDesign
2013-03-28 16:51 . 2013-03-28 18:20	--------	d-----w-	c:\program files (x86)\QuickImmobilie2013
2013-03-27 14:17 . 2013-03-27 14:17	--------	d-----w-	c:\windows\SysWow64\Doerr
2013-03-27 14:15 . 2013-03-27 14:15	--------	d-----w-	C:\Serie
2013-03-27 14:15 . 2013-03-29 17:20	--------	d-----w-	c:\program files (x86)\Nebenkosten easy
2013-03-27 14:15 . 2008-04-14 02:22	30749	----a-w-	c:\windows\SysWow64\vbajet32.TAK
2013-03-27 14:15 . 2008-04-14 02:22	380445	----a-w-	c:\windows\SysWow64\expsrv.TAK
2013-03-27 14:13 . 2013-03-27 14:13	--------	d-----w-	c:\windows\system32\IO
2013-03-23 08:14 . 2013-04-03 11:13	--------	d-----w-	c:\users\User0815\AppData\Roaming\Foxit Software
2013-03-21 18:23 . 2013-03-21 18:23	--------	d-----w-	c:\programdata\StarMoney 9.0
2013-03-21 18:20 . 2013-04-03 17:19	--------	d-----w-	c:\program files (x86)\StarMoney 9.0
2013-03-16 16:04 . 2013-03-16 16:04	--------	d-----w-	c:\programdata\bbc
2013-03-16 16:03 . 2013-03-16 16:03	119808	----a-w-	c:\windows\system32\GFilterSvc.exe
2013-03-16 16:03 . 2013-03-16 16:03	118272	----a-w-	c:\windows\system32\hlink64.exe
2013-03-16 16:03 . 2011-05-13 12:16	493056	----a-w-	c:\windows\SysWow64\dhRichClient3.dll
2013-03-16 16:03 . 2011-03-25 20:42	338432	----a-w-	c:\windows\SysWow64\sqlite36_engine.dll
2013-03-16 15:09 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-16 15:07 . 2013-03-16 15:07	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 10:43 . 2013-03-15 10:43	--------	d-----w-	c:\users\User0815\AppData\Roaming\Buhl
2013-03-11 19:18 . 2013-03-11 19:18	--------	d-----w-	c:\users\User0815\AppData\Roaming\Sync App Settings
2013-03-11 19:18 . 2013-03-11 19:18	--------	d-----w-	c:\programdata\Sync App Settings
2013-03-11 19:17 . 2013-03-11 19:17	--------	d-----w-	c:\program files (x86)\Allway Sync
2013-03-08 17:33 . 2013-03-08 17:33	--------	d-----w-	c:\users\User0815\AppData\Local\Temp413ad452e24fcb7d17a027a796342310
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 08:00 . 2009-11-29 15:56	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-16 15:07 . 2012-10-27 07:51	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-03-16 15:07 . 2011-08-30 19:25	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-13 16:34 . 2012-04-15 15:46	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 16:34 . 2011-07-02 08:41	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-14 10:38	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 10:38	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 10:38	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 10:38	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 10:38	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 10:38	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-01-31 03:18 . 2013-02-27 10:24	432800	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\symnets.sys
2013-01-31 03:18 . 2013-02-27 10:24	1139800	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\symefa64.sys
2013-01-29 01:45 . 2013-02-27 10:24	796248	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\srtsp64.sys
2013-01-29 01:45 . 2013-02-27 10:24	36952	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\srtspx64.sys
2013-01-22 02:15 . 2013-02-27 10:24	493656	----a-w-	c:\windows\system32\drivers\NISx64\1403000.024\symds64.sys
2013-01-13 21:17 . 2013-02-26 22:23	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-26 22:23	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-26 22:23	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-26 22:23	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-26 22:23	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-26 22:23	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-26 22:23	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-26 22:23	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-26 22:23	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-26 22:23	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-26 22:23	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-26 22:23	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-26 22:23	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-26 22:23	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-26 22:23	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-26 22:23	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-26 22:23	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-26 22:23	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-26 22:23	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-26 22:23	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-26 22:23	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-26 22:23	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-26 22:23	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-26 22:23	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-26 22:23	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-26 22:23	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-26 22:23	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-26 22:23	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-26 22:23	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-26 22:23	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-26 22:23	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-26 22:23	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-26 22:23	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-26 22:23	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-26 22:23	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-26 22:23	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-26 22:23	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-26 22:23	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-26 22:23	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-26 22:23	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-26 22:23	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-26 22:23	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-26 22:23	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-26 22:23	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-26 22:23	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-26 22:23	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-26 22:23	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-26 22:23	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-26 22:23	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-26 22:23	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-26 22:23	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2000-07-14 22:00	136192	--sha-r-	c:\windows\SysWOW64\MSDERUN.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Data Replicator 3"="c:\program files (x86)\Synology Data Replicator  3\Backup.exe" [2012-06-28 11590528]
"1&1_1&1 Upload-Manager"="c:\program files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE" [2011-11-21 989264]
"Allway Sync"="c:\program files (x86)\Allway Sync\Bin\syncappw.exe" [2013-02-05 94416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-02-18 866824]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"WAREHaus easy"="c:\program files (x86)\Nebenkosten easy\UDT2.exe" /silent /wait 30
"<NO NAME>"=
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;c:\program files (x86)\VMware\VMware Converter\vstor2-p2v30.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 35848]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 54320]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 31624]
R3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-04-07 7680512]
R3 netw5v64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 64-Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2010-03-18 7525376]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SynUSB64;SynUSB64;c:\windows\system32\DRIVERS\SynUSB64.sys [2007-10-24 29432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
R4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
R4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-22 834544]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 24840]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-06 14456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS [2013-01-22 493656]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [2012-11-16 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSvia64.sys [2012-12-02 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [2012-11-16 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS [2013-01-31 432800]
S1 ui11rdr;ui11rdr;c:\windows\system32\DRIVERS\ui11rdr.sys [2011-11-21 199752]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 202752]
S2 BotkindSyncService;Botkind Service;c:\program files (x86)\Allway Sync\Bin\SyncService.exe service [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-05 844320]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-06-22 13632]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-09-18 3271496]
S2 SearchIodexer;ActiveX-Installer USB ActiveX-Installer;c:\windows\system32\hlink64.exe [2013-03-16 118272]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-12-21 699680]
S2 StarMoney 9.0 OnlineUpdate;StarMoney 9.0 OnlineUpdate;c:\program files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [2013-02-11 663184]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [2012-06-28 381312]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2011-02-18 245760]
S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-06-30 734720]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-15 138912]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2012-06-01 440360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:34]
.
2013-04-01 c:\windows\Tasks\Synology Data Replicator 3-User0815-PC-User0815.job
- c:\program files (x86)\Synology Data Replicator  3\Backup.exe [2012-06-28 09:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-09-18 3993416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\User0815\AppData\Roaming\Mozilla\Firefox\Profiles\ezwdy8e4.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-03-29 08:46; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn
FF - ExtSQL: 2013-03-29 09:37; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn
FF - ExtSQL: 2013-03-29 09:50; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\User0815\AppData\Roaming\Mozilla\Firefox\Profiles\ezwdy8e4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-SOE-Clone Wars - c:\users\Public\Sony Online Entertainment\Installed Games\Clone Wars\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*$*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ðý&*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM02.00.00.01PRO"="62EBC9B33E8FB4E4F33ADCE1DC1F19850A56013AF51D2D00EECAE6C22D0921A600F410238ACDBA178F624144A1BED7BA59758DBC4F667B1C84E2678D7F28EA0E34F349B08DB5DE9A2C26EEEC2BC63DCF828C190EDB316D4BE28BE2D7FD45B225DFE22DDA697E9B2255850C09148504355BBDDA27D0811EDACAACC387183591B7CB0EF29665F131107AD0C3B81BD9AD8B1B810EF586E9EE48FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DBA7FD869164D67948859EE480B486421D847E0B1C2BB5ED0AC84EC07112F238D970C7A018C1993EB47180A95DFC75BA93A077E28C56E40440093F1848E8983DE885E1E273C0ECC730BC75161AF69AA5B7A957441E2CF9E9F7F6D244E2EE0BFA1919D53152918E6899C32068513076A1327E2952349EDF19B24C786F65A18528937E1EEE7970CFA7E2475704D440D75DE37B13AE3506AF5A2CBA8A205A0A47600DF18CB336C5667D73483DAF824F9EB7F02983E13EE7A2B55386C06F13490AE225481467E34764ECF3F2112BAB6E4AFEDC20280B1436756860E433FAB687BC03FC233C0C41D7E96539AE96BBCA473E8D21C2DE4338D8DFD3D57B06595B91634DBBE9520F379176904054ABB1BB763028E912ED281B15FEFB4020C8E04C32756B13FE44FEF41FBB5379B04DEE3E1052A328A68B679BA613B5EDD025A414A0A3AAC9C33BB100F7AADF6E2AC321DB53BD404D499FEECD4ADB45C2191E60CB1AAB1ED9663D51F2176468041AF19BE6C8039801F50A02050F07306E58E5916858ED9C750AF945C5BE83B4603C8F9B2E05F5353806D124BA2ECD4E729215B05F2490CC4CDA4F07AC3DA896CD60C405B937860E16FA9CF9C64F579C0CA4419F3CB06EC227C22E82006EDF3CCD0DC590BA780E4C0488E5A3552F5C30492C9C2EF84835FCDA8DD7D68EFD200F4E776B88B64BF273BCBFB33A9CDE9DC5A29D20EFAB9138CED8561B4E275D2F827F865D5973892B3CF1E24E3045CE3B01E1AD8320BA71C62DA280898922D476B58C08D29DE3168D730490DF6BFA4086FDE59A7EC0BB01892220D02B7EE53A12BB1E3A2B20684C528C4B7927C4E75110D60BB5E7F585B9511829156A0E0C3E3CD91EA2FF52688C3FBA63BE28794BFCAC29A79EFACC5CFB697F0F7DCEBC984A5AC093F1178C9398EEC24068131EC97170B3831A5BD175DB22396E641327CB912675D327A44F137E5DA41B34513A2366B279A631C000975D1F4CFE985113EB0E85E0976EF6990C71D69B23D57CF77F7509BD1F6BF4449AEF413ACECFD2ACB56FB39B822CBF890CF1E7F6406B887A05FE42F2AB3D75E77418BC4F2435324D3BFB4E0CDB2BD8BCC5CE44974513AE3471058EF9AC6FAA72C8D1E1898"
"OODEFRAG12.00.00.01PROFESSIONAL"="9BE10136F3A0AC479114AC7D8F8D68C36827357E192E9DE59EF9F829A2AFA7F2F0B9BEC402788A4030691BBF73D56070A53AE7C5BE7EDA6FFE3249B273DFD0CDD7AAC64B34C5DB60C78F71C98FC188380683953EE9F090E39C3D89B57A0DAF862C457CB95649FC3CB87F611C07875B4D9402E494B553F9B14C3C712B6B37DFE82972487655DB879C4B05A7A820F39893418680E7630718FA44A7BC80FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DBA7FD869164D679419B9AF1C325784DCD0EC1824F4028549E3A24F8FB97F12D375207A8C87F1A2F94F3FCE348037CBF4D3B14B47975005EDEC918A48CD9C7C71A1BDA0DD896100C2270E0A06F6A171771354299D7848CD5F92AAD3B2AF1FC4C5329274290797E07DBDEA3830DA61B63BA72C4904AAD9B3C183F92408D8BBF0E31101EFA5812C1A47D72EF1035914E20CCDA607889F460FAF17A1B6322778884F4C7FCFB9608D8533D93F968400ABC02A634302EBB225BAB443560D52DBB29805969695836DFB82C9D0A1C7EE446C9E4A6D951CA69D6097522861EA3A9C1AB1F1C3E50752570CF0056AE6EBAE7C724F9315C6FD620338097E04A1D7F173B168F6CE212CAA302736537A352C65E22A2BA2241411FE66BD75A03D06A0B4CBD1D56BD60C5146EF0ABC98F7497868195509088C4B060DAFD8C996DC95D473F7A5951A9B018A906E44F22CFCF182C2220ACA46DFD2CED3AB43F4310F6849D0AE2D49BE84702A2A6C3BC8D7C8133F30E331525658A224CE0B0D6BB5252D15A387BC160D1BDA4BE80A28B4DABD236A242B8A05A4D0C5002AE118A45D93239578017B23AB8DD749D3CF1830E9E32D804227264F90C7DDA14A281C1B557321EA8E7BE41EB1AB9047A726E93A2AE451C4E46A6A9FEDE39E0DC63BA24F3E0211F7D8BDCA37306E4229D5DD5553B89042BC19ED116784EB5087E7DA0CC42C9FED6680F04EA2A76E421802A7E08022D94833A18BA79D124BCE9E2DAC0A8429514A215EA1681B0F69F481841A6ACBEAD6BD36F203903DC4128B1F4837A2183341CBD80541E4DA4E415417EA3022C309C31197367801C5C2740A1EA167B110B93A2B81B526E3A347FB6FCC75C70C79E8FD48ED4A7203B8A1C962F1D18E6601A12EB6D3E888583AC74468DC97A38302E888F713405DF31D6E8F41B528DFC200C5334ECAC9860B67196675C37A69B2785B8C4CA55C0786FC29E366C7A7759DAB7180E62839A196F6F25560437B249B7888D204861AA43F68C68A27CC064AA12266728B6FC7BEEB3A842787602A4213A52BC9745D26CC7971AD6DEAAB2E3ECE87D90CD76840A74D8570155FE3CA16C1247106821361F9E12EBA16AD10BE97768274F07F9F9C"
"OOCC7.00.00.01PROSTATION"="29D097A7AEF43EC706591E9ECF061EB3FB60A04F8CF9FCAAF576FDF2BE3F2B7FC6BC69905BBA22526B388C221D584DB88E9F76BDF133A870EAD2DD56C542A0ACFACC2F09142052646A306F7CC9D68FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A9C6AECB7A5D1407FEBC9E127BECC74C0FFE431675EDA154A6B5EA813FDAC7CCF71CF53CBFFC4DF36781862BE156E408B238876F23420AFEC791324A72D4520B292E2A4F1F1654756894A86154029246A92337022EDB863D3C467977CEDA2B19BD0F06B89712A732D583D330DC42F9DF7654B3CBBEE33F33B856DAD97E8F83823C4B7B3FF2B3A238A68873F68518C006A1D502DC41B34459F4B494576CCB71A12F69A3BEBF6E85E857D497239EB6EC4236A4495D64DB857AAFCE086B4C9BEF27225DB625506DF1F9630BF3BAB981EC6CC431D7049F9FD7372701BB249041DC1AA71415783B8C71F5CF45E0552E168F355F601F20A877F503A11DD8A3F430FA52D66BC1CCD8DEECBA230E5B9F18428A1F1F0DB2117B8DFBA4686AAEA07491707B46B6624FC92936F8E7658059D607F40120024C4C5943EBB846222D65D141C71717BDC33EEDE57FB7ABC095D60C9CCC048001C75C462AAB2F8CF26B4E904FEE7AE7BAD36E6C415F4F81078381206D71A863BF285D898A844C107DA3CFFB80394DE0DC24452F1DD26E8094D4D3BD96A642F366908230DFA226A9D8326F20CE5D8D2AC66E4065103917C3383A5E54EB96F459124A8E0AD998AAB58F1BC7CDE4740BF0908BEC80E2D49EE8B707471673CC3EC6D3C2DB2BDBDB97151E03061B24FD6BE7447AED36124D2E934AB345FB68396C6EB10A576B7DC4022C77336EDFA1DAA645625F7C0150AE45699C5CA4403831A007235583E78A92D0E3811B55BA25530A415C7FE21F83E73495CD3FC56106EBD2CD17FDF38002E4412917CBA50BAA10B61B1947819244CC21C672429DA32807CD826D0053D89741626B05FA5EF7642120927444C9A1611406AF926CB30DA903B0E67AFC5ED8B29296A00E0391E9B578106EBDAAC3565A5A30872AE924E948C2ED4408B9E62D6F259740E6E1E30DB6EB23F8B7518A7F661DC287A80AA048768F4B66531FD1C61E2A7048BBB8915334B44A7E9931CE2EEE41B16FF1C1EBFB5C96649B0DBA17593FB70038294E68F2AFF34AD08CEAD1B8108EC781DFA75E9CD266A8395A3CC5DA8DC6FB16420C4A62DCAA3B47B142EBB99C2E2384BC796584E8F5D916D4F97E0B72B46A690C002EE125C08AB89C9B88101BB2B4C2C8150052E19A100D886A76E70FC228BE80DC1EF0247D7806D104275C428D428B39FEC36AB293B37E76ADF7353517E4A78DF6B7D32A911B8DCDA859068115E631B460D7F30700074F"
"OODEFRAG14.00.00.01PROFESSIONAL"="93F6C21211793F99598A56FAB96B6C44170F1B160B75270FAD3774C3C2BC695D74688141DC3E6AEF073F04F2A8878C102FECD504792EDA9A4E5D734FDBA99CD167300C1F666BEE01307DABB58AD3F2F4AEF5F2AF0BF290B97144DBAAEA95403650C98E4580ABEC8BBC254CE88B71E24D298D606B62F5C882F3742DF52A6A36FDF206BBC1203D4A7D7D6DE6297913612695ED90014982FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA2D97226D213B5558EDD5E5BE2F6E6670EBB5DF95F0906BD714B8F776C70C2D461A81CED8D70C4BE712559006306834AAB47C85D43968F01BA4040CFF3498363A9B192AEF1367882B3C05B0F44E097559E79CCD3E4832CF32D85137E38AE568F9D2F45DC90B640C8B539EB02C6E8694BE2FB8E895FA18443E7E059B44322DB991CA54F5205BDD287B86D8C75365AEA763B2A9700CE3A61AC4C4C45792415D75547492CB8EF8C8E494172225964E2B2B42B95D60CD506B3858174EE25EDF131AA8706BA0D74D974A9168E7771A6A2F8F8FC831F5699358DB2F1BBD1E6B614F31886F941A33ACC275C44BEB7D5D4B19DC93EEA27DA446B25B249B74DBF18CAD1AA35F7E7A26D82F2241BAF75704A9AA041BEF8876C833DD6917CAF248532DA1D89C406BA06BC8D42DAAFC72703E958A98C150DBF2D8839A0F24025FD6228FC4DEB2E5E2A9ADC7127ED591EA4A096DF81EF983E3317895BA5901046E6D29FDA7F1DACF08A8505A756DF357C2CB13B9695BFE7D2A6773F98AC33287A4D2A4217737EBDDE94BB709C28C323E35E7141D4F867634846ED68D6203C0C5A050D41C38C04A50064885EB299C4C608C16E9B6A6165314E1FEF4572101D813345764DEAD236EADDFA0A143E4C9F084F3F8E3F98A84BB9CAA3C71DB7AFDC92082AB31D07F1B059373B355887842515D5A38823964C3F2AD52A8F386CD3190E8C33E56C083A257FFDEE4FF64D2CBBDA6B2168450C6E7BF33BEDB965C77800852C420479529F56B15AC2723F3FCE5A9093CB8E261AD44F4BFB8C89F5F2BD53CD82215686BEB99D0625450E05831E90AC851F2DC9CF699CAACC891A3F8D64EB836278FBDA18C466D76D6D6520316EFE6BAC78CDB8353B594E96C9569B2AD4350451D9E4412020B045F6118E6C57B9DA4D2896CA01437A903873987FE651192EF087B6D90608D01334B66EF4C8761B6D17CC215431687DDE2C37252A05FBE0E8B0F368717F7A7DB2C8D6A5D61A025593CFA1A0ED60073F77B46500405A1CFE0FED372A9B0213F24EF037BA474665CCBE436282F0A474DB211FB520FCD09169D916281A99E8DF20B458E915AC3AFB0975047C99871D7A1736FA15617156B5BB99DACEBC0112671A4BF53603C2651839CE6496"
"OODEFRAG15.00.00.01PROFESSIONAL"="10F7651DDEE4A3A9EEF57B83A6B9C8CC4D8F87FD607CE612294312E89FFCF8437DB5818A895DD2B075FE33E6DB8E34723C4E0FE2FD11F3715556BC3C219332C687145FCB76592066D5D7E516F1F3591B0DAC67B8164A46D7DC049398DFEF15CC00B730E632D23D587C5AA775DB2B9AC465DA2760294E9250BEEE4E7904BE458D61D76C162C97DC8EF9F3D09DF3C7DBE08D99276C17168ADA1DCEE51298FAE8B646434FC939CC350183257E57F83185D5F540842729ED6A6840ED98C60DF82B666E5757239167049D7203FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E6673E12610F0E2D15FE44F8EF29C2F731ACD783B86FF8750EDB322776E681A6EA0A9CBF7FCF444A998DA9D2F98F0C0CFDA309269D6ADA7C8D50E325020AD264758E481107D42A5B3DD42C8C4619B136075F7C661205ECC453D535488A6DB9DC61BB17A4BFE881B798AAE37EE335861C7EEA28F990F2345F494FA045922B0BAEF2E6254BD22A922BE5FB2AB74827E2D6BA68C7CC75BB39D37D326204012EA0EC8E7C500A520AA6F5854A1F7C4B04A173B10E5DFD833B889AA208FB221FB8599F41FA399B304D8DCCFB28A6C0A8B823F10323AC62DE22B3A30D71B1EF1CDE95C03977C7EC430F99D6714066B082034B496E87BC8011734DCD381E8E728A0ABA3FC717A59EC83EA030B04C4BA9DB7501DF572AD9148906EF7240D55EE061F5B3FEE616BF885F98FCE92B1E02BF9D773095C912160D960837DAE8F1B22879346D562F4449B189380F87739880B814C348397057C38EEF77C4C216E1E0E8912A5910E08438D8AF05B8004136FB0FEFE83D111D28FA6FAD28BCDED3270178CD0FECEBDD4E47EE9CBB60C07101EF71C44987D5C344983D4EC247D34FD871DDB2EFA39C2D2B731B00EF7129049A9DC10C9B21B47E83BBB531C112BCD92052D6AA2F7849F9BC00B46D86D90D1C37041721EB0ACE89CC4A4C9E764CA669BB89D2857F6F8D1336724BDBB90CB4019EEE3C45974738C51EEB2A3E832C93977DC0F774EA0D76EBDB151E28977EDCA02DE42F1CD15F7A39898B299C61E8FA234D641E8D4ED90A1B8CF6A48F802D348AD33923AFA2DD138AB2DAD9ADDBC0C36F23A5D0CC5AE53CDAB6E888362C1660F095FC7D6AE253F208D3CC7FC411724FFE0FF8D11093C17A8ADB8125A4A23B78AC0C07D91E42D2FDA3BB1A109CF7446E7DB2191598D182A22E949A0E4442240839E2F2867DC3F38FEFC93FBA5155FE67B8C481C30EC342076A8C5209E63C5A0F37592105A3BDD1722873FB5BE4C6EDF2A20E74B87BE89EF08C828C0D3E986E836B46B28D8ADA0D68A64153873E3B6340D16F7606CC96B91902496D4A61AEF1CA"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Allway Sync\Bin\SyncService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-07  10:50:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-07 08:50
.
Vor Suchlauf: 14 Verzeichnis(se), 225.922.469.888 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 225.206.841.344 Bytes frei
.
- - End Of File - - 11C50D624919200C4A76B65648296811
         

Alt 07.04.2013, 22:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Code:
ATTFilter
R2 KMService;KMService;c:\windows\system32\srvany.exe [x][2010-03-18 138576]
         
Aus welcher Quelle stammt das Office 2010, welches bei dir installiert ist? Wie hast du es aktiviert?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.04.2013, 18:22   #13
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Hallo Cosinus,

es handelt sich um Microsoft Office Professional Plus 2010.
Aktiviert über das internet.

Warum fragst Du?

Hubs, habe vergessen die Quelle zu nennen...

Ich habe die Office Version von meinem Arbeitgeber bekommen.
Wir haben einen entsprechenden Vertrag mit MS und können diese Office Version für ein paar Euro (ich glaube es waren 24€) kaufen und zu Hause nutzen.

Alt 13.04.2013, 13:45   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



Den kmservice sieht man fast nur auf Maschinen, auf den ein gecracktes Office läuft....

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2013, 18:41   #15
NewtonZ4
 
Prozess hlink64.exe von Malwarebytes Anti-Malware  gemeldet und blockiert - Standard

Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert



JRT - Junkware Removal Tool

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by User0815 on 13.04.2013 at 17:49:10,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\Users\User0815\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\User0815\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"
Successfully deleted: [Empty Folder] C:\Users\User0815\appdata\local\{1B6779DF-4716-4619-9BDA-73A149D6C3A7}
Successfully deleted: [Empty Folder] C:\Users\User0815\appdata\local\{35C8BF33-9CFA-42CA-A819-6AF93BA79143}
Successfully deleted: [Empty Folder] C:\Users\User0815\appdata\local\{A63601CA-4B85-4586-B403-318EA6855E2C}



~~~ FireFox

Emptied folder: C:\Users\User0815\AppData\Roaming\mozilla\firefox\profiles\ezwdy8e4.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.04.2013 at 18:15:11,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwCleaner

Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 13/04/2013 um 18:20:20 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User0815 - USER0815-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User0815\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Kinder\AppData\Roaming\Mozilla\Firefox\Profiles\qiv772ow.default\adawaretb
Ordner Gelöscht : C:\Users\User0815\AppData\Roaming\Mozilla\Firefox\Profiles\ezwdy8e4.default\adawaretb

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\User0815\AppData\Roaming\Mozilla\Firefox\Profiles\ezwdy8e4.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Kinder\AppData\Roaming\Mozilla\Firefox\Profiles\qiv772ow.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1070 octets] - [13/04/2013 18:20:20]

########## EOF - C:\AdwCleaner[S1].txt - [1130 octets] ##########
         
OTL

Code:
ATTFilter
OTL logfile created on: 13.04.2013 18:30:12 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User0815\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,13% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,61 Gb Total Space | 207,61 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
Drive E: | 278,76 Gb Total Space | 160,09 Gb Free Space | 57,43% Space Free | Partition Type: NTFS
Drive Z: | 912,46 Gb Total Space | 706,17 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
 
Computer Name: USER0815-PC | User Name: User0815 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\User0815\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe ()
PRC - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe ()
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe (Synology Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe ()
MOD - C:\Program Files (x86)\Allway Sync\Bin\syncapp.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files (x86)\Launch Manager\PowerUtl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SearchIodexer) -- C:\Windows\SysNative\hlink64.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (StarMoney 9.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH)
SRV - (BotkindSyncService) -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe ()
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SynoDrService) -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (OODefragAgent) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ui11rdr) -- C:\Windows\SysNative\drivers\ui11rdr.SYS (1&1 Internet AG)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (GenericMount) -- C:\Windows\SysNative\drivers\GenericMount.sys (Symantec Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\drivers\BtHidBus.sys (IVT Corporation.)
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\drivers\btnetBus.sys ()
DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\drivers\IvtBtBus.sys (IVT Corporation.)
DRV:64bit: - (SynUSB64) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)
DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130412.024\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130412.024\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130412.001\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WinVd32) -- C:\Windows\WinVd32.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..\SearchScopes\{72C12208-8A13-419F-B458-00D6E81D5FE9}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..\SearchScopes\{937BF4A8-1861-4351-A604-1B665598C6FD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\User0815\AppData\Roaming\Mozilla\Firefox\Profiles\73799n8v.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User0815\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.13 18:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.40\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.09.08 17:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.12.04 19:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files (x86)\Mobile Master\ext\1\ [2012.10.27 10:28:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:14:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.03.29 10:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User0815\AppData\Roaming\mozilla\Extensions
[2013.04.06 22:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User0815\AppData\Roaming\mozilla\Firefox\Profiles\ezwdy8e4.default\extensions
[2013.03.29 10:50:33 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User0815\AppData\Roaming\mozilla\firefox\profiles\ezwdy8e4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.12 22:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 22:14:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.07 10:45:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000..\Run: [1&1_1&1 Upload-Manager] C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000..\Run: [Allway Sync] C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe ()
O4 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000..\Run: [Data Replicator 3] C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe (Synology Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe File not found
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-121777554-1454121207-2244527815-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{096B71E5-0C02-4A9C-8792-238083897661}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.13 18:23:59 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Local\adawarebp
[2013.04.13 17:49:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.13 17:48:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.13 17:48:58 | 000,000,000 | ---D | C] -- \JRT
[2013.04.13 17:47:37 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\User0815\Desktop\JRT.exe
[2013.04.12 22:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 21:48:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 21:48:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 21:48:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.11 21:48:56 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.11 21:48:55 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 21:48:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.11 21:48:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.11 21:48:55 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.11 21:48:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.11 21:48:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.11 21:48:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.11 21:48:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.11 21:48:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 21:48:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 21:48:52 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 21:37:17 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 21:37:16 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 21:37:16 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 21:37:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 21:37:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 21:37:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.07 10:55:02 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\1&1
[2013.04.07 10:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1
[2013.04.07 10:45:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.04.07 10:45:08 | 000,000,000 | ---D | C] -- \$RECYCLE.BIN
[2013.04.07 10:25:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.07 10:25:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.07 10:25:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.07 10:25:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.07 10:25:16 | 000,000,000 | ---D | C] -- \ComboFix
[2013.04.07 10:24:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.07 10:24:56 | 000,000,000 | ---D | C] -- \Qoobox
[2013.04.07 10:24:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.06 22:31:56 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\LavasoftStatistics
[2013.04.06 22:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.04.06 22:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2013.04.06 22:26:55 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.04 10:52:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User0815\Desktop\OTL.exe
[2013.04.03 13:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.03 13:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FOXIT SOFTWARE
[2013.03.30 19:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.30 19:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.30 13:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.03.30 13:26:59 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Malwarebytes
[2013.03.30 13:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.30 13:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.30 13:26:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.30 13:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.29 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Mozilla
[2013.03.29 10:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.28 19:34:52 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lexware QuickLine
[2013.03.28 19:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign
[2013.03.28 18:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickImmobilie2013
[2013.03.27 16:17:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Doerr
[2013.03.27 16:15:40 | 000,000,000 | ---D | C] -- C:\Serie
[2013.03.27 16:15:40 | 000,000,000 | ---D | C] -- \Serie
[2013.03.27 16:15:38 | 000,380,445 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\expsrv.TAK
[2013.03.27 16:15:38 | 000,030,749 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbajet32.TAK
[2013.03.27 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nebenkosten easy
[2013.03.27 16:13:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2013.03.23 10:14:22 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Foxit Software
[2013.03.21 20:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 9.0
[2013.03.21 20:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 9.0
[2013.03.21 20:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarMoney 9.0
[2013.03.17 09:55:33 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.17 09:55:33 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.17 09:55:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.17 09:55:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.17 09:55:33 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.17 09:55:33 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.17 09:55:33 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.17 09:55:33 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.17 09:55:33 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.17 09:55:33 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.17 09:55:33 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.17 09:55:33 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.17 09:55:33 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.17 09:55:33 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.17 09:55:33 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.17 09:55:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.17 09:55:33 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.17 09:55:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.17 09:55:33 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.17 09:55:33 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.17 09:55:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.17 09:55:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.17 09:55:33 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.17 09:55:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.17 09:55:33 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.17 09:55:33 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.17 09:55:33 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.17 09:55:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.17 09:55:33 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.17 09:55:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.17 09:55:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.17 09:55:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.17 09:55:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.17 09:55:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.17 09:55:33 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.17 09:55:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.17 09:55:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.17 09:55:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.17 09:55:33 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.17 09:55:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.17 09:55:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.17 09:55:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.17 09:55:32 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.17 09:55:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.17 09:55:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.17 09:55:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.17 09:55:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.17 09:55:32 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.17 09:55:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.17 09:55:32 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.17 09:55:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.17 09:55:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.17 09:55:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.16 18:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\bbc
[2013.03.16 18:03:55 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Opera
[2013.03.16 18:03:50 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2013.03.16 17:09:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.16 17:07:39 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.16 17:07:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.16 17:07:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.16 17:07:06 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.15 12:43:27 | 000,000,000 | ---D | C] -- C:\Users\User0815\AppData\Roaming\Buhl
[2009.08.22 10:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.13 18:31:39 | 000,017,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 18:31:39 | 000,017,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 18:22:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 18:21:55 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 18:21:54 | 000,731,786 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2013.04.13 18:19:47 | 000,613,083 | ---- | M] () -- C:\Users\User0815\Desktop\adwcleaner.exe
[2013.04.13 17:47:48 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\User0815\Desktop\JRT.exe
[2013.04.13 12:20:58 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000016E5.LCS
[2013.04.13 10:46:55 | 000,452,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.07 10:45:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.06 22:53:31 | 000,001,190 | ---- | M] () -- C:\Windows\wiso.ini
[2013.04.06 22:39:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2013.04.06 22:26:55 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013.04.04 10:13:50 | 000,000,020 | ---- | M] () -- C:\Users\User0815\defogger_reenable
[2013.04.04 10:13:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User0815\Desktop\OTL.exe
[2013.04.03 13:46:39 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.03 09:11:25 | 001,644,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.03 09:11:25 | 000,708,994 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.03 09:11:25 | 000,662,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.03 09:11:25 | 000,152,956 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.03 09:11:25 | 000,124,978 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 18:00:01 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-User0815-PC-User0815.job
[2013.04.01 11:47:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.30 19:01:34 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.30 13:26:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.30 11:15:03 | 001,622,162 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.29 10:42:56 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.28 19:34:52 | 000,003,061 | ---- | M] () -- C:\Users\User0815\Desktop\QuickImmobilie 2013.lnk
[2013.03.21 20:23:56 | 000,002,042 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 9.0.lnk
[2013.03.21 20:21:37 | 000,017,486 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\services
[2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.03.17 09:55:33 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.17 09:55:33 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.17 09:55:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.17 09:55:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.17 09:55:33 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.17 09:55:33 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.17 09:55:33 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.17 09:55:33 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.17 09:55:33 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.17 09:55:33 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.17 09:55:33 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.17 09:55:33 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.17 09:55:33 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.17 09:55:33 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.17 09:55:33 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.17 09:55:33 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.17 09:55:33 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.17 09:55:33 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.17 09:55:33 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.17 09:55:33 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.17 09:55:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.17 09:55:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.17 09:55:33 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.17 09:55:33 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.17 09:55:33 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.17 09:55:33 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.17 09:55:33 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.17 09:55:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.17 09:55:33 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.17 09:55:33 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.17 09:55:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.17 09:55:33 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.17 09:55:33 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.17 09:55:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.17 09:55:33 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.17 09:55:33 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.17 09:55:33 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.17 09:55:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.17 09:55:33 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.17 09:55:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.17 09:55:33 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.17 09:55:33 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.17 09:55:33 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.17 09:55:32 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.17 09:55:32 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.17 09:55:32 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.17 09:55:32 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.17 09:55:32 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.17 09:55:32 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.17 09:55:32 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.17 09:55:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.17 09:55:32 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.17 09:55:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.17 09:55:32 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.17 09:55:32 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.16 18:03:56 | 000,119,808 | ---- | M] () -- C:\Windows\SysNative\GFilterSvc.exe
[2013.03.16 18:03:55 | 000,118,272 | ---- | M] () -- C:\Windows\SysNative\hlink64.exe
[2013.03.16 17:07:00 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.03.16 17:07:00 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.03.16 17:07:00 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.03.16 17:07:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.03.16 17:07:00 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.03.16 17:07:00 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.13 18:19:25 | 000,613,083 | ---- | C] () -- C:\Users\User0815\Desktop\adwcleaner.exe
[2013.04.13 12:20:28 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\000016E5.LCS
[2013.04.07 10:25:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.07 10:25:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.07 10:25:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.07 10:25:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.07 10:25:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.06 22:39:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat
[2013.04.04 10:13:50 | 000,000,020 | ---- | C] () -- C:\Users\User0815\defogger_reenable
[2013.04.03 13:46:39 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.03.30 19:01:34 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.30 13:26:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.29 10:42:56 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.29 10:42:55 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.28 19:34:52 | 000,003,061 | ---- | C] () -- C:\Users\User0815\Desktop\QuickImmobilie 2013.lnk
[2013.03.21 20:23:56 | 000,002,042 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 9.0.lnk
[2013.03.17 09:55:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.17 09:55:33 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.16 18:03:56 | 000,119,808 | ---- | C] () -- C:\Windows\SysNative\GFilterSvc.exe
[2013.03.16 18:03:55 | 000,118,272 | ---- | C] () -- C:\Windows\SysNative\hlink64.exe
[2013.03.16 18:03:50 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.09.08 09:15:55 | 000,704,512 | ---- | C] () -- C:\Windows\is-C9A31.exe
[2012.04.04 11:40:02 | 000,000,000 | ---- | C] () -- C:\Users\User0815\AppData\Roaming\JFritz.lock
[2012.01.14 18:21:22 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.12.09 20:53:02 | 000,000,680 | RHS- | C] () -- C:\Users\User0815\ntuser.pol
[2011.10.29 23:56:19 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI
[2011.09.27 16:31:32 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2011.09.27 16:31:32 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2011.08.18 16:46:44 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2011.08.18 16:46:39 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2011.05.05 20:34:58 | 000,038,428 | ---- | C] () -- C:\Users\User0815\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.01.20 21:51:03 | 000,007,598 | ---- | C] () -- C:\Users\User0815\AppData\Local\resmon.resmoncfg
[2010.09.25 22:25:35 | 000,016,794 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010.09.18 20:47:00 | 009,621,355 | ---- | C] () -- C:\Users\User0815\0
[2010.09.18 19:38:29 | 000,000,000 | ---- | C] () -- C:\Users\User0815\perl
[2010.05.05 20:54:15 | 000,000,053 | -H-- | C] () -- C:\Users\User0815\maxdesk.ini2
[2010.05.05 20:54:11 | 000,139,011 | -H-- | C] () -- C:\Users\User0815\PP11Thumbs.ptn
[2010.05.05 20:52:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.23 16:41:38 | 000,001,024 | ---- | C] () -- \.rnd
[2010.03.17 20:17:57 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.16 20:26:44 | 000,007,680 | ---- | C] () -- C:\Users\User0815\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.02 07:07:23 | 000,010,639 | RHS- | C] () -- \Patch.rev
[2009.11.01 22:19:56 | 3217,231,872 | -HS- | C] () -- \hiberfil.sys
[2009.08.22 08:01:21 | 000,000,211 | RHS- | C] () -- \Preload.rev
[2009.07.27 22:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2009.07.27 22:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr
[2006.12.02 00:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.15 13:39:47 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\Atari
[2012.01.15 13:32:10 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\LEGO Company
[2012.01.14 19:04:31 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\Teeworlds
[2010.05.18 22:08:59 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\.oit
[2011.02.26 10:37:42 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\096A6460-9B1D-4DE4-BD0D-2D185040EEFC
[2013.04.07 10:55:02 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\1&1
[2011.09.27 21:34:56 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\360° PanoramaMaker
[2011.02.26 13:12:30 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Acronis
[2013.02.02 11:59:59 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Audacity
[2012.07.20 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\BOM
[2013.03.15 12:43:27 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Buhl
[2010.02.26 23:00:26 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Buhl Data Service
[2012.06.12 18:32:31 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Buhl Data Service GmbH
[2011.04.22 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.03 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Cimaware
[2010.10.13 20:45:11 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\concept design
[2011.11.02 18:45:35 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\DAEMON Tools Lite
[2010.03.20 15:17:32 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\DataDesign
[2010.01.26 22:08:32 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\dd_bookmarks
[2013.04.03 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Foxit Software
[2012.04.04 11:01:51 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\FRITZ!
[2012.04.06 18:08:43 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.04.04 11:48:38 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\JFritz
[2012.10.27 10:28:03 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Jumping Bytes
[2012.01.14 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Leadertech
[2010.07.04 16:11:45 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\LEGO Company
[2013.03.28 19:43:15 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Lexware
[2013.02.09 11:34:25 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\MediaMonkey
[2012.10.27 12:13:55 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Mobile Master
[2012.09.29 18:24:43 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Nokia
[2010.05.18 23:27:05 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Nokia Ovi Suite
[2011.11.02 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Notepad++
[2010.10.30 10:02:02 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Nuance
[2010.02.03 01:06:14 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\NVD
[2013.03.16 18:03:55 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Opera
[2012.10.26 22:30:35 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\OxyCube
[2010.05.18 21:25:53 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Passware
[2012.09.29 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\PC Suite
[2010.02.04 01:03:01 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\PixelPlanet
[2012.12.07 00:27:42 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\ProtectDisc
[2010.06.25 23:45:05 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\PTV AG
[2010.02.16 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\SieMaSoft
[2010.05.08 23:41:46 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\SmartDraw
[2011.02.16 22:42:02 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\SmartTools
[2010.06.21 23:35:53 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Stereoscopic Player
[2013.03.11 21:18:16 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Sync App Settings
[2010.11.19 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\TaskCoach
[2011.12.29 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Teeworlds
[2010.11.20 01:18:10 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Thinstall
[2009.11.28 17:18:44 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Tific
[2010.02.03 01:06:11 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\TP
[2012.09.29 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\TuneUp Software
[2010.01.16 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Ubisoft
[2010.06.06 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Unity
[2011.11.05 12:32:23 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\wargaming.net
[2010.02.12 14:15:57 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Xilisoft
[2010.05.05 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\User0815\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8E55808C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B9FB94D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:01C66DD9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:527B6DAD

< End of report >
         
Extras

Code:
ATTFilter
OTL Extras logfile created on: 13.04.2013 18:30:12 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User0815\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 57,13% Memory free
7,99 Gb Paging File | 6,30 Gb Available in Paging File | 78,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304,61 Gb Total Space | 207,61 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
Drive E: | 278,76 Gb Total Space | 160,09 Gb Free Space | 57,43% Space Free | Partition Type: NTFS
Drive Z: | 912,46 Gb Total Space | 706,17 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
 
Computer Name: USER0815-PC | User Name: User0815 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-121777554-1454121207-2244527815-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05048D63-A03A-444D-8731-AAB7B9F5A380}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{054DBE64-A9B0-4720-9B24-6B183335417A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1780AD61-0EE8-4E4E-B217-278D7A85C612}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A6902F7-15B4-488A-9AC8-E395A9F44CE9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{31560B8D-9B83-436A-8C32-DE3B87C08848}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D428E1C-FF9A-46B7-9F57-15E4A1948850}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{3FDCB29F-EE34-4B63-839E-ED1F71784700}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{528C14B1-FDC4-4C91-98A4-3138C73B9075}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B721E58-892C-4A47-B5AC-A20F1A39B933}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8195E87A-1590-4802-8D9B-10070B3EFF4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{883BC330-0E3F-438B-BC02-4EEF57EFDA5B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8D809531-6E18-4E8E-88D6-DBCDB36B65FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{932068F7-0D10-492A-A274-F8C8280A618E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9A243FAD-FF17-4CC5-A199-D67C646BAAE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A15C51D6-9951-4DD0-8A1A-E0D68AE1AC01}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A6DD7B96-A272-439A-8372-032B994871DD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ACCDC09F-4BB6-466D-BAD1-E377758A6104}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B7A04A04-9A85-4EE0-8803-32549E00A991}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C0BBE16C-9BFF-416E-894A-2DDE1275FE39}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D0328186-2084-417A-A16D-A6F922725B7A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D2B93CBB-D0B8-4192-894B-873CCB644F4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D5539347-00A0-4678-9B65-8B37891924EF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE9D7428-A297-426C-B3C7-325101907576}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F5FEF59B-1751-48AA-ADDE-58A0C8047E73}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{FE9D8BAA-57FA-4DFF-A5A4-25BF9F892955}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5CC524-FC89-496D-9912-3CB590442CAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0D337E53-E16D-41C9-9026-65CD6EE9033D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{0F494519-33A1-4B91-A029-F8D3FB4CAC9F}" = protocol=6 | dir=out | app=system | 
"{1193283B-3C75-4ACF-9548-11C9D328DAE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{13B8A538-C345-404D-B156-A5A66DA7DF6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{185C016B-7A5D-44CC-A8C7-D6C020FB8DF1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{263AB365-8B19-4497-8E0D-38B2E9CE5AD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{26F6B5F4-CDB4-4D9C-B5AB-777ED6CA0AC8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CB5036C-4B0A-4D58-A997-7E93915D8411}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{3467F433-5DE9-44EA-88A0-2AD4863244E6}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 9.0\app\starmoney.exe | 
"{3485AC78-D875-4D94-AC15-496A97527B10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{43CDE3A7-9368-4DC8-BA5B-37CB895CD986}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4B361293-BC12-4AC6-BA8B-CE4694F40B90}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{512A40D1-E7FF-40E3-BF89-2750DF0902FF}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{54C9D507-300B-4DD9-9735-A2758FE3BD19}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{55F8A3B5-77A6-409C-9584-6D012D23B4DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{5887590D-BF66-4AD6-9B68-FCB45CBE8D79}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{59B713CC-AF77-4C02-9BFF-5B9A54256117}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{5EE99E28-9238-44B9-9D1D-A57AC34347D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{614AB493-685A-4F3C-9A94-12D6362B10CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{652D2F73-1880-4669-81B3-FDF40147908B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{65F1706A-8160-4947-9C38-020566D555D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6627D3CB-52E7-4C11-9F5E-DCECC025EFE4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{67CC36B9-A38F-451F-99E6-C8D07A4F6022}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6BC09CC6-E0DB-4EB8-BE6D-7543C7DE5CE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{712A74D8-4DA1-43A2-8A7F-ADB2058F7BBD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{7E67F3BF-D01A-47D1-B9B7-B64F3DD6369E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{7F491F5A-44E9-44A2-A5EC-470AABF6DC7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8458973C-390C-4691-9E3F-772DA5FD2D64}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{86988636-89AF-468F-9FC4-A42CA0D9A3AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8744E735-3FB1-4B65-AF62-4CD0D66C1805}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 9.0\ouservice\starmoneyonlineupdate.exe | 
"{8B0846D3-8A6B-4A2B-833C-D17F00A1DE5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8B607A24-31DE-4288-B2FD-5DB1B37D8013}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{970A8A87-56A3-44DE-AEE8-EE2482EF6016}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A4E7B9C1-1720-4CB7-AF55-BBFCED21F728}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A71D9658-9051-41A6-8E55-6E82D1A2C629}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AAAA71F2-90AD-40DA-A786-DF0420B187BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB569A98-047D-4C0A-B5F7-A44A93459FCE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AC850A18-19C6-4388-B0E6-0F740A5410C5}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 9.0\ouservice\starmoneyonlineupdate.exe | 
"{B44F5429-172E-4F6B-838A-C6DD6BBE8562}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{B957926A-CEBF-4A44-8C9F-AE3F5E482723}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{BFEAD707-17EA-46BD-A25E-07849AEC8A3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{C5353C8B-2E3C-414F-AFDC-542D354ECB07}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 9.0\app\starmoney.exe | 
"{C7D4DC9D-4382-4F70-A849-750F5D3ED049}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{C95C2594-2358-46AA-9FC0-D9DE3D4F640F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{D0C49268-900A-4DDF-9727-4E64A2010B38}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{D277F9B4-45D3-4A31-B3FF-5CBA15483C19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D2AD6041-BF2E-4416-801C-2F9A56A3210A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{D2D05CA9-68B1-4B96-B06C-6F0FE750122F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D88C7227-DAC7-4170-B969-15E69F19EF1F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{DE63FF7E-7DBE-443D-AE7F-56F35DCEC4FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4179681-1519-4BF0-ACFA-DBEFE28CDA8A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{EB3A310D-D4AD-4FCD-A10E-6E1ADE628454}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{EB7842DC-2CD9-4B05-A41B-993F88176D1B}" = dir=in | app=f:\setup\hpznui40.exe | 
"{ED52AA75-2F7B-4EB7-8DFB-34028BC67C0B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EE6EF71E-34EA-4FF4-8142-9A332A787B36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F17093EA-7685-49CE-B928-0DED4231F094}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F9491663-B8F0-4273-8ED8-9DAED26EFB29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CE7326-01AA-44C5-A323-45E52C5D4D0D}" = O&O Defrag Professional
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11F38253-8940-FFDA-D131-B14120C357E4}" = ATI Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{43239902-03DF-A165-7EF6-6A49DE4F8EF1}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD41C9CA-7722-7C0F-8BFE-E88A81865287}" = ccc-utility64
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"B0BA1B797FB7A52D456711B6A48520BBE1EB8D75" = Windows-Treiberpaket - Intel (NETw5v64) net  (03/18/2010 13.2.0.30)
"CCleaner" = CCleaner
"D7C06C42A25F6AD989ADA3BA0AB6BFC30F77FAA6" = Windows-Treiberpaket - Intel (NETw5s64) net  (03/18/2010 13.2.0.30)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06EF78A1-935E-8982-48EE-DEAF73075BBE}" = Catalyst Control Center InstallProxy
"{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{14D6085A-9A42-C0B5-823E-8C9619AC1026}" = Catalyst Control Center Graphics Full New
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF19BBD-554D-733C-3BDF-B55C99349198}" = Catalyst Control Center Core Implementation
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{346D6B7A-4AD8-5C2C-E249-34CA3CD7D34B}" = CCC Help Polish
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{357C0C30-051F-FE77-4709-025786123FB1}" = ccc-core-static
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41BC23C5-157F-77A0-6662-17A5096E7946}" = Catalyst Control Center Graphics Previews Vista
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4507185D-FAB8-B77D-4546-2CF31DA906AD}" = Catalyst Control Center Graphics Full Existing
"{4967ADB1-27A6-635F-A217-754BD9A05E2E}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52175683-38AC-4275-A5CD-9CF09E5E16EF}" = QuickImmobilie 2013
"{52306338-9945-41A5-A021-25739C852B58}" = StarMoney
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54DFD48E-0E0D-5D0C-BD93-CE3DF090EC1C}" = CCC Help Japanese
"{5528C69D-4018-C4BD-7D00-67F90623EB33}" = CCC Help Italian
"{5582C24D-5597-42D2-537E-BA329164D78D}" = CCC Help Thai
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A6DB7C1-E646-4842-A562-49C5EB8F2B47}" = StarMoney
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66246FF6-130A-483D-B1EE-2FB5A1548662}" = StarMoney 8.0 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6A5D6552-7645-48F4-8922-475ADA18EBD4}" = Zeugnis-Generator 12.0
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785F975B-50FB-C523-5E58-C6EFE9E62424}" = CCC Help Portuguese
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5F8BE0-11CB-427C-B536-E71EA3D69614}" = StarMoney 9.0 
"{7D62622F-78B7-91B0-5B75-4082DDFAC775}" = CCC Help Swedish
"{7DE2B39B-97F0-EC01-06D6-E25C6D4164DF}" = CCC Help German
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{811E4E77-05C8-422E-8077-B9A80BF15C68}" = DReport Viewer 4
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{878789F8-276E-4D98-20E6-78DCBD77AD7D}" = CCC Help Turkish
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{8F2AE892-C036-C2F8-0D45-0ED891440D68}" = CCC Help French
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D40BD8-2EA7-C51E-A218-B2F863481573}" = CCC Help Chinese Standard
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98A7C691-304F-31DC-A21C-3675E1D68501}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A33B56D0-F273-F6C2-C335-50AE0C83C85C}" = CCC Help Finnish
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A8CB3994-B273-D81E-315C-CA3A8376415E}" = Catalyst Control Center Localization All
"{A8D450FB-F8F7-4250-7CE3-A3C24CDE5722}" = CCC Help Hungarian
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB82BA59-B05B-70DC-992B-D2D7A2AF4EE5}" = CCC Help Korean
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFB59706-4FEC-37A8-96CD-C7F6932AD6DD}" = CCC Help Norwegian
"{C09EECFB-8925-5E54-1580-3FAEB6A78856}" = Catalyst Control Center Graphics Light
"{C0ED2557-8BCC-71B6-253C-BDFE26A9B37D}" = CCC Help Spanish
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CC62C6C8-0D7F-3F0D-9BD6-49CB16029A6A}" = CCC Help Greek
"{CC6D2A70-B152-E250-ABEA-5D7D681469F8}" = CCC Help English
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD624F2C-485E-4074-BC8F-BF86043A71B1}" = Mobile Master
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAFFBC42-ABA2-882C-68CB-593B9CF9ACF5}" = CCC Help Russian
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DEBC6EBF-FF7A-4E30-9C49-DCFB53B446F0}" = Lexware Elster
"{DFF2D0B9-1706-6AA8-85CD-A70DF44AE3F8}" = CCC Help Danish
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E6AAFC37-EB31-768D-A9A5-AA8A84612615}" = CCC Help Dutch
"{E81F9653-892E-43E0-8273-CCA68F351F17}" = QuickImmobilie 2013 - Hotfix 1
"{E8D82F42-EBD8-478C-917B-28F5BA6EAAAA}" = StarMoney
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{F902AB2B-7816-4CBD-A385-F2549F62956B}" = StarMoney
"{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}" = Foxit Reader
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 SmartFax" = 1&1 SmartFax
"1&1 Upload-Manager" = 1&1 Upload-Manager
"AC3Filter_is1" = AC3Filter 2.5b
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Allway Sync_is1" = Allway Sync version 12.14.2
"Arbeitszeugnis-Generator_is1" = Deinstallation Arbeitszeugnis-Generator
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"Identity Card" = Identity Card
"InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"JDownloader" = JDownloader
"lavfilters_is1" = LAV Filters 0.51.3
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"Mobile Master" = Mobile Master 7.9.10
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"NIS" = Norton Internet Security
"Nokia Suite" = Nokia Suite
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RealMedia" = RealMedia (remove only)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Synology Assistant" = Synology Assistant (remove only)
"UltraISO_is1" = UltraISO Premium V8.62
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-121777554-1454121207-2244527815-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.04.2013 12:32:10 | Computer Name = User0815-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 13.04.2013 12:19:00 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 13.04.2013 12:23:38 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Vstor2 P2V30 Virtual Storage Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%3
 
Error - 13.04.2013 12:23:47 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   UimBus  Uim_IM  Uim_VIM
 
Error - 13.04.2013 12:23:49 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 13.04.2013 12:23:52 | Computer Name = User0815-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         

Antwort

Themen zu Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert
anti-malware, befehl, blockiert, blöd, eset, folge, folgende, google, hallo zusammen, konnte, laufen, malwarebytes, meldung, nichts, norton, online, port, process, prozess, scan, scanner, schei, spion, steckt, zusammen



Ähnliche Themen: Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert


  1. Malwarebytes Anti-Malware meldet als bösartige Website blockiert
    Plagegeister aller Art und deren Bekämpfung - 21.10.2015 (13)
  2. Verständnis Frage; Malwarebytes Anti-Malware vs. Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 21.12.2014 (3)
  3. Malwarebytes Anti-Malware
    Diskussionsforum - 21.05.2014 (7)
  4. Win7, firefox startet nicht, Malware laut Malwarebytes Anti-Malware, Security.Hijack
    Log-Analyse und Auswertung - 30.03.2014 (9)
  5. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  6. Softwareupdater.Ui.exe und Malwarebytes Anti-Malware
    Log-Analyse und Auswertung - 01.10.2013 (27)
  7. Malwarebytes Anti-Malware findet Malware.NSPack
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (13)
  8. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  9. Malwarebytes Anti-Malware Einstellungen
    Alles rund um Windows - 10.01.2013 (0)
  10. Malwarebytes Anti Malware LOG! (19.3.2012)
    Log-Analyse und Auswertung - 20.03.2012 (1)
  11. Malwarebytes Anti Malware LOG!
    Log-Analyse und Auswertung - 22.03.2011 (3)
  12. Log-Auswertung (Malwarebytes' Anti-Malware)
    Log-Analyse und Auswertung - 11.02.2010 (1)
  13. Malwarebytes Anti-Malware
    Antiviren-, Firewall- und andere Schutzprogramme - 11.10.2009 (10)
  14. Malwarebytes Anti-Malware stürzt ab
    Log-Analyse und Auswertung - 22.06.2009 (0)

Zum Thema Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert - Hallo Zusammen, hatte in den letzten Tage etwas schwiriegkeiten mit meinem Rechner. Ich hatte einen "Spion" auf meinem Rechner... Diesen konnte ich anscheinen mit adwcleaner & Malwarebytes Anti-Malware löschen. Den - Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert...
Archiv
Du betrachtest: Prozess hlink64.exe von Malwarebytes Anti-Malware gemeldet und blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.