Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.04.2013, 09:25   #1
hadbanger
 
GVU Trojaner - Standard

GVU Trojaner



Hallo,

ich habe mir gestern den GVU-Trojaner eingefangen. Also Windows startet, aber dann ein Bild mit Zahlungsaufforderung, das sich nicht entfernen laesst.

Ich hatte den schon mal letztes Jahr, da konnte ich Windows aber wieder leicht mit der Kaspersky Rescue Disk und dem Windowsunlocker entsperren und dann den Virus entfernen.

Diesmal starte ich auch den windowsunlocker, er meldet auch Erfolg, aber leider weiterhin das GVU-Bild und nichts geht. Ich habe nun von OTLPE gelesen und hoffe, dass es damit klappt.

Habe mir die Boot-CD mit OTLPE gebrannt und damit gestartet. Als Anlage mein OTLPE-Logfile mit der Bitte um einen Fix. Ich hoffe, damit bekomme ich Windows wieder zum Laufen.

Vielen Dank und Gruesse
Hadbanger
Angehängte Dateien
Dateityp: txt OTL.Txt (73,7 KB, 135x aufgerufen)

Alt 26.04.2013, 10:00   #2
Psychotic
/// Malwareteam
 
GVU Trojaner - Standard

GVU Trojaner





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: Fix mit OTLPE


  • An einem anderen PC, klicke auf Start-->ausführen.
  • Schreibe Notepad in die Textbox, klicke OK.
  • Kopiere nun den Inhalt der folgenden Codebox vollständig in das leere Textdokument:
    Code:
    ATTFilter
    :OTL
    O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
    O4 - HKU\.DEFAULT..\Run: [9678ACB43C661622]  File not found
    @Alternate Data Stream - 1393 bytes -> C:\ProgramData\Microsoft:WNvns3w8cqPamUy1wxW1HMc
    @Alternate Data Stream - 1347 bytes -> C:\ProgramData\Microsoft:ksCyKmybPmTCIheMhM
    :FILES
    C:\ProgramData\mazuki.dll
    :COMMANDS
    [emptytemp]
             
  • Speichere die Datei als fix.txt auf einem USB-Stick.
  • Am infizierten Rechner, schließe den USB-Stick an, boote OTLPEN.
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Klicke nun bitte auf den Fix Button.
  • Lade die fix.txt von deinem Stick.
  • Klicke den Fix-Button.
  • Starte Windows nun normal. Es sollte sich eine OTL.txt öffnen, poste deren Inhalt in deinem nächsten Thread.


Starte den Rechner normal!


Schritt 2: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 3: OTL



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 26.04.2013, 11:19   #3
hadbanger
 
GVU Trojaner - Standard

GVU Trojaner



Hallo Marius,

vielen Dank für deine schnelle Antwort.

Ich habe den Inhalt der Codebox mit REATOGO-X-PE und OTLPE gefixt. Er hat auch alles gemacht und anschließend folgendes Textdokument angezeigt:

Code:
ATTFilter
========== OTL ==========
127.0.0.1 pagead2.googlesyndication.com removed from HOSTS file successfully
Registry key HKEY_USERS\.DEFAULT\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
ADS C:\ProgramData\Microsoft:WNvns3w8cqPamUy1wxW1HMc deleted successfully.
ADS C:\ProgramData\Microsoft:ksCyKmybPmTCIheMhM deleted successfully.
========== FILES ==========
C:\ProgramData\mazuki.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33184 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hadbanger
->Temp folder emptied: 48497311 bytes
->Temporary Internet Files folder emptied: 402716302 bytes
->FireFox cache emptied: 74377852 bytes
->Flash cache emptied: 61962 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33184 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3249544 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40957922 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95471 bytes
 
Total Files Cleaned = 544.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 04262013_130445
         
Ich musste beim Start von OTLPE noch vorher mein Windows-Directory auswählen. Sonst alles so gemacht, wie Du geschrieben hast.

Habe danach den PC neu gestartet, aber leider erscheint immer noch das GVU-Bild. Habe ich was falsch gemacht?

Grüße
Hadbanger
__________________

Alt 26.04.2013, 11:37   #4
Psychotic
/// Malwareteam
 
GVU Trojaner - Standard

GVU Trojaner



Nein, hast du nicht. Irgendwas scheine ich nicht gesehen zu haben.


FRST 64



Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 26.04.2013, 12:05   #5
hadbanger
 
GVU Trojaner - Standard

GVU Trojaner



Hallo Marius,

hier das Ergebnis vom FRST-Scan:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2013
Ran by SYSTEM on 26-04-2013 16:00:23
Running from E:\
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKU\Hadbanger\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\Hadbanger\...\Run: [Sysyem Cleaner] C:\Users\Hadbanger\6307225.exe [94208 2013-04-24] (Adobe Systems Incorporated)
HKU\Hadbanger\...\Policies\system: [DisableTaskMgr] 1
HKU\Hadbanger\...\Winlogon: [Shell] Explorer.exe
HKU\UpdatusUser\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Hadbanger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-05-10] (Adobe Systems)
S2 bgsvcgen; C:\Windows\SysWOW64\bgsvcgen.exe [139264 2010-10-27] (SOURCENEXT)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S4 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2012-08-13] (Deutsche Telekom AG)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 Poweroff; C:\Windows\SysWow64\poweroff.exe [172032 2011-06-20] (Jorgen Bosman)
S2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
S4 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [38944 2010-10-27] (B.H.A Corporation)
S3 gwfilt64; C:\Windows\System32\drivers\gwfilt64.sys [34840 2008-09-23] (Creative Technology Ltd.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [33640 2012-06-06] (Intel Corporation )
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-02-03] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203544 2013-02-06] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-06-28] (CyberLink Corp.)
S3 dsltestSp5a64; System32\Drivers\dsltestSp5a64.sys [x]
S1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GearAspiWDM; System32\drivers\GEARAspiWDM.sys [x]
S3 gfiark; system32\drivers\gfiark.sys [x]
S3 NPF; system32\drivers\npf.sys [x]
S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [x]
S0 vidsflt53; system32\DRIVERS\vsflt53.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-26 18:04 - 2013-04-26 18:04 - 00000000 ____D C:\_OTL
2013-04-26 17:21 - 2013-04-26 17:24 - 00075458 ____A C:\OTL.Txt
2013-04-26 16:00 - 2013-04-26 16:00 - 00000000 ____D C:\FRST
2013-04-26 02:14 - 2013-04-26 17:21 - 00039922 ____A C:\Extras.Txt
2013-04-24 14:42 - 2013-04-24 14:42 - 00094208 ____A (Adobe Systems Incorporated) C:\Users\Hadbanger\6307225.exe
2013-04-24 08:22 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-20 10:19 - 2013-04-20 10:19 - 00000000 ____D C:ProgramData\PACE Anti-Piracy
2013-04-15 18:56 - 2013-04-19 18:14 - 131276901 ____A C:\Users\Hadbanger\Desktop\Abschied_Boon.psd
2013-04-10 08:52 - 2013-02-21 11:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 08:52 - 2013-02-21 11:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 08:52 - 2013-02-21 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-10 08:52 - 2013-02-21 11:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 08:52 - 2013-02-21 11:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-10 08:52 - 2013-02-21 11:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 08:52 - 2013-02-21 11:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-10 08:52 - 2013-02-19 13:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 08:52 - 2013-02-19 12:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 08:52 - 2013-02-19 12:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-10 08:52 - 2013-02-19 11:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 08:39 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 08:39 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 08:39 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 08:39 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 08:39 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 08:39 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 08:39 - 2013-03-01 04:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 08:39 - 2013-01-24 07:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-10 08:38 - 2013-04-10 08:38 - 00000000 ____D C:ProgramData\McAfee
2013-04-09 13:53 - 2013-04-10 08:34 - 00000000 ____D C:\Program Files\Google
2013-04-09 13:53 - 2013-04-09 16:02 - 00000000 ____D C:ProgramData\Google
2013-04-02 09:27 - 2013-04-02 09:27 - 00000000 ____D C:\Windows\Panther
2013-04-02 07:47 - 2013-04-02 07:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-02 07:47 - 2013-04-02 07:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-02 07:47 - 2013-04-02 07:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-02 07:47 - 2013-04-02 07:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-02 07:47 - 2013-04-02 07:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-02 07:47 - 2013-04-02 07:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-02 07:47 - 2013-04-02 07:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-02 07:47 - 2013-04-02 07:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-02 07:47 - 2013-04-02 07:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-02 07:45 - 2013-04-02 07:50 - 00010201 ____A C:\Windows\IE10_main.log
2013-04-02 07:45 - 2013-04-02 07:45 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-01 14:59 - 2013-04-03 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-29 10:09 - 2013-03-29 10:09 - 00015959 ____A C:\Users\Hadbanger\Documents\Dienstwoche 2013_1_sw.xlsx
2013-03-29 08:06 - 2013-04-26 14:54 - 01083900 ____A C:\Windows\setupact.log
2013-03-29 08:06 - 2013-04-26 14:54 - 00020418 ____A C:\Windows\PFRO.log
2013-03-29 08:06 - 2013-03-29 08:06 - 00000000 ____A C:\Windows\setuperr.log
2013-03-27 14:55 - 2013-03-27 14:55 - 00000000 ____D C:\Users\Hadbanger\AppData\Local\Bitstream_Tools
2013-03-27 14:42 - 2013-03-27 14:42 - 00000000 ____D C:ProgramData\IsolatedStorage
2013-03-27 14:41 - 2013-03-27 14:41 - 00000000 ____D C:\Program Files\Bitstreamtools

==================== One Month Modified Files and Folders =======

2013-04-26 18:04 - 2013-04-26 18:04 - 00000000 ____D C:\_OTL
2013-04-26 17:24 - 2013-04-26 17:21 - 00075458 ____A C:\OTL.Txt
2013-04-26 17:21 - 2013-04-26 02:14 - 00039922 ____A C:\Extras.Txt
2013-04-26 16:00 - 2013-04-26 16:00 - 00000000 ____D C:\FRST
2013-04-26 14:54 - 2013-03-29 08:06 - 01083900 ____A C:\Windows\setupact.log
2013-04-26 14:54 - 2013-03-29 08:06 - 00020418 ____A C:\Windows\PFRO.log
2013-04-26 14:54 - 2012-08-29 15:41 - 00000000 ____D C:ProgramData\NVIDIA
2013-04-26 14:54 - 2010-12-24 10:03 - 00000000 ___RD C:\Users\Hadbanger\Dropbox
2013-04-26 14:54 - 2010-12-24 10:02 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\Dropbox
2013-04-26 14:54 - 2010-05-13 14:55 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-26 14:54 - 2009-07-14 06:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-26 14:54 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-26 12:24 - 2012-03-08 15:38 - 02034399 ____A C:\Windows\WindowsUpdate.log
2013-04-26 12:24 - 2010-05-13 14:55 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-26 12:24 - 2010-01-30 11:15 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-26 12:24 - 2010-01-30 11:15 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-26 12:19 - 2013-03-06 14:45 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0
2013-04-25 20:30 - 2013-02-20 12:22 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-04-25 17:43 - 2012-04-15 17:28 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-25 17:31 - 2012-03-17 17:17 - 00001136 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1661754313-4272918001-2753178953-1000UA.job
2013-04-25 09:12 - 2009-07-08 17:12 - 00000000 ____D C:\Users\Hadbanger\AppData\Local\Adobe
2013-04-24 14:42 - 2013-04-24 14:42 - 00094208 ____A (Adobe Systems Incorporated) C:\Users\Hadbanger\6307225.exe
2013-04-24 14:42 - 2010-01-30 11:16 - 00000000 ____D C:\users\Hadbanger
2013-04-24 14:09 - 2013-01-17 19:53 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\vlc
2013-04-23 17:12 - 2010-05-05 18:52 - 00007860 ____A C:\fpRedmon.log
2013-04-23 17:12 - 2010-05-05 18:52 - 00000000 ____D C:\Users\Hadbanger\AppData\Local\FreePDF_XP
2013-04-23 16:32 - 2012-03-17 17:17 - 00001084 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1661754313-4272918001-2753178953-1000Core.job
2013-04-23 10:54 - 2013-01-21 16:23 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\foobar2000
2013-04-22 18:59 - 2013-01-25 11:08 - 00884736 ____A C:\Users\Hadbanger\Documents\Gebiete Frankfurt-Süd.accdb
2013-04-22 10:06 - 2012-11-16 11:05 - 00000600 ____A C:\Users\Hadbanger\AppData\Local\PUTTY.RND
2013-04-22 09:09 - 2009-07-17 09:14 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\Skype
2013-04-22 09:07 - 2009-07-17 09:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-22 09:07 - 2009-07-17 09:12 - 00000000 ____D C:ProgramData\Skype
2013-04-20 19:21 - 2011-09-13 19:17 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\Mp3tag
2013-04-20 16:32 - 2011-09-13 19:17 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-04-20 15:31 - 2009-06-28 17:51 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\Mozilla
2013-04-20 10:19 - 2013-04-20 10:19 - 00000000 ____D C:ProgramData\PACE Anti-Piracy
2013-04-20 10:19 - 2012-02-24 18:59 - 00000000 __AHD C:\Users\Hadbanger\AppData\Local\2M5xrfiZFTIbDW0
2013-04-20 10:19 - 2011-11-11 12:46 - 00000000 __AHD C:\Users\Hadbanger\AppData\Local\yPjahNDpOYT
2013-04-20 10:19 - 2009-07-16 18:34 - 00000021 ____A C:\Windows\SurCode.INI
2013-04-20 10:19 - 2009-07-14 04:20 - 00000000 ___AD C:ProgramData\Microsoft
2013-04-19 18:14 - 2013-04-15 18:56 - 131276901 ____A C:\Users\Hadbanger\Desktop\Abschied_Boon.psd
2013-04-19 17:01 - 2011-10-23 13:44 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\Audacity
2013-04-17 07:51 - 2013-02-27 15:10 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\MediaPurge
2013-04-13 07:40 - 2010-09-06 18:55 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-04-13 07:40 - 2010-01-31 19:27 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-04-12 15:45 - 2013-04-24 08:22 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 18:56 - 2012-04-15 17:28 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-11 18:56 - 2011-05-22 16:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-11 18:56 - 2009-03-04 17:38 - 00000000 ____D C:ProgramData\Adobe
2013-04-11 15:37 - 2009-03-04 17:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-04-10 18:54 - 2009-07-14 05:45 - 04961280 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 08:53 - 2010-02-10 19:18 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 08:53 - 2009-03-04 17:15 - 00000000 ____D C:ProgramData\Microsoft Help
2013-04-10 08:38 - 2013-04-10 08:38 - 00000000 ____D C:ProgramData\McAfee
2013-04-10 08:34 - 2013-04-09 13:53 - 00000000 ____D C:\Program Files\Google
2013-04-10 08:34 - 2010-05-13 14:55 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-09 16:02 - 2013-04-09 13:53 - 00000000 ____D C:ProgramData\Google
2013-04-09 16:02 - 2010-05-13 14:55 - 00000000 ____D C:\Users\Hadbanger\AppData\Local\Google
2013-04-09 13:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-09 11:31 - 2009-11-07 19:03 - 00000000 ____D C:\Utils
2013-04-09 11:30 - 2009-07-17 09:53 - 00000000 ____D C:\Users\Hadbanger\Desktop\Utilities
2013-04-05 14:42 - 2009-07-17 09:02 - 00001365 ____A C:\Users\Hadbanger\Desktop\Passwörter.txt
2013-04-04 12:57 - 2013-01-10 17:01 - 00000000 ____D C:\Users\Hadbanger\Documents\Gebiete
2013-04-04 09:05 - 2009-07-14 13:55 - 00000000 ____D C:\Program Files (x86)\MSECACHE
2013-04-04 07:40 - 2012-05-21 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-03 19:22 - 2011-05-26 08:21 - 00000000 ____D C:\Users\Hadbanger\Desktop\3D
2013-04-03 14:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-04-03 08:37 - 2013-04-01 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-02 11:34 - 2009-10-03 08:44 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-02 09:27 - 2013-04-02 09:27 - 00000000 ____D C:\Windows\Panther
2013-04-02 09:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-04-02 09:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-04-02 09:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-04-02 09:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-04-02 09:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-02 07:50 - 2013-04-02 07:45 - 00010201 ____A C:\Windows\IE10_main.log
2013-04-02 07:47 - 2013-04-02 07:47 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-02 07:47 - 2013-04-02 07:47 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-02 07:47 - 2013-04-02 07:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-02 07:47 - 2013-04-02 07:47 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-02 07:47 - 2013-04-02 07:47 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-02 07:47 - 2013-04-02 07:47 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-02 07:47 - 2013-04-02 07:47 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-02 07:47 - 2013-04-02 07:47 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-02 07:47 - 2013-04-02 07:47 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-02 07:47 - 2013-04-02 07:47 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-02 07:47 - 2013-04-02 07:47 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-02 07:45 - 2013-04-02 07:45 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 07:45 - 2013-04-02 07:45 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 08:06 - 2013-03-29 08:06 - 00000000 ____A C:\Windows\setuperr.log
2013-03-28 20:24 - 2012-08-29 17:25 - 00000000 ____D C:\Windows\Minidump
2013-03-28 20:23 - 2011-09-26 10:00 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2013-03-28 20:20 - 2013-03-06 10:09 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\Gynobo
2013-03-28 12:24 - 2013-03-06 10:09 - 00000000 ____D C:\Users\Hadbanger\AppData\Roaming\Ahago
2013-03-27 15:27 - 2010-04-10 21:51 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2013-03-27 14:55 - 2013-03-27 14:55 - 00000000 ____D C:\Users\Hadbanger\AppData\Local\Bitstream_Tools
2013-03-27 14:42 - 2013-03-27 14:42 - 00000000 ____D C:ProgramData\IsolatedStorage
2013-03-27 14:42 - 2012-10-23 15:13 - 00000000 ____D C:\Users\Hadbanger\Desktop\Bewerbungen
2013-03-27 14:41 - 2013-03-27 14:41 - 00000000 ____D C:\Program Files\Bitstreamtools

Other Malware:
===========
C:\Users\Hadbanger\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 6135.17 MB
Available physical RAM: 5350.82 MB
Total Pagefile: 6133.32 MB
Available Pagefile: 5345.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Win7 System) (Fixed) (Total:119.24 GB) (Free:30.18 GB) NTFS (Disk=1 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (ACER alt) (Fixed) (Total:366.72 GB) (Free:354.68 GB) NTFS (Disk=2 Partition=2)
Drive e: (TOSHIBA) (Removable) (Total:1.86 GB) (Free:0.34 GB) FAT (Disk=3 Partition=1)
Drive f: (370 GB) (Fixed) (Total:366.72 GB) (Free:297.77 GB) NTFS (Disk=0 Partition=2)
Drive g: (550 GB) (Fixed) (Total:550.13 GB) (Free:457.91 GB) NTFS (Disk=0 Partition=3)
Drive h: (DATA alt) (Fixed) (Total:550.13 GB) (Free:178.96 GB) NTFS (Disk=2 Partition=3)
Drive i: (PQSERVICE) (Fixed) (Total:14.66 GB) (Free:1.34 GB) NTFS (Disk=0 Partition=1)
Drive j: (PQSERVICE) (Fixed) (Total:14.65 GB) (Free:1.34 GB) NTFS (Disk=2 Partition=1)
Drive k: (GRMCHPXFRER_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          931 GB      0 B         
  Datentr„ger 1    Online          119 GB      0 B         
  Datentr„ger 2    Online          931 GB      0 B         
  Datentr„ger 3    Online         1901 MB      0 B         
  Datentr„ger 4    Kein Medium        0 B      0 B         
  Datentr„ger 5    Kein Medium        0 B      0 B         
  Datentr„ger 6    Kein Medium        0 B      0 B         
  Datentr„ger 7    Kein Medium        0 B      0 B         

Partitions of Disk 0:
===============

Datentr„ger-ID: E7BA3886

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Wiederherstellun    14 GB    31 KB
  Partition 2    Prim„r             366 GB    14 GB
  Partition 3    Prim„r             550 GB   381 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 27
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     I   PQSERVICE    NTFS   Partition     14 GB  Fehlerfre  Versteck

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     F   370 GB       NTFS   Partition    366 GB  Fehlerfre          

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     G   550 GB       NTFS   Partition    550 GB  Fehlerfre          

=========================================================

Partitions of Disk 1:
===============

Datentr„ger-ID: 000D4B70

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r             119 GB  1024 KB

==================================================================================

Disk: 1
Partition 1
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     C   Win7 System  NTFS   Partition    119 GB  Fehlerfre          

=========================================================

Partitions of Disk 2:
===============

Datentr„ger-ID: 4919D20E

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Wiederherstellun    14 GB    31 KB
  Partition 2    Prim„r             366 GB    14 GB
  Partition 3    Prim„r             550 GB   381 GB

==================================================================================

Disk: 2
Partition 1
Typ      : 27
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 8     J   PQSERVICE    NTFS   Partition     14 GB  Fehlerfre  Versteck

=========================================================

Disk: 2
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     D   ACER alt     NTFS   Partition    366 GB  Fehlerfre          

=========================================================

Disk: 2
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7     H   DATA alt     NTFS   Partition    550 GB  Fehlerfre          

=========================================================

Partitions of Disk 3:
===============

Datentr„ger-ID: 00000000

  Partition ###  Typ               GrӇe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            1901 MB     8 KB

==================================================================================

Disk: 3
Partition 1
Typ      : 0E
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         GrӇe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 9     E   TOSHIBA      FAT    Wechselmed  1901 MB  Fehlerfre          

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E7BA3886)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Not Active) - (Size=367 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=550 GB) - (Type=07) (NTFS)

====================================================================
Disk: 1 (Size: 119 GB) (Disk ID: 000D4B70)
Partition 1: (Active) - (Size=119 GB) - (Type=07) (NTFS)

====================================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4919D20E)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=367 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=550 GB) - (Type=07) (NTFS)

====================================================================
Disk: 3 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=2 GB) - (Type=0E)


Last Boot: 2013-04-24 11:53

==================== End Of Log ============================
         


Alt 26.04.2013, 12:19   #6
Psychotic
/// Malwareteam
 
GVU Trojaner - Standard

GVU Trojaner



aha!

Schritt 1: Fix mit FRST 64



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKU\Hadbanger\...\Run: [Sysyem Cleaner] C:\Users\Hadbanger\6307225.exe [94208 2013-04-24] (Adobe Systems Incorporated)
HKU\Hadbanger\...\Policies\system: [DisableTaskMgr] 1

C:\Users\Hadbanger\6307225.exe
C:\Users\Hadbanger\AppData\Roaming\Gynobo
C:\Users\Hadbanger\AppData\Roaming\Ahago
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST64.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Schritt 2: Suche mit FRST 64



Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Search file(s).
  • Es öfnet sich ein Fenster, in dem bereits search: steht.
    Füge hier folgendes hinzu:
    Code:
    ATTFilter
    ntfs.sys
             

Klicke auf search - das Tool erstellt eine search.txt auf deinem Stick. Poste den Inhalt bitte hier.
__________________
--> GVU Trojaner

Alt 26.04.2013, 12:55   #7
hadbanger
 
GVU Trojaner - Standard

GVU Trojaner



Hallo Marius,

hier die Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2013
Ran by SYSTEM at 2013-04-26 16:51:42 Run:1
Running from O:\
Boot Mode: Recovery
==============================================

HKEY_USERS\Hadbanger\Software\Microsoft\Windows\CurrentVersion\Run\\Sysyem Cleaner value not found.
HKEY_USERS\Hadbanger\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr value not found.
C:\Users\Hadbanger\6307225.exe moved successfully.
C:\Users\Hadbanger\AppData\Roaming\Gynobo moved successfully.
C:\Users\Hadbanger\AppData\Roaming\Ahago moved successfully.

==== End of Fixlog ====
         
Und hier das Search-Ergebnis:

Code:
ATTFilter
Farbar Recovery Scan Tool (x64) Version: 26-04-2013
Ran by SYSTEM at 2013-04-26 16:52:54
Running from O:\
Boot Mode: Recovery

================== Search: "ntfs.sys" ===================

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys
[2013-04-24 08:22] - [2013-04-12 15:16] - 1686888 ____A (Microsoft Corporation) A6AE4551BF8EED09FA3B6FCDF472F3E1

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22272_none_04ddcd7b4cdb5d9b\ntfs.sys
[2013-04-10 08:39] - [2013-03-02 06:21] - 1686376 ____A (Microsoft Corporation) 9A77052C2F5F408CB8402D992360BC07

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys
[2012-10-11 16:52] - [2012-08-31 18:57] - 1687408 ____A (Microsoft Corporation) B2746D84DDF68D09B41B72DF745CCBA6

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011-04-27 17:15] - [2011-03-11 07:19] - 1659776 ____A (Microsoft Corporation) 87B104128D4D3BA3C13098BAEBF38082

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_048f41be3390b0cf\ntfs.sys
[2013-04-24 08:22] - [2013-04-12 15:45] - 1656680 ____A (Microsoft Corporation) B98F8C6E31CD07B2E6F71F7F648E38C0

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18106_none_04a3e14c33815f96\ntfs.sys
[2013-04-10 08:39] - [2013-03-02 07:04] - 1655656 ____A (Microsoft Corporation) B8965FB53551B5455630A4B804D0791F

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys
[2012-10-11 16:52] - [2012-08-31 19:19] - 1659760 ____A (Microsoft Corporation) E453ACF4E7D44E5530B5D5F2B9CA8563

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[2011-04-27 17:15] - [2011-03-11 07:41] - 1659776 ____A (Microsoft Corporation) A2F74975097F52A00745F9637451FDD8

C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2011-06-19 07:38] - [2010-11-20 14:33] - 1659776 ____A (Microsoft Corporation) 05D78AA5CB5F3F5C31160BDB955D0B7C

C:\Windows\System32\drivers\ntfs.sys
[2013-04-24 08:22] - [2013-04-12 15:45] - 1656680 ____A (Microsoft Corporation) B98F8C6E31CD07B2E6F71F7F648E38C0

====== End Of Search ======
         

Alt 28.04.2013, 13:24   #8
Psychotic
/// Malwareteam
 
GVU Trojaner - Standard

GVU Trojaner



Fix mit FRST 64



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
Replace: C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys C:\Windows\System32\drivers\ntfs.sys
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST64.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Starte den Rechner im normalen Modus!




Schritt 2: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 3: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 29.04.2013, 17:06   #9
hadbanger
 
GVU Trojaner - Standard

GVU Trojaner



Hallo Marius,

bereits nach deinem letzten Fix vom Freitag läuft mein Windows wieder, deswegen schon mal VIELEN DANK!!

Hier der Fixlog von FRST64:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2013
Ran by SYSTEM at 2013-04-29 17:42:16 Run:2
Running from E:\
Boot Mode: Recovery
==============================================

C:\Windows\System32\drivers\ntfs.sys moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys copied successfully to C:\Windows\System32\drivers\ntfs.sys

==== End of Fixlog ====
         
Und hier der Log von aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 17:44:21
-----------------------------
17:44:21.994    OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:21.994    Number of processors: 8 586 0x1A04
17:44:21.994    ComputerName: HADBANGER-ACER  UserName: Hadbanger
17:44:22.181    Initialize success
17:58:47.538    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:58:47.538    Disk 0 Vendor: SAMSUNG_ CXM0 Size: 122104MB BusType: 3
17:58:47.538    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
17:58:47.538    Disk 1 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
17:58:47.553    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
17:58:47.553    Disk 2 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
17:58:47.553    Disk 0 MBR read successfully
17:58:47.553    Disk 0 MBR scan
17:58:47.553    Disk 0 unknown MBR code
17:58:47.569    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       122103 MB offset 2048
17:58:47.569    Disk 0 scanning C:\Windows\system32\drivers
17:58:48.739    Service scanning
17:58:50.112    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:58:51.048    Modules scanning
17:58:51.048    Disk 0 trace - called modules:
17:58:51.048    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys iaStor.sys spgv.sys hal.dll 
17:58:51.048    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800664e790]
17:58:51.063    3 CLASSPNP.SYS[fffff880015c443f] -> nt!IofCallDriver -> [0xfffffa800653ee30]
17:58:51.063    5 vsflt53.sys[fffff880011e4cfd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80063bd050]
17:58:51.063    Scan finished successfully
17:59:12.264    Disk 0 MBR has been saved successfully to "C:\Users\Hadbanger\Desktop\MBR.dat"
17:59:12.264    The log file has been saved successfully to "C:\Users\Hadbanger\Desktop\aswMBR.txt"
         
Und hier noch das Ergebnis von TDSSKiller:

Code:
ATTFilter
17:59:31.0447 3992  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:59:31.0852 3992  ============================================================
17:59:31.0852 3992  Current date / time: 2013/04/29 17:59:31.0852
17:59:31.0852 3992  SystemInfo:
17:59:31.0852 3992  
17:59:31.0852 3992  OS Version: 6.1.7601 ServicePack: 1.0
17:59:31.0852 3992  Product type: Workstation
17:59:31.0852 3992  ComputerName: HADBANGER-ACER
17:59:31.0852 3992  UserName: Hadbanger
17:59:31.0852 3992  Windows directory: C:\Windows
17:59:31.0852 3992  System windows directory: C:\Windows
17:59:31.0852 3992  Running under WOW64
17:59:31.0852 3992  Processor architecture: Intel x64
17:59:31.0852 3992  Number of processors: 8
17:59:31.0852 3992  Page size: 0x1000
17:59:31.0852 3992  Boot type: Normal boot
17:59:31.0852 3992  ============================================================
17:59:32.0273 3992  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:32.0273 3992  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:32.0273 3992  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:32.0305 3992  Drive \Device\Harddisk7\DR7 - Size: 0x76DD7E00 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:59:32.0305 3992  ============================================================
17:59:32.0305 3992  \Device\Harddisk0\DR0:
17:59:32.0305 3992  MBR partitions:
17:59:32.0305 3992  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B800
17:59:32.0305 3992  \Device\Harddisk1\DR1:
17:59:32.0305 3992  MBR partitions:
17:59:32.0305 3992  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1D52EFA, BlocksNum 0x2DD6F906
17:59:32.0305 3992  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x2FAC29FA, BlocksNum 0x44C42FC7
17:59:32.0305 3992  \Device\Harddisk2\DR2:
17:59:32.0305 3992  MBR partitions:
17:59:32.0305 3992  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x2DD73000
17:59:32.0305 3992  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x2FAC2800, BlocksNum 0x44C43800
17:59:32.0305 3992  \Device\Harddisk7\DR7:
17:59:32.0305 3992  MBR partitions:
17:59:32.0305 3992  \Device\Harddisk7\DR7\Partition1: MBR, Type 0xE, StartLBA 0x10, BlocksNum 0x3B6EAF
17:59:32.0305 3992  ============================================================
17:59:32.0305 3992  C: <-> \Device\Harddisk0\DR0\Partition1
17:59:32.0320 3992  A: <-> \Device\Harddisk2\DR2\Partition1
17:59:32.0351 3992  B: <-> \Device\Harddisk2\DR2\Partition2
17:59:32.0351 3992  D: <-> \Device\Harddisk1\DR1\Partition2
17:59:32.0367 3992  K: <-> \Device\Harddisk1\DR1\Partition1
17:59:32.0367 3992  ============================================================
17:59:32.0367 3992  Initialize success
17:59:32.0367 3992  ============================================================
17:59:38.0217 1148  ============================================================
17:59:38.0217 1148  Scan started
17:59:38.0217 1148  Mode: Manual; 
17:59:38.0217 1148  ============================================================
17:59:38.0373 1148  ================ Scan system memory ========================
17:59:38.0373 1148  System memory - ok
17:59:38.0373 1148  ================ Scan services =============================
17:59:38.0404 1148  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:59:38.0404 1148  1394ohci - ok
17:59:38.0404 1148  [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
17:59:38.0404 1148  61883 - ok
17:59:38.0404 1148  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:59:38.0420 1148  ACPI - ok
17:59:38.0420 1148  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:59:38.0420 1148  AcpiPmi - ok
17:59:38.0420 1148  [ D44BCAF639E4E45307C2BC80715273D5 ] adfs            C:\Windows\system32\drivers\adfs.sys
17:59:38.0420 1148  adfs - ok
17:59:38.0420 1148  [ 4AE327C9C375D985FF2A2AAB92765218 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
17:59:38.0498 1148  Adobe LM Service - ok
17:59:38.0513 1148  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:59:38.0529 1148  AdobeFlashPlayerUpdateSvc - ok
17:59:38.0529 1148  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:59:38.0529 1148  adp94xx - ok
17:59:38.0545 1148  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:59:38.0545 1148  adpahci - ok
17:59:38.0545 1148  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:59:38.0545 1148  adpu320 - ok
17:59:38.0545 1148  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:59:38.0545 1148  AeLookupSvc - ok
17:59:38.0560 1148  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:59:38.0560 1148  AFD - ok
17:59:38.0560 1148  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:59:38.0560 1148  agp440 - ok
17:59:38.0576 1148  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:59:38.0576 1148  ALG - ok
17:59:38.0576 1148  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:59:38.0576 1148  aliide - ok
17:59:38.0576 1148  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:59:38.0576 1148  amdide - ok
17:59:38.0576 1148  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:59:38.0576 1148  AmdK8 - ok
17:59:38.0576 1148  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:59:38.0576 1148  AmdPPM - ok
17:59:38.0591 1148  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:59:38.0591 1148  amdsata - ok
17:59:38.0591 1148  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:59:38.0591 1148  amdsbs - ok
17:59:38.0591 1148  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:59:38.0591 1148  amdxata - ok
17:59:38.0591 1148  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:59:38.0591 1148  AppID - ok
17:59:38.0607 1148  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:59:38.0607 1148  AppIDSvc - ok
17:59:38.0607 1148  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:59:38.0607 1148  Appinfo - ok
17:59:38.0607 1148  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:59:38.0607 1148  arc - ok
17:59:38.0607 1148  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:59:38.0607 1148  arcsas - ok
17:59:38.0623 1148  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:59:38.0623 1148  AsyncMac - ok
17:59:38.0623 1148  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:59:38.0623 1148  atapi - ok
17:59:38.0623 1148  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:59:38.0638 1148  AudioEndpointBuilder - ok
17:59:38.0638 1148  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:59:38.0654 1148  AudioSrv - ok
17:59:38.0654 1148  [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
17:59:38.0654 1148  Avc - ok
17:59:38.0654 1148  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:59:38.0654 1148  AxInstSV - ok
17:59:38.0669 1148  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:59:38.0669 1148  b06bdrv - ok
17:59:38.0669 1148  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:59:38.0669 1148  b57nd60a - ok
17:59:38.0685 1148  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:59:38.0685 1148  BDESVC - ok
17:59:38.0685 1148  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:59:38.0685 1148  Beep - ok
17:59:38.0685 1148  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:59:38.0701 1148  BFE - ok
17:59:38.0701 1148  [ 27FDD13BEC08CEEAC4BE6B900A6C39CE ] bgsvcgen        C:\Windows\SysWOW64\bgsvcgen.exe
17:59:38.0701 1148  bgsvcgen - ok
17:59:38.0716 1148  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:59:38.0716 1148  BITS - ok
17:59:38.0732 1148  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:59:38.0732 1148  blbdrive - ok
17:59:38.0732 1148  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:59:38.0732 1148  Bonjour Service - ok
17:59:38.0747 1148  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:59:38.0747 1148  bowser - ok
17:59:38.0747 1148  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:59:38.0747 1148  BrFiltLo - ok
17:59:38.0747 1148  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:59:38.0747 1148  BrFiltUp - ok
17:59:38.0747 1148  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:59:38.0747 1148  Browser - ok
17:59:38.0763 1148  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:59:38.0763 1148  Brserid - ok
17:59:38.0763 1148  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:59:38.0763 1148  BrSerWdm - ok
17:59:38.0763 1148  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:59:38.0763 1148  BrUsbMdm - ok
17:59:38.0763 1148  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:59:38.0763 1148  BrUsbSer - ok
17:59:38.0779 1148  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:59:38.0779 1148  BTHMODEM - ok
17:59:38.0779 1148  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:59:38.0779 1148  bthserv - ok
17:59:38.0779 1148  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:59:38.0779 1148  cdfs - ok
17:59:38.0779 1148  [ 9456FAE4BF8ABF6316405724E7EA597E ] cdrbsdrv        C:\Windows\system32\drivers\cdrbsdrv.sys
17:59:38.0779 1148  cdrbsdrv - ok
17:59:38.0794 1148  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:59:38.0794 1148  cdrom - ok
17:59:38.0794 1148  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:59:38.0794 1148  CertPropSvc - ok
17:59:38.0794 1148  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:59:38.0794 1148  circlass - ok
17:59:38.0810 1148  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:59:38.0810 1148  CLFS - ok
17:59:38.0810 1148  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:59:38.0810 1148  clr_optimization_v2.0.50727_32 - ok
17:59:38.0825 1148  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:59:38.0825 1148  clr_optimization_v2.0.50727_64 - ok
17:59:38.0825 1148  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:59:38.0825 1148  clr_optimization_v4.0.30319_32 - ok
17:59:38.0825 1148  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:59:38.0841 1148  clr_optimization_v4.0.30319_64 - ok
17:59:38.0841 1148  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:59:38.0841 1148  CmBatt - ok
17:59:38.0841 1148  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:59:38.0841 1148  cmdide - ok
17:59:38.0841 1148  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
17:59:38.0857 1148  CNG - ok
17:59:38.0857 1148  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:59:38.0857 1148  Compbatt - ok
17:59:38.0857 1148  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:59:38.0857 1148  CompositeBus - ok
17:59:38.0857 1148  COMSysApp - ok
17:59:38.0857 1148  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:59:38.0857 1148  crcdisk - ok
17:59:38.0872 1148  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:59:38.0872 1148  CryptSvc - ok
17:59:38.0872 1148  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:59:38.0888 1148  DcomLaunch - ok
17:59:38.0888 1148  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:59:38.0888 1148  defragsvc - ok
17:59:38.0888 1148  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:59:38.0888 1148  DfsC - ok
17:59:38.0903 1148  [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
17:59:38.0903 1148  dg_ssudbus - ok
17:59:38.0903 1148  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:59:38.0903 1148  Dhcp - ok
17:59:38.0919 1148  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:59:38.0919 1148  discache - ok
17:59:38.0919 1148  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:59:38.0919 1148  Disk - ok
17:59:38.0919 1148  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:59:38.0919 1148  Dnscache - ok
17:59:38.0919 1148  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:59:38.0935 1148  dot3svc - ok
17:59:38.0935 1148  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
17:59:38.0935 1148  Dot4 - ok
17:59:38.0935 1148  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
17:59:38.0935 1148  Dot4Print - ok
17:59:38.0935 1148  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
17:59:38.0935 1148  dot4usb - ok
17:59:38.0950 1148  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:59:38.0950 1148  DPS - ok
17:59:38.0950 1148  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:59:38.0950 1148  drmkaud - ok
17:59:38.0950 1148  [ AA939E356C55CF0BC5EA128CE7ED200A ] dsltestSp5a64   C:\Windows\system32\Drivers\dsltestSp5a64.sys
17:59:38.0950 1148  dsltestSp5a64 - ok
17:59:38.0966 1148  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:59:38.0966 1148  DXGKrnl - ok
17:59:38.0981 1148  [ 11D0ECA73AB25135F65656B93ADBCB3D ] e1yexpress      C:\Windows\system32\DRIVERS\e1y62x64.sys
17:59:38.0981 1148  e1yexpress - ok
17:59:38.0981 1148  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:59:38.0981 1148  EapHost - ok
17:59:39.0013 1148  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:59:39.0044 1148  ebdrv - ok
17:59:39.0044 1148  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:59:39.0044 1148  EFS - ok
17:59:39.0059 1148  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:59:39.0059 1148  ehRecvr - ok
17:59:39.0059 1148  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:59:39.0059 1148  ehSched - ok
17:59:39.0075 1148  [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
17:59:39.0075 1148  ElbyCDIO - ok
17:59:39.0075 1148  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:59:39.0075 1148  elxstor - ok
17:59:39.0091 1148  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:59:39.0091 1148  ErrDev - ok
17:59:39.0091 1148  esgiguard - ok
17:59:39.0091 1148  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:59:39.0106 1148  EventSystem - ok
17:59:39.0106 1148  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:59:39.0106 1148  exfat - ok
17:59:39.0106 1148  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:59:39.0106 1148  fastfat - ok
17:59:39.0122 1148  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:59:39.0122 1148  Fax - ok
17:59:39.0137 1148  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:59:39.0137 1148  fdc - ok
17:59:39.0137 1148  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:59:39.0137 1148  fdPHost - ok
17:59:39.0137 1148  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:59:39.0137 1148  FDResPub - ok
17:59:39.0137 1148  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:59:39.0137 1148  FileInfo - ok
17:59:39.0137 1148  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:59:39.0137 1148  Filetrace - ok
17:59:39.0153 1148  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:59:39.0153 1148  FLEXnet Licensing Service - ok
17:59:39.0169 1148  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:59:39.0184 1148  FLEXnet Licensing Service 64 - ok
17:59:39.0184 1148  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:59:39.0184 1148  flpydisk - ok
17:59:39.0184 1148  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:59:39.0200 1148  FltMgr - ok
17:59:39.0200 1148  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:59:39.0215 1148  FontCache - ok
17:59:39.0215 1148  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:59:39.0215 1148  FontCache3.0.0.0 - ok
17:59:39.0215 1148  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:59:39.0215 1148  FsDepends - ok
17:59:39.0231 1148  [ 0E330639B19FEB8DE20B685576D9BF9D ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:59:39.0231 1148  fssfltr - ok
17:59:39.0231 1148  [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:59:39.0247 1148  fsssvc - ok
17:59:39.0247 1148  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:59:39.0247 1148  Fs_Rec - ok
17:59:39.0247 1148  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:59:39.0247 1148  fvevol - ok
17:59:39.0247 1148  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:59:39.0247 1148  gagp30kx - ok
17:59:39.0262 1148  [ E403AACF8C7BB11375122D2464560311 ] GearAspiWDM     C:\Windows\system32\drivers\GEARAspiWDM.sys
17:59:39.0262 1148  GearAspiWDM - ok
17:59:39.0262 1148  [ E80C14B9C6E5B57BB7710B356857A964 ] gfiark          C:\Windows\system32\drivers\gfiark.sys
17:59:39.0262 1148  gfiark - ok
17:59:39.0262 1148  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:59:39.0278 1148  gpsvc - ok
17:59:39.0278 1148  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:59:39.0278 1148  gupdate - ok
17:59:39.0278 1148  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:59:39.0278 1148  gupdatem - ok
17:59:39.0293 1148  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:59:39.0293 1148  gusvc - ok
17:59:39.0293 1148  [ 215DCB833B0747FBAD8AE28C85B5381C ] gwfilt64        C:\Windows\system32\drivers\gwfilt64.sys
17:59:39.0293 1148  gwfilt64 - ok
17:59:39.0293 1148  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:59:39.0293 1148  hcw85cir - ok
17:59:39.0309 1148  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:59:39.0309 1148  HdAudAddService - ok
17:59:39.0309 1148  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:59:39.0309 1148  HDAudBus - ok
17:59:39.0309 1148  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:59:39.0309 1148  HidBatt - ok
17:59:39.0309 1148  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:59:39.0325 1148  HidBth - ok
17:59:39.0325 1148  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:59:39.0325 1148  HidIr - ok
17:59:39.0325 1148  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:59:39.0325 1148  hidserv - ok
17:59:39.0325 1148  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:59:39.0325 1148  HidUsb - ok
17:59:39.0325 1148  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:59:39.0325 1148  hkmsvc - ok
17:59:39.0340 1148  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:59:39.0340 1148  HomeGroupListener - ok
17:59:39.0340 1148  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:59:39.0340 1148  HomeGroupProvider - ok
17:59:39.0356 1148  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:59:39.0356 1148  HpSAMD - ok
17:59:39.0356 1148  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:59:39.0371 1148  HTTP - ok
17:59:39.0371 1148  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:59:39.0371 1148  hwpolicy - ok
17:59:39.0371 1148  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:59:39.0371 1148  i8042prt - ok
17:59:39.0387 1148  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:59:39.0387 1148  iaStor - ok
17:59:39.0387 1148  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:59:39.0387 1148  iaStorV - ok
17:59:39.0418 1148  [ 15C9BF6968A0990D8F4161A6ABEB7229 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
17:59:39.0434 1148  IconMan_R - ok
17:59:39.0449 1148  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:59:39.0449 1148  IDriverT - ok
17:59:39.0449 1148  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:59:39.0465 1148  idsvc - ok
17:59:39.0465 1148  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:59:39.0465 1148  iirsp - ok
17:59:39.0481 1148  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:59:39.0481 1148  IKEEXT - ok
17:59:39.0527 1148  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:59:39.0559 1148  IntcAzAudAddService - ok
17:59:39.0559 1148  [ A53C54D81C726BEB508F0005F445C4A0 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
17:59:39.0559 1148  Intel(R) PROSet Monitoring Service - ok
17:59:39.0559 1148  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:59:39.0559 1148  intelide - ok
17:59:39.0574 1148  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:59:39.0574 1148  intelppm - ok
17:59:39.0574 1148  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:59:39.0574 1148  IPBusEnum - ok
17:59:39.0574 1148  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:59:39.0574 1148  IpFilterDriver - ok
17:59:39.0590 1148  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:59:39.0590 1148  iphlpsvc - ok
17:59:39.0590 1148  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:59:39.0590 1148  IPMIDRV - ok
17:59:39.0605 1148  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:59:39.0605 1148  IPNAT - ok
17:59:39.0605 1148  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:59:39.0605 1148  IRENUM - ok
17:59:39.0605 1148  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:59:39.0605 1148  isapnp - ok
17:59:39.0605 1148  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:59:39.0605 1148  iScsiPrt - ok
17:59:39.0621 1148  [ C0D9BA660A41EE8A269EF804E6CD0D7B ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
17:59:39.0621 1148  JRAID - ok
17:59:39.0621 1148  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:59:39.0621 1148  kbdclass - ok
17:59:39.0621 1148  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:59:39.0621 1148  kbdhid - ok
17:59:39.0621 1148  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:59:39.0621 1148  KeyIso - ok
17:59:39.0621 1148  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:59:39.0621 1148  KSecDD - ok
17:59:39.0637 1148  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:59:39.0637 1148  KSecPkg - ok
17:59:39.0637 1148  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:59:39.0637 1148  ksthunk - ok
17:59:39.0637 1148  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:59:39.0652 1148  KtmRm - ok
17:59:39.0652 1148  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:59:39.0652 1148  LanmanServer - ok
17:59:39.0652 1148  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:59:39.0652 1148  LanmanWorkstation - ok
17:59:39.0668 1148  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:59:39.0668 1148  lltdio - ok
17:59:39.0668 1148  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:59:39.0668 1148  lltdsvc - ok
17:59:39.0668 1148  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:59:39.0668 1148  lmhosts - ok
17:59:39.0683 1148  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:59:39.0683 1148  LSI_FC - ok
17:59:39.0683 1148  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:59:39.0683 1148  LSI_SAS - ok
17:59:39.0683 1148  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:59:39.0683 1148  LSI_SAS2 - ok
17:59:39.0683 1148  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:59:39.0699 1148  LSI_SCSI - ok
17:59:39.0699 1148  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:59:39.0699 1148  luafv - ok
17:59:39.0699 1148  [ B2085E335F2B57077B0CBADB6F1245CD ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
17:59:39.0699 1148  lvpopf64 - ok
17:59:39.0699 1148  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
17:59:39.0699 1148  LVPr2M64 - ok
17:59:39.0715 1148  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
17:59:39.0715 1148  LVPr2Mon - ok
17:59:39.0715 1148  [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
17:59:39.0715 1148  LVPrcS64 - ok
17:59:39.0715 1148  [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
17:59:39.0715 1148  LVRS64 - ok
17:59:39.0777 1148  [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
17:59:39.0824 1148  LVUVC64 - ok
17:59:39.0824 1148  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:59:39.0824 1148  MBAMProtector - ok
17:59:39.0839 1148  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:59:39.0839 1148  MBAMScheduler - ok
17:59:39.0855 1148  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:59:39.0855 1148  MBAMService - ok
17:59:39.0855 1148  [ DD77E54EC5CBE1AFF48486BC3E0E3A64 ] MCSWASVR        C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
17:59:39.0871 1148  MCSWASVR - ok
17:59:39.0871 1148  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:59:39.0871 1148  Mcx2Svc - ok
17:59:39.0886 1148  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:59:39.0886 1148  megasas - ok
17:59:39.0886 1148  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:59:39.0886 1148  MegaSR - ok
17:59:39.0886 1148  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:59:39.0886 1148  MMCSS - ok
17:59:39.0902 1148  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:59:39.0902 1148  Modem - ok
17:59:39.0902 1148  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:59:39.0902 1148  monitor - ok
17:59:39.0902 1148  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:59:39.0902 1148  mouclass - ok
17:59:39.0902 1148  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:59:39.0902 1148  mouhid - ok
17:59:39.0902 1148  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:59:39.0902 1148  mountmgr - ok
17:59:39.0917 1148  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:59:39.0917 1148  MozillaMaintenance - ok
17:59:39.0917 1148  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
17:59:39.0917 1148  MpFilter - ok
17:59:39.0917 1148  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:59:39.0917 1148  mpio - ok
17:59:39.0933 1148  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:59:39.0933 1148  mpsdrv - ok
17:59:39.0933 1148  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:59:39.0949 1148  MpsSvc - ok
17:59:39.0949 1148  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:59:39.0949 1148  MRxDAV - ok
17:59:39.0949 1148  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:59:39.0964 1148  mrxsmb - ok
17:59:39.0964 1148  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:59:39.0964 1148  mrxsmb10 - ok
17:59:39.0964 1148  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:59:39.0964 1148  mrxsmb20 - ok
17:59:39.0964 1148  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:59:39.0964 1148  msahci - ok
17:59:39.0980 1148  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
17:59:39.0980 1148  MSCamSvc - ok
17:59:39.0980 1148  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:59:39.0980 1148  msdsm - ok
17:59:39.0980 1148  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:59:39.0995 1148  MSDTC - ok
17:59:39.0995 1148  [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
17:59:39.0995 1148  MSDV - ok
17:59:39.0995 1148  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:59:39.0995 1148  Msfs - ok
17:59:39.0995 1148  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:59:39.0995 1148  mshidkmdf - ok
17:59:40.0011 1148  [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
17:59:40.0011 1148  MSHUSBVideo - ok
17:59:40.0011 1148  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:59:40.0011 1148  msisadrv - ok
17:59:40.0011 1148  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:59:40.0011 1148  MSiSCSI - ok
17:59:40.0011 1148  msiserver - ok
17:59:40.0011 1148  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:59:40.0011 1148  MSKSSRV - ok
17:59:40.0027 1148  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:59:40.0027 1148  MsMpSvc - ok
17:59:40.0027 1148  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:59:40.0027 1148  MSPCLOCK - ok
17:59:40.0027 1148  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:59:40.0027 1148  MSPQM - ok
17:59:40.0027 1148  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:59:40.0042 1148  MsRPC - ok
17:59:40.0042 1148  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:59:40.0042 1148  mssmbios - ok
17:59:40.0042 1148  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:59:40.0042 1148  MSTEE - ok
17:59:40.0042 1148  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:59:40.0042 1148  MTConfig - ok
17:59:40.0042 1148  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:59:40.0042 1148  Mup - ok
17:59:40.0058 1148  [ 4E26B5731066A7BFDEDA58E27C8C8E25 ] NAL             C:\Windows\system32\Drivers\iqvw64e.sys
17:59:40.0058 1148  NAL - ok
17:59:40.0058 1148  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:59:40.0058 1148  napagent - ok
17:59:40.0073 1148  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:59:40.0073 1148  NativeWifiP - ok
17:59:40.0089 1148  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:59:40.0089 1148  NDIS - ok
17:59:40.0089 1148  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:59:40.0089 1148  NdisCap - ok
17:59:40.0105 1148  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:59:40.0105 1148  NdisTapi - ok
17:59:40.0105 1148  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:59:40.0105 1148  Ndisuio - ok
17:59:40.0105 1148  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:59:40.0105 1148  NdisWan - ok
17:59:40.0105 1148  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:59:40.0105 1148  NDProxy - ok
17:59:40.0120 1148  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:59:40.0120 1148  Net Driver HPZ12 - ok
17:59:40.0120 1148  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:59:40.0120 1148  NetBIOS - ok
17:59:40.0120 1148  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:59:40.0120 1148  NetBT - ok
17:59:40.0136 1148  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:59:40.0136 1148  Netlogon - ok
17:59:40.0136 1148  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:59:40.0136 1148  Netman - ok
17:59:40.0136 1148  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:40.0151 1148  NetMsmqActivator - ok
17:59:40.0151 1148  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:40.0151 1148  NetPipeActivator - ok
17:59:40.0151 1148  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:59:40.0167 1148  netprofm - ok
17:59:40.0167 1148  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:40.0167 1148  NetTcpActivator - ok
17:59:40.0167 1148  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:40.0167 1148  NetTcpPortSharing - ok
17:59:40.0167 1148  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:59:40.0167 1148  nfrd960 - ok
17:59:40.0183 1148  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:59:40.0183 1148  NisDrv - ok
17:59:40.0183 1148  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
17:59:40.0183 1148  NisSrv - ok
17:59:40.0198 1148  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:59:40.0198 1148  NlaSvc - ok
17:59:40.0198 1148  [ F554C5FD7BD1EFA4DA5CFE2EED86391F ] nm3             C:\Windows\system32\DRIVERS\nm3.sys
17:59:40.0198 1148  nm3 - ok
17:59:40.0198 1148  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
17:59:40.0198 1148  NPF - ok
17:59:40.0214 1148  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:59:40.0214 1148  Npfs - ok
17:59:40.0214 1148  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:59:40.0214 1148  nsi - ok
17:59:40.0214 1148  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:59:40.0214 1148  nsiproxy - ok
17:59:40.0229 1148  [ 87B104128D4D3BA3C13098BAEBF38082 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:59:40.0245 1148  Ntfs - ok
17:59:40.0245 1148  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:59:40.0245 1148  Null - ok
17:59:40.0339 1148  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:59:40.0417 1148  nvlddmkm - ok
17:59:40.0432 1148  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:59:40.0432 1148  nvraid - ok
17:59:40.0432 1148  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:59:40.0432 1148  nvstor - ok
17:59:40.0448 1148  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:59:40.0448 1148  nvsvc - ok
17:59:40.0463 1148  [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:59:40.0479 1148  nvUpdatusService - ok
17:59:40.0479 1148  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:59:40.0479 1148  nv_agp - ok
17:59:40.0495 1148  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:59:40.0495 1148  odserv - ok
17:59:40.0495 1148  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:59:40.0495 1148  ohci1394 - ok
17:59:40.0510 1148  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:59:40.0510 1148  ose - ok
17:59:40.0510 1148  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:59:40.0510 1148  p2pimsvc - ok
17:59:40.0526 1148  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:59:40.0526 1148  p2psvc - ok
17:59:40.0526 1148  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:59:40.0526 1148  Parport - ok
17:59:40.0526 1148  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:59:40.0526 1148  partmgr - ok
17:59:40.0541 1148  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:59:40.0541 1148  PcaSvc - ok
17:59:40.0541 1148  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:59:40.0541 1148  pci - ok
17:59:40.0541 1148  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:59:40.0541 1148  pciide - ok
17:59:40.0557 1148  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:59:40.0557 1148  pcmcia - ok
17:59:40.0557 1148  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:59:40.0557 1148  pcw - ok
17:59:40.0573 1148  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:59:40.0573 1148  PEAUTH - ok
17:59:40.0588 1148  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:59:40.0588 1148  PerfHost - ok
17:59:40.0604 1148  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:59:40.0619 1148  pla - ok
17:59:40.0619 1148  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:59:40.0635 1148  PlugPlay - ok
17:59:40.0635 1148  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:59:40.0635 1148  Pml Driver HPZ12 - ok
17:59:40.0635 1148  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:59:40.0635 1148  PNRPAutoReg - ok
17:59:40.0651 1148  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:59:40.0651 1148  PNRPsvc - ok
17:59:40.0651 1148  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:59:40.0666 1148  PolicyAgent - ok
17:59:40.0666 1148  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:59:40.0666 1148  Power - ok
17:59:40.0666 1148  Poweroff - ok
17:59:40.0666 1148  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:59:40.0666 1148  PptpMiniport - ok
17:59:40.0682 1148  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:59:40.0682 1148  Processor - ok
17:59:40.0682 1148  PROCEXP151 - ok
17:59:40.0682 1148  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:59:40.0682 1148  ProfSvc - ok
17:59:40.0697 1148  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:59:40.0697 1148  ProtectedStorage - ok
17:59:40.0697 1148  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:59:40.0697 1148  Psched - ok
17:59:40.0697 1148  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
17:59:40.0697 1148  PxHlpa64 - ok
17:59:40.0713 1148  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:59:40.0729 1148  ql2300 - ok
17:59:40.0729 1148  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:59:40.0729 1148  ql40xx - ok
17:59:40.0744 1148  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:59:40.0744 1148  QWAVE - ok
17:59:40.0744 1148  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:59:40.0744 1148  QWAVEdrv - ok
17:59:40.0744 1148  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:59:40.0744 1148  RasAcd - ok
17:59:40.0744 1148  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:59:40.0744 1148  RasAgileVpn - ok
17:59:40.0760 1148  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:59:40.0760 1148  RasAuto - ok
17:59:40.0760 1148  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:59:40.0760 1148  Rasl2tp - ok
17:59:40.0760 1148  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:59:40.0775 1148  RasMan - ok
17:59:40.0775 1148  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:59:40.0775 1148  RasPppoe - ok
17:59:40.0775 1148  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:59:40.0775 1148  RasSstp - ok
17:59:40.0775 1148  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:59:40.0775 1148  rdbss - ok
17:59:40.0791 1148  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:59:40.0791 1148  rdpbus - ok
17:59:40.0791 1148  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:59:40.0791 1148  RDPCDD - ok
17:59:40.0791 1148  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:59:40.0791 1148  RDPENCDD - ok
17:59:40.0791 1148  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:59:40.0791 1148  RDPREFMP - ok
17:59:40.0807 1148  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:59:40.0807 1148  RdpVideoMiniport - ok
17:59:40.0807 1148  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:59:40.0807 1148  RDPWD - ok
17:59:40.0807 1148  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:59:40.0807 1148  rdyboost - ok
17:59:40.0822 1148  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:59:40.0822 1148  RemoteAccess - ok
17:59:40.0822 1148  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:59:40.0822 1148  RemoteRegistry - ok
17:59:40.0822 1148  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
17:59:40.0838 1148  rpcapd - ok
17:59:40.0838 1148  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:59:40.0838 1148  RpcEptMapper - ok
17:59:40.0838 1148  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:59:40.0838 1148  RpcLocator - ok
17:59:40.0853 1148  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:59:40.0853 1148  RpcSs - ok
17:59:40.0853 1148  [ FD2F7ABB0B3C777CDC9D342CADBF0131 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
17:59:40.0853 1148  RSPCIESTOR - ok
17:59:40.0853 1148  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:59:40.0869 1148  rspndr - ok
17:59:40.0869 1148  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:59:40.0869 1148  SamSs - ok
17:59:40.0869 1148  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:59:40.0869 1148  sbp2port - ok
17:59:40.0869 1148  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:59:40.0869 1148  SCardSvr - ok
17:59:40.0885 1148  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:59:40.0885 1148  scfilter - ok
17:59:40.0900 1148  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:59:40.0900 1148  Schedule - ok
17:59:40.0900 1148  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:59:40.0900 1148  SCPolicySvc - ok
17:59:40.0916 1148  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:59:40.0916 1148  SDRSVC - ok
17:59:40.0916 1148  [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:59:40.0916 1148  SeaPort - ok
17:59:40.0931 1148  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:59:40.0931 1148  secdrv - ok
17:59:40.0931 1148  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:59:40.0931 1148  seclogon - ok
17:59:40.0931 1148  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:59:40.0931 1148  SENS - ok
17:59:40.0931 1148  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:59:40.0931 1148  SensrSvc - ok
17:59:40.0931 1148  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:59:40.0947 1148  Serenum - ok
17:59:40.0947 1148  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:59:40.0947 1148  Serial - ok
17:59:40.0947 1148  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:59:40.0947 1148  sermouse - ok
17:59:40.0947 1148  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:59:40.0963 1148  SessionEnv - ok
17:59:40.0963 1148  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:59:40.0963 1148  sffdisk - ok
17:59:40.0963 1148  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:59:40.0963 1148  sffp_mmc - ok
17:59:40.0963 1148  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:59:40.0963 1148  sffp_sd - ok
17:59:40.0963 1148  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:59:40.0963 1148  sfloppy - ok
17:59:40.0978 1148  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:59:40.0978 1148  SharedAccess - ok
17:59:40.0978 1148  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:59:40.0994 1148  ShellHWDetection - ok
17:59:40.0994 1148  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:59:40.0994 1148  SiSRaid2 - ok
17:59:40.0994 1148  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:59:40.0994 1148  SiSRaid4 - ok
17:59:40.0994 1148  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:59:40.0994 1148  SkypeUpdate - ok
17:59:41.0009 1148  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:59:41.0009 1148  Smb - ok
17:59:41.0009 1148  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:59:41.0009 1148  SNMPTRAP - ok
17:59:41.0009 1148  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:59:41.0009 1148  spldr - ok
17:59:41.0025 1148  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:59:41.0025 1148  Spooler - ok
17:59:41.0056 1148  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:59:41.0087 1148  sppsvc - ok
17:59:41.0087 1148  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:59:41.0087 1148  sppuinotify - ok
17:59:41.0103 1148  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
17:59:41.0103 1148  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
17:59:41.0103 1148  sptd ( LockedFile.Multi.Generic ) - warning
17:59:41.0103 1148  sptd - detected LockedFile.Multi.Generic (1)
17:59:41.0119 1148  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:59:41.0119 1148  srv - ok
17:59:41.0119 1148  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:59:41.0119 1148  srv2 - ok
17:59:41.0134 1148  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:59:41.0134 1148  srvnet - ok
17:59:41.0134 1148  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:59:41.0134 1148  SSDPSRV - ok
17:59:41.0150 1148  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:59:41.0150 1148  SstpSvc - ok
17:59:41.0150 1148  [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
17:59:41.0150 1148  ssudmdm - ok
17:59:41.0150 1148  [ 609380EF89848478E8142E99112B8ADF ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
17:59:41.0150 1148  ssudserd - ok
17:59:41.0165 1148  [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
17:59:41.0212 1148  StarMoney 8.0 OnlineUpdate - ok
17:59:41.0212 1148  StarOpen - ok
17:59:41.0228 1148  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:59:41.0228 1148  Stereo Service - ok
17:59:41.0228 1148  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:59:41.0228 1148  stexstor - ok
17:59:41.0243 1148  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:59:41.0243 1148  stisvc - ok
17:59:41.0243 1148  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:59:41.0243 1148  swenum - ok
17:59:41.0259 1148  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:59:41.0259 1148  SwitchBoard - ok
17:59:41.0275 1148  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:59:41.0275 1148  swprv - ok
17:59:41.0290 1148  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:59:41.0306 1148  SysMain - ok
17:59:41.0306 1148  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:59:41.0306 1148  TabletInputService - ok
17:59:41.0321 1148  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:59:41.0321 1148  TapiSrv - ok
17:59:41.0321 1148  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:59:41.0321 1148  TBS - ok
17:59:41.0353 1148  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:59:41.0368 1148  Tcpip - ok
17:59:41.0384 1148  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:59:41.0384 1148  TCPIP6 - ok
17:59:41.0399 1148  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:59:41.0399 1148  tcpipreg - ok
17:59:41.0399 1148  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:59:41.0399 1148  TDPIPE - ok
17:59:41.0399 1148  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:59:41.0399 1148  TDTCP - ok
17:59:41.0399 1148  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:59:41.0399 1148  tdx - ok
17:59:41.0446 1148  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
17:59:41.0477 1148  TeamViewer8 - ok
17:59:41.0477 1148  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:59:41.0477 1148  TermDD - ok
17:59:41.0493 1148  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:59:41.0493 1148  TermService - ok
17:59:41.0493 1148  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:59:41.0493 1148  Themes - ok
17:59:41.0509 1148  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:59:41.0509 1148  THREADORDER - ok
17:59:41.0509 1148  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:59:41.0509 1148  TrkWks - ok
17:59:41.0509 1148  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:59:41.0509 1148  TrustedInstaller - ok
17:59:41.0524 1148  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:59:41.0524 1148  tssecsrv - ok
17:59:41.0524 1148  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:59:41.0524 1148  TsUsbFlt - ok
17:59:41.0524 1148  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:59:41.0524 1148  tunnel - ok
17:59:41.0524 1148  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:59:41.0524 1148  uagp35 - ok
17:59:41.0540 1148  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:59:41.0540 1148  udfs - ok
17:59:41.0540 1148  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:59:41.0540 1148  UI0Detect - ok
17:59:41.0555 1148  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:59:41.0555 1148  uliagpkx - ok
17:59:41.0555 1148  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:59:41.0555 1148  umbus - ok
17:59:41.0555 1148  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:59:41.0555 1148  UmPass - ok
17:59:41.0555 1148  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:59:41.0571 1148  upnphost - ok
17:59:41.0571 1148  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:59:41.0571 1148  usbaudio - ok
17:59:41.0571 1148  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:59:41.0571 1148  usbccgp - ok
17:59:41.0571 1148  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:59:41.0587 1148  usbcir - ok
17:59:41.0587 1148  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:59:41.0587 1148  usbehci - ok
17:59:41.0587 1148  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:59:41.0587 1148  usbhub - ok
17:59:41.0587 1148  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:59:41.0587 1148  usbohci - ok
17:59:41.0602 1148  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:59:41.0602 1148  usbprint - ok
17:59:41.0602 1148  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:59:41.0602 1148  usbscan - ok
17:59:41.0602 1148  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:59:41.0602 1148  USBSTOR - ok
17:59:41.0602 1148  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:59:41.0602 1148  usbuhci - ok
17:59:41.0618 1148  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:59:41.0618 1148  usbvideo - ok
17:59:41.0618 1148  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:59:41.0618 1148  UxSms - ok
17:59:41.0618 1148  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:59:41.0618 1148  VaultSvc - ok
17:59:41.0618 1148  [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
17:59:41.0618 1148  VClone - ok
17:59:41.0633 1148  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:59:41.0633 1148  vdrvroot - ok
17:59:41.0633 1148  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:59:41.0633 1148  vds - ok
17:59:41.0649 1148  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:59:41.0649 1148  vga - ok
17:59:41.0649 1148  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:59:41.0649 1148  VgaSave - ok
17:59:41.0649 1148  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:59:41.0649 1148  vhdmp - ok
17:59:41.0649 1148  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:59:41.0649 1148  viaide - ok
17:59:41.0665 1148  [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53       C:\Windows\system32\DRIVERS\vsflt53.sys
17:59:41.0665 1148  vidsflt53 - ok
17:59:41.0665 1148  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:59:41.0665 1148  volmgr - ok
17:59:41.0665 1148  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:59:41.0680 1148  volmgrx - ok
17:59:41.0680 1148  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:59:41.0680 1148  volsnap - ok
17:59:41.0680 1148  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:59:41.0680 1148  vsmraid - ok
17:59:41.0711 1148  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:59:41.0711 1148  VSS - ok
17:59:41.0727 1148  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:59:41.0727 1148  vwifibus - ok
17:59:41.0727 1148  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:59:41.0727 1148  W32Time - ok
17:59:41.0743 1148  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:59:41.0743 1148  WacomPen - ok
17:59:41.0743 1148  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:59:41.0743 1148  WANARP - ok
17:59:41.0743 1148  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:59:41.0743 1148  Wanarpv6 - ok
17:59:41.0758 1148  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:59:41.0774 1148  WatAdminSvc - ok
17:59:41.0789 1148  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:59:41.0805 1148  wbengine - ok
17:59:41.0805 1148  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:59:41.0805 1148  WbioSrvc - ok
17:59:41.0821 1148  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:59:41.0821 1148  wcncsvc - ok
17:59:41.0821 1148  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:59:41.0821 1148  WcsPlugInService - ok
17:59:41.0821 1148  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:59:41.0821 1148  Wd - ok
17:59:41.0836 1148  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:59:41.0836 1148  Wdf01000 - ok
17:59:41.0852 1148  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:59:41.0852 1148  WdiServiceHost - ok
17:59:41.0852 1148  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:59:41.0852 1148  WdiSystemHost - ok
17:59:41.0852 1148  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:59:41.0852 1148  WebClient - ok
17:59:41.0867 1148  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:59:41.0867 1148  Wecsvc - ok
17:59:41.0867 1148  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:59:41.0867 1148  wercplsupport - ok
17:59:41.0867 1148  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:59:41.0883 1148  WerSvc - ok
17:59:41.0883 1148  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:59:41.0883 1148  WfpLwf - ok
17:59:41.0883 1148  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:59:41.0883 1148  WIMMount - ok
17:59:41.0883 1148  WinDefend - ok
17:59:41.0883 1148  WinHttpAutoProxySvc - ok
17:59:41.0899 1148  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:59:41.0899 1148  Winmgmt - ok
17:59:41.0914 1148  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:59:41.0930 1148  WinRM - ok
17:59:41.0945 1148  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:59:41.0945 1148  WinUsb - ok
17:59:41.0961 1148  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:59:41.0961 1148  Wlansvc - ok
17:59:41.0961 1148  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:59:41.0961 1148  WmiAcpi - ok
17:59:41.0977 1148  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:59:41.0977 1148  wmiApSrv - ok
17:59:41.0977 1148  WMPNetworkSvc - ok
17:59:41.0977 1148  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:59:41.0977 1148  WPCSvc - ok
17:59:41.0992 1148  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:59:41.0992 1148  WPDBusEnum - ok
17:59:41.0992 1148  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:59:41.0992 1148  ws2ifsl - ok
17:59:41.0992 1148  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:59:41.0992 1148  wscsvc - ok
17:59:41.0992 1148  WSearch - ok
17:59:42.0023 1148  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:59:42.0039 1148  wuauserv - ok
17:59:42.0055 1148  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:59:42.0055 1148  WudfPf - ok
17:59:42.0055 1148  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:59:42.0055 1148  WUDFRd - ok
17:59:42.0055 1148  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:59:42.0055 1148  wudfsvc - ok
17:59:42.0070 1148  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:59:42.0070 1148  WwanSvc - ok
17:59:42.0070 1148  [ 74983ADDCA2D9618512C088D856D6615 ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
17:59:42.0070 1148  {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
17:59:42.0086 1148  ================ Scan global ===============================
17:59:42.0086 1148  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:59:42.0086 1148  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:59:42.0086 1148  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:59:42.0101 1148  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:59:42.0101 1148  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:59:42.0101 1148  [Global] - ok
17:59:42.0101 1148  ================ Scan MBR ==================================
17:59:42.0101 1148  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk0\DR0
17:59:42.0179 1148  \Device\Harddisk0\DR0 - ok
17:59:42.0179 1148  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:59:42.0179 1148  \Device\Harddisk1\DR1 - ok
17:59:42.0195 1148  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
17:59:42.0273 1148  \Device\Harddisk2\DR2 - ok
17:59:42.0273 1148  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk7\DR7
17:59:49.0730 1148  \Device\Harddisk7\DR7 - ok
17:59:49.0730 1148  ================ Scan VBR ==================================
17:59:49.0730 1148  [ 0010FA576FE183B49333CD56ADD77292 ] \Device\Harddisk0\DR0\Partition1
17:59:49.0730 1148  \Device\Harddisk0\DR0\Partition1 - ok
17:59:49.0730 1148  [ E2DA3DF1862BF99ED4D065BA414190F0 ] \Device\Harddisk1\DR1\Partition1
17:59:49.0730 1148  \Device\Harddisk1\DR1\Partition1 - ok
17:59:49.0730 1148  [ 9070EA2B730340190AC167BBE9D48860 ] \Device\Harddisk1\DR1\Partition2
17:59:49.0730 1148  \Device\Harddisk1\DR1\Partition2 - ok
17:59:49.0745 1148  [ 2C1A88C0D26AF41CCDB120FD55DE8A82 ] \Device\Harddisk2\DR2\Partition1
17:59:49.0745 1148  \Device\Harddisk2\DR2\Partition1 - ok
17:59:49.0761 1148  [ 9FE42EE47DDCAE951D86E745508A5B4F ] \Device\Harddisk2\DR2\Partition2
17:59:49.0761 1148  \Device\Harddisk2\DR2\Partition2 - ok
17:59:49.0777 1148  [ 25D082CFE6BE8088DD7571282043B3D5 ] \Device\Harddisk7\DR7\Partition1
17:59:49.0777 1148  \Device\Harddisk7\DR7\Partition1 - ok
17:59:49.0777 1148  ============================================================
17:59:49.0777 1148  Scan finished
17:59:49.0777 1148  ============================================================
17:59:49.0777 4972  Detected object count: 1
17:59:49.0777 4972  Actual detected object count: 1
18:00:04.0347 4972  sptd ( LockedFile.Multi.Generic ) - skipped by user
18:00:04.0347 4972  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         
Grüße
hadbanger

Alt 30.04.2013, 06:39   #10
Psychotic
/// Malwareteam
 
GVU Trojaner - Standard

GVU Trojaner



Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.




Schritt 2: MBAM



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt 3: OTL



Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 30.04.2013, 15:26   #11
hadbanger
 
GVU Trojaner - Standard

GVU Trojaner



Hallo Marius,

habe den defogger gestartet, Treiber disabled, gescannt und Rechner dann neu gestartet. Kam keine Fehlermeldung und kein Log, scheint alles okay zu sein.

Bei Malwarebytes sieht auch alles gut aus:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Hadbanger :: HADBANGER-ACER [Administrator]

30.04.2013 16:14:02
mbam-log-2013-04-30 (16-14-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 267175
Laufzeit: 2 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und hier die beiden Logs von OTL:

Code:
ATTFilter
OTL Extras logfile created on: 30.04.2013 16:18:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hadbanger\Desktop\Virus-Scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,75 Gb Available Physical Memory | 79,35% Memory free
11,98 Gb Paging File | 10,30 Gb Available in Paging File | 85,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 29,07 Gb Free Space | 24,38% Space Free | Partition Type: NTFS
Drive D: | 550,13 Gb Total Space | 455,10 Gb Free Space | 82,73% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 4,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 1,86 Gb Total Space | 0,34 Gb Free Space | 18,42% Space Free | Partition Type: FAT
Drive K: | 366,72 Gb Total Space | 297,68 Gb Free Space | 81,18% Space Free | Partition Type: NTFS
Drive Z: | 1851,41 Gb Total Space | 1482,21 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
 
Computer Name: HADBANGER-ACER | User Name: Hadbanger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19408EBE-0B73-4886-A413-B9579A147CED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{19A8177B-3679-4CED-BDFC-C304B89BC9E5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{19EC71C8-8EEA-436C-817A-DAFCE72DA6AA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3E9C017E-28B0-402D-9431-8E739DF1BB70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D1B0CA8-B910-4EBC-B85D-3C413D88EDED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5EDDB2CE-7762-4B86-B588-58FE93FD04C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{86DB544A-32ED-480E-8DB0-1BD738EA7FB5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8FD32C67-865E-48CF-9955-51170058C031}" = lport=139 | protocol=6 | dir=in | app=system | 
"{929BFC1E-57C3-410C-A48D-2F2D8B49F0EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{934AB909-7A85-4A43-AA60-239E3E605E8A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9A3E2111-06CC-482D-97C3-B73C299CB863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7304D81-FA91-4E8C-8037-158F4FF55DA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D06B0818-B376-4730-A431-08618D75066F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E19447FB-B340-493B-BFA0-7904A8D059AC}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0839CE0B-1CEC-4D85-AD9E-C1AEC0786FE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0C1915E6-62EB-4999-A74E-FAA481E5B9ED}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{15424FB9-6353-4B7E-ADF8-5EFFC3CCFD21}" = protocol=6 | dir=in | app=c:\users\hadbanger\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{16DBF7FB-D53F-476F-A7B0-3D948AB101DF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{1DEDCF1E-CA78-45CF-AEB4-B09B74839679}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{1E7CDC8F-356D-45D9-9B57-3B8D8E9F1645}" = protocol=17 | dir=in | app=c:\users\hadbanger\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{22357B5C-6C18-4B9F-BB21-76E1A082A1F0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{2926DA13-36B8-4174-BBB7-FA746713A6E5}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{444E29FE-A59D-43A6-AA83-71DA4A0BF01C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{49532E43-F699-4911-AB8C-C9E92DD3D101}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{4C0D926A-69C1-486C-996C-5E9CD7C1C28A}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{4D3185E7-9D55-481A-ACAF-B3638B2002F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{667E21FC-CEA0-4A74-AAD5-77401E35EB75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{698A9FDE-839E-42CD-ABDA-526EDC6D35EC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{85EC9699-A3A1-4C38-B2DD-3AD58C550054}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{8B1EA298-3E73-411D-9BEE-6556CD641C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{94F0A839-2144-481A-AA9C-8C0541B3A0C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{9D45C2F3-34A6-4779-8604-FDB32801D804}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A650CD94-4535-4DD5-B0D6-0400CCD7A2EC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{A81F8DB1-7BEF-4AEC-B23D-C9D836E90E45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{BC68C766-5C73-4D56-9C33-20C5687A413D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{BD8152AB-F470-4CE9-B39E-461E8496B47E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{C3148E0D-4F82-47EE-AC76-F2F10EB676CA}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{DCAD3AA8-CA96-41CF-8D40-75C94C1FDC4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EF90DD06-1BA8-49E9-9592-7736D80121EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{F101AE4F-F852-4322-BB89-19E5F68B0B0B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{FD147598-BA3B-43C2-A1D4-649FB7BE2BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"TCP Query User{0368F263-3028-484D-AA20-0A40DE7F7233}C:\utils\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\utils\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{5778B2B5-C25D-4243-AD8F-7FA5134371A3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{6E6C125B-B130-4B12-A360-61DDA2732FD9}C:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C00025EA-EE5C-4206-BC0D-30CEBB0F3609}C:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C3FD12E1-33FE-41C2-AA81-6FDD22F90023}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{D2745DED-2A09-467B-AF44-D7AF44B3EFFF}C:\utils\spybotportable\app\spybot\sdupdate.exe" = protocol=6 | dir=in | app=c:\utils\spybotportable\app\spybot\sdupdate.exe | 
"TCP Query User{E3FBC323-8400-4B65-8C53-BD5C8F22AD6A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E6590E5E-D0BA-4778-8802-242B79530495}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{F9A6B305-F639-46D1-AE1E-D87389292C0D}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe | 
"UDP Query User{0DB0A748-F838-4F95-9D19-C978B6E88F04}C:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8CEB1B8A-8073-4ABD-9067-254B5A407A34}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{9A082CA9-99D6-43EE-B594-1E81D3AD3630}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A3FA818E-8156-4FC9-9531-B0753B2D7531}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{CE8247C8-8EDB-48CB-8D6F-24C9759E0475}C:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D089B0EE-9133-4CD2-BEF1-0B677625DE32}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{E1302591-12D8-4711-9D3E-9262EECDFCAD}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe | 
"UDP Query User{EA963A6B-3D81-4748-9CE3-FFDABD2A950A}C:\utils\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\utils\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{FB50E4B4-5BE8-4BF9-BDA0-D81F043A931F}C:\utils\spybotportable\app\spybot\sdupdate.exe" = protocol=17 | dir=in | app=c:\utils\spybotportable\app\spybot\sdupdate.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22950922-8438-4c84-80d5-a17e6c2a5717}.sdb" = Adobe Audition 3 Vista Compatibility
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{26DE7BAD-453E-4C96-979F-1C288ECAA159}" = Intel(R) Network Connections 16.7.166.0
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5E2D7D76-30DE-4DDE-B416-9B0B925EBFEC}" = WD SmartWare Drive Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{858C1B33-C3D5-4377-B77B-1E2F338C7F66}" = Intel(R) Network Connections 17.2.154.0
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A1ED3F26-CF0C-4371-9960-8140B94E09F0}" = System Requirements Lab for Intel (64-bit)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{AA1EED5E-4FBA-44E7-8E53-46F16FB2AA65}" = System Requirements Lab for Intel (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C17EE011-15A9-4542-91FA-567B0F3D123F}" = Windows Live Family Safety
"{C1DC5F4D-25DA-4C78-B7E9-FF80805B096A}_is1" = Transport Stream Packet Editor (TSPE) Version 0.760
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.5
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.1 Plug-in (build 2105)
"MediaInfo" = MediaInfo 0.7.60
"Mediencenter Software" = Mediencenter Assistent
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PROSetDX" = Intel(R) Network Connections 17.2.154.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{15206372-2480-4698-9879-9825F12A307B}" = Adobe Premiere Pro CS4 Third Party Content
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A1443D7-7A4E-51EC-B41D-EB84114ED943}" = DVD2AVI Ripper v3.1.0.71
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{281D28EC-1357-4778-B2D7-DEA56D70EF96}" = Logitech High Quality Video
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{31F16C12-D74F-4FDA-849D-51DA39A97C60}" = Snapseed
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37FF74E1-843A-4431-AA07-E73E2B847CA4}" = Pegasus Imaging PICVideo Motion JPEG 3.0
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}" = DVD-Cover Printmaster 1.4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{473DDE79-6E9F-47AD-8D76-312D7660E877}" = Bororo 3D Plug-in
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{61933A31-A387-4D74-B319-9A15306471C3}" = MainConcept MPEG Pro 4.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{666BA8CB-753C-4C6B-B515-382F0D97EBCB}" = Force Skype HD Video
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{928501C9-CB3B-416C-99D7-9B6B89751FAD}" = Angry Birds Seasons
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D644743-267C-4E15-A806-B5011830D14E}" = Pantarheon 3D AviSynth Toolbox
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB893FB5-2AFF-4758-A5AA-360A49C98509}" = StarMoney 8.0 
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.197
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD93253E-9CB3-425B-A13F-12D5DF0E8FDF}" = Adobe Encore CS4 Codecs
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8C451E-A820-48C8-AE92-A0FF088969D8}" = Stereoscopic Player
"{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch
"{CFDF0961-77C7-4392-96EE-624DFE81C3C2}" = Watchtower Library 2012 - Deutsch
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB1F1933-58B6-4ACD-A7E8-ABE8CC086A07}" = System Requirements Lab for Intel
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FDA09C-57AA-40CC-A555-FED7EF421E7E}" = Angry Birds Seasons
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDAD2767-11CA-4D38-9CC4-48770CE3CC7B}" = Notification Center
"Ac3Tool" = Ac3Tool (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_126a6c50d960aa4e8761045cec9b633" = Adobe Media Encoder CS4 Exporter
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_48bbd0b5673fdf22ea2ad2f6f129e8e" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_5a8cdebdcb3cd1974a9407c51ce9b53" = Adobe Media Encoder CS4 Importer
"Adobe_b3449bacc3f59b3b46b353ca9840034" = Adobe Encore CS4 Codecs
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete Stand-Alone" = Color Efex Pro 3.0 Complete
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Debut" = Debut Video Capture Software
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EasyBCD" = EasyBCD 2.0
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.3.1206
"foobar2000" = foobar2000 v1.2.2
"Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{37FF74E1-843A-4431-AA07-E73E2B847CA4}" = Pegasus Imaging PICVideo Motion JPEG 3.0
"InstallShield_{61933A31-A387-4D74-B319-9A15306471C3}" = MainConcept MPEG Pro 4.0
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IsoBuster_is1" = IsoBuster 2.6
"jdownloader2" = JDownloader 2.0
"LAME_is1" = LAME v3.99.3 (for Windows)
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.2
"MainConcept MPEG Pro HD" = MainConcept MPEG Pro HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mediapurge" = Mediapurge
"MKVtoolnix" = MKVtoolnix 3.3.0
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.55
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Pixum ePrint" = Pixum ePrint 1.2
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Revo Uninstaller" = Revo Uninstaller 1.94
"SopCast" = SopCast 3.4.0
"SumatraPDF" = SumatraPDF
"TeamViewer 8" = TeamViewer 8
"ToolBox" = NCH Toolbox
"Trapcode EchoSpace" = Trapcode EchoSpace
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode SoundKeys" = Trapcode SoundKeys
"Trapcode Starglow" = Trapcode Starglow
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
"webmmf" = WebM Media Foundation Components
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"XMedia Recode" = XMedia Recode 3.0.9.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.04.2013 13:17:18 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 27.04.2013 08:23:45 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 27.04.2013 08:33:30 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 28.04.2013 01:50:02 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 28.04.2013 12:22:56 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 29.04.2013 02:39:13 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 29.04.2013 11:34:32 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 29.04.2013 11:47:53 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 30.04.2013 05:24:53 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 30.04.2013 09:53:50 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
[ System Events ]
Error - 28.04.2013 12:20:39 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 28.04.2013 12:20:39 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 29.04.2013 02:36:46 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 29.04.2013 02:36:46 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 29.04.2013 11:45:39 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 29.04.2013 11:45:39 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 30.04.2013 05:22:41 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 30.04.2013 05:22:41 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 30.04.2013 09:49:01 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 30.04.2013 09:49:01 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         

Code:
ATTFilter
OTL logfile created on: 30.04.2013 16:18:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hadbanger\Desktop\Virus-Scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,75 Gb Available Physical Memory | 79,35% Memory free
11,98 Gb Paging File | 10,30 Gb Available in Paging File | 85,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 29,07 Gb Free Space | 24,38% Space Free | Partition Type: NTFS
Drive D: | 550,13 Gb Total Space | 455,10 Gb Free Space | 82,73% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 4,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 1,86 Gb Total Space | 0,34 Gb Free Space | 18,42% Space Free | Partition Type: FAT
Drive K: | 366,72 Gb Total Space | 297,68 Gb Free Space | 81,18% Space Free | Partition Type: NTFS
Drive Z: | 1851,41 Gb Total Space | 1482,21 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
 
Computer Name: HADBANGER-ACER | User Name: Hadbanger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hadbanger\Desktop\Virus-Scan\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Hadbanger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (SOURCENEXT)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (Poweroff) -- C:\Windows\SysWOW64\poweroff.exe (Jorgen Bosman)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (SOURCENEXT)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (GFI Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (vidsflt53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (dsltestSp5a64) -- C:\Windows\SysNative\drivers\DslTestSp5a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0409&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{189FB78B-93F8-4211-BE2E-E07842D96315}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&index=blended&linkCode=ur2&camp=1638&creative=6742&tag=iepluginsearch-21
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE333
IE - HKCU\..\SearchScopes\{D436B8EC-80EA-4DD4-9F14-0C6957BF0762}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: eliteproxyswitcher%40my-proxy.com:1.2.0.2
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.ssl: "76.120.135.104"
FF - prefs.js..network.proxy.ssl_port: 35521
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010.11.14 19:08:17 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010.11.14 19:08:17 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Hadbanger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Hadbanger\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Hadbanger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hadbanger\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hadbanger\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.17 10:08:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.01 15:59:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 16:37:17 | 000,000,000 | ---D | M]
 
[2010.01.30 12:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\Extensions
[2013.02.27 17:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\Firefox\Profiles\kgbel092.default\extensions
[2013.02.27 16:36:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\Firefox\Profiles\kgbel092.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.21 16:47:51 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\firefox\profiles\kgbel092.default\extensions\eliteproxyswitcher@my-proxy.com.xpi
[2013.02.27 17:19:33 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\firefox\profiles\kgbel092.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2009.08.24 19:47:33 | 000,000,952 | ---- | M] () -- C:\Users\Hadbanger\AppData\Roaming\mozilla\firefox\profiles\kgbel092.default\searchplugins\youtube-videosuche.xml
[2013.04.01 15:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.01 15:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.01 15:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.01 15:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.17 10:08:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010.01.30 12:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.04.01 15:59:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.27 21:50:49 | 000,011,134 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hadbanger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hadbanger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - Reg Error: Key error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.9.0.cab (SysInfo Class)
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.9.2)
O16:64bit: - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Reg Error: Key error.)
O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.21.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA77B759-FEA5-456B-9E21-9DEBB205250C}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer03.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer03.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.21 16:41:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006.08.24 07:43:12 | 000,000,224 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{126847e6-af14-11de-b7d8-00226863bc55}\Shell - "" = AutoRun
O33 - MountPoints2\{126847e6-af14-11de-b7d8-00226863bc55}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006.05.24 12:36:40 | 000,950,272 | R--- | M] ()
O33 - MountPoints2\{f3871469-65b8-11df-9ce8-00226863bc55}\Shell - "" = AutoRun
O33 - MountPoints2\{f3871477-65b8-11df-9ce8-00226863bc55}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.30 11:29:38 | 000,000,000 | ---D | C] -- C:\Users\Hadbanger\Desktop\Virus-Scan
[2013.04.27 21:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hadbanger\AppData\Roaming\PDAppFlex
[2013.04.26 19:04:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.26 17:00:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.22 10:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.20 11:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013.04.10 09:52:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 09:52:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 09:52:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 09:52:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 09:52:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 09:52:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 09:52:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 09:52:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 09:52:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 09:52:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 09:52:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 09:52:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 09:52:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 09:52:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 09:52:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 09:39:05 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 09:39:05 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 09:39:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 09:39:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 09:39:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 09:39:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.10 09:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.04.09 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\Hadbanger\AppData\Local\ElevatedDiagnostics
[2013.04.09 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.04.09 14:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.04.02 10:28:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013.04.02 10:27:59 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.04.02 08:47:08 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.02 08:47:08 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.02 08:47:08 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.02 08:47:08 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.02 08:47:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.02 08:47:08 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.02 08:47:08 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.02 08:47:08 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.02 08:47:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.02 08:47:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.02 08:47:07 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.02 08:47:07 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.02 08:47:07 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.02 08:47:07 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.02 08:47:07 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.02 08:47:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.02 08:47:07 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.02 08:47:07 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.02 08:47:07 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.02 08:47:07 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.02 08:47:07 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.02 08:47:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.02 08:47:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.02 08:47:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.02 08:47:07 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.02 08:47:07 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.02 08:47:06 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.02 08:47:06 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.02 08:47:06 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.02 08:47:06 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.02 08:47:06 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.02 08:47:06 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.02 08:47:06 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.02 08:47:06 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.02 08:47:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.02 08:47:06 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.02 08:47:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.02 08:47:06 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.02 08:47:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.02 08:47:06 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.02 08:47:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.02 08:47:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.02 08:47:06 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.02 08:47:06 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.02 08:47:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.02 08:47:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.02 08:47:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.02 08:47:06 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.02 08:47:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.02 08:47:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.02 08:47:06 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.02 08:47:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.02 08:47:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.02 08:45:59 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.04.02 08:45:59 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.04.02 08:45:59 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.04.02 08:45:59 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.04.02 08:45:59 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.04.02 08:45:59 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.04.02 08:45:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.04.02 08:45:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.04.02 08:45:59 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.04.02 08:45:59 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.02 08:45:59 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.02 08:45:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.02 08:45:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.02 08:45:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.02 08:45:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.02 08:45:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.02 08:45:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.02 08:45:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.02 08:45:59 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.02 08:45:58 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.04.02 08:45:58 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.04.02 08:45:58 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.04.02 08:45:58 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.04.02 08:45:58 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.02 08:45:58 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.04.02 08:45:58 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.04.02 08:45:58 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.04.02 08:45:58 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.02 08:45:58 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.04.02 08:45:58 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.04.02 08:45:58 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.04.02 08:45:58 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.04.02 08:45:58 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.04.01 15:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.30 15:54:02 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 15:54:02 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 15:49:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1661754313-4272918001-2753178953-1000UA.job
[2013.04.30 15:49:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.30 15:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.30 15:48:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.30 11:32:49 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.30 11:32:44 | 529,928,191 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 11:31:40 | 000,000,020 | ---- | M] () -- C:\Users\Hadbanger\defogger_reenable
[2013.04.29 17:58:02 | 000,884,736 | ---- | M] () -- C:\Users\Hadbanger\Documents\Gebiete Frankfurt-Süd.accdb
[2013.04.29 17:32:31 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1661754313-4272918001-2753178953-1000Core.job
[2013.04.28 07:54:32 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2013.04.27 21:50:49 | 000,011,134 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.27 21:48:50 | 000,005,648 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_neu
[2013.04.22 11:06:49 | 000,000,600 | ---- | M] () -- C:\Users\Hadbanger\AppData\Local\PUTTY.RND
[2013.04.19 19:14:36 | 131,276,901 | ---- | M] () -- C:\Users\Hadbanger\Desktop\Abschied_Boon.psd
[2013.04.19 18:01:02 | 003,248,208 | ---- | M] () -- C:\Users\Hadbanger\Desktop\pk-04—Lied 120.mp3
[2013.04.11 19:56:21 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.11 19:56:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.10 19:54:45 | 004,961,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.02 08:47:08 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.02 08:47:08 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.02 08:47:08 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.02 08:47:08 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.02 08:47:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.02 08:47:08 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.02 08:47:08 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.02 08:47:08 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.02 08:47:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.02 08:47:08 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.02 08:47:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.02 08:47:07 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.02 08:47:07 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.02 08:47:07 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.02 08:47:07 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.02 08:47:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.02 08:47:07 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.02 08:47:07 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.02 08:47:07 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.02 08:47:07 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.02 08:47:07 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.02 08:47:07 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.02 08:47:07 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.02 08:47:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.02 08:47:07 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.02 08:47:07 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.02 08:47:07 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.02 08:47:06 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.02 08:47:06 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.02 08:47:06 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.02 08:47:06 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.02 08:47:06 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.02 08:47:06 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.02 08:47:06 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.02 08:47:06 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.02 08:47:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.02 08:47:06 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.02 08:47:06 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.02 08:47:06 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.02 08:47:06 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.02 08:47:06 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.02 08:47:06 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.02 08:47:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.02 08:47:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.02 08:47:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.02 08:47:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.02 08:47:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.02 08:47:06 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.02 08:47:06 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.02 08:47:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.02 08:47:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.02 08:47:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.02 08:47:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.02 08:47:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.02 08:47:06 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.02 08:45:59 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.04.02 08:45:59 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.04.02 08:45:59 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.04.02 08:45:59 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.04.02 08:45:59 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.04.02 08:45:59 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.04.02 08:45:59 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.04.02 08:45:59 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.04.02 08:45:59 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.04.02 08:45:59 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.04.02 08:45:59 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.02 08:45:59 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.02 08:45:59 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.02 08:45:59 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.02 08:45:59 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.02 08:45:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.02 08:45:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.02 08:45:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.02 08:45:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.02 08:45:59 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.02 08:45:59 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.02 08:45:58 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.04.02 08:45:58 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.04.02 08:45:58 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.04.02 08:45:58 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.02 08:45:58 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.04.02 08:45:58 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.04.02 08:45:58 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.04.02 08:45:58 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.02 08:45:58 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.04.02 08:45:58 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.04.02 08:45:58 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.04.02 08:45:58 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.04.02 08:45:58 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
 
========== Files Created - No Company Name ==========
 
[2013.04.30 11:31:40 | 000,000,020 | ---- | C] () -- C:\Users\Hadbanger\defogger_reenable
[2013.04.19 18:00:51 | 003,248,208 | ---- | C] () -- C:\Users\Hadbanger\Desktop\pk-04—Lied 120.mp3
[2013.04.15 19:56:38 | 131,276,901 | ---- | C] () -- C:\Users\Hadbanger\Desktop\Abschied_Boon.psd
[2013.04.02 08:47:07 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.02 08:47:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.21 15:20:58 | 000,000,004 | ---- | C] () -- C:\Users\Hadbanger\AppData\Roaming\skype.ini
[2012.12.20 17:41:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.11.16 12:05:57 | 000,000,600 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\PUTTY.RND
[2012.08.23 16:30:06 | 000,000,021 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\mc.pixel.data
[2012.01.27 22:34:25 | 000,000,017 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\resmon.resmoncfg
[2012.01.25 21:15:34 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2012.01.18 15:30:50 | 000,000,457 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011.11.24 22:19:47 | 000,839,623 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\census.cache
[2011.11.24 22:19:38 | 000,117,779 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\ars.cache
[2011.11.24 22:11:50 | 000,000,036 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\housecall.guid.cache
[2011.06.27 11:20:54 | 000,004,096 | -H-- | C] () -- C:\Users\Hadbanger\AppData\Local\keyfile3.drm
[2010.11.18 19:41:39 | 000,000,103 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010.04.20 19:03:12 | 000,007,168 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.29 07:19:10 | 000,000,000 | ---- | C] () -- C:\Users\Hadbanger\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1401 bytes -> C:\ProgramData\Microsoft:ksCyKmybPmTCIheMhM
@Alternate Data Stream - 1294 bytes -> C:\Users\Hadbanger\AppData\Local\yPjahNDpOYT:lNSDoJ8O5LYxMYtnBR54ASq
@Alternate Data Stream - 1281 bytes -> C:\ProgramData\Microsoft:WNvns3w8cqPamUy1wxW1HMc
@Alternate Data Stream - 1243 bytes -> C:\Users\Hadbanger\AppData\Local\2M5xrfiZFTIbDW0:Zh98LUPBROhAl5EiAt

< End of report >
         

Alt 02.05.2013, 12:40   #12
Psychotic
/// Malwareteam
 
GVU Trojaner - Standard

GVU Trojaner



Schritt 1: security check



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Schritt 2: adwCleaner




Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3: TFC




Temp File Cleaner ausführen



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Schritt 4: Neues OTL-Log


[*]Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"[*]Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output[*]Unter Extra Registry, wähle bitte Use SafeList[*]Klicke nun auf Run Scan links oben[*]Wenn der Scan beendet wurde werden 2 Logfiles erstellt[*]Poste die Logfiles hier in den Thread.[/list]
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 03.05.2013, 11:19   #13
hadbanger
 
GVU Trojaner - Standard

GVU Trojaner



Hallo Marius,

hier der Log vom SecurityCheck:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.62  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 HostsMan 4.0.94 RC2   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 9  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 19.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Hadbanger Desktop Virus-Scan SecurityCheck.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 StarMoney 8.0 ouservice StarMoneyOnlineUpdate.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Das hat der adwCleaner ausgegeben:

Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 03/05/2013 um 08:43:25 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Hadbanger - HADBANGER-ACER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hadbanger\Desktop\Virus-Scan\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Hadbanger\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Hadbanger\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Hadbanger\AppData\Roaming\Mozilla\Firefox\Profiles\kgbel092.default\prefs.js

C:\Users\Hadbanger\AppData\Roaming\Mozilla\Firefox\Profiles\kgbel092.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=112542&tt=3512_3");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", "11");
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dp_alert", "0");
Gelöscht : user_pref("extensions.BabylonToolbar.dpk", "a239ee63432785bc9c5f6d9c56596c52");
Gelöscht : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "8DE216250B5F3FBACBA1FE42ADBA2740");
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "ef39963d00000000000000226863bc55");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15584");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1220:25:01");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\[...]
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.sg", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1220:25:01");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=3512_3");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1220:25:01");
Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");

*************************

AdwCleaner[S1].txt - [6973 octets] - [03/05/2013 08:43:25]

########## EOF - C:\AdwCleaner[S1].txt - [7033 octets] ##########
         

TFC ist ordnungsgemäß gelaufen und hat den Rechner anschließend neu gestartet.

Hier die beiden Logs von OTL:

Code:
ATTFilter
OTL Extras logfile created on: 03.05.2013 12:09:06 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hadbanger\Desktop\Virus-Scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 83,43% Memory free
11,98 Gb Paging File | 10,34 Gb Available in Paging File | 86,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 29,15 Gb Free Space | 24,45% Space Free | Partition Type: NTFS
Drive D: | 550,13 Gb Total Space | 455,10 Gb Free Space | 82,73% Space Free | Partition Type: NTFS
Drive K: | 366,72 Gb Total Space | 297,68 Gb Free Space | 81,18% Space Free | Partition Type: NTFS
Drive Z: | 1851,41 Gb Total Space | 1482,22 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
 
Computer Name: HADBANGER-ACER | User Name: Hadbanger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19408EBE-0B73-4886-A413-B9579A147CED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{19A8177B-3679-4CED-BDFC-C304B89BC9E5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{19EC71C8-8EEA-436C-817A-DAFCE72DA6AA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3E9C017E-28B0-402D-9431-8E739DF1BB70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D1B0CA8-B910-4EBC-B85D-3C413D88EDED}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5EDDB2CE-7762-4B86-B588-58FE93FD04C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{86DB544A-32ED-480E-8DB0-1BD738EA7FB5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8FD32C67-865E-48CF-9955-51170058C031}" = lport=139 | protocol=6 | dir=in | app=system | 
"{929BFC1E-57C3-410C-A48D-2F2D8B49F0EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{934AB909-7A85-4A43-AA60-239E3E605E8A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9A3E2111-06CC-482D-97C3-B73C299CB863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7304D81-FA91-4E8C-8037-158F4FF55DA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D06B0818-B376-4730-A431-08618D75066F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E19447FB-B340-493B-BFA0-7904A8D059AC}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0839CE0B-1CEC-4D85-AD9E-C1AEC0786FE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0C1915E6-62EB-4999-A74E-FAA481E5B9ED}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{15424FB9-6353-4B7E-ADF8-5EFFC3CCFD21}" = protocol=6 | dir=in | app=c:\users\hadbanger\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{16DBF7FB-D53F-476F-A7B0-3D948AB101DF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{1DEDCF1E-CA78-45CF-AEB4-B09B74839679}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{1E7CDC8F-356D-45D9-9B57-3B8D8E9F1645}" = protocol=17 | dir=in | app=c:\users\hadbanger\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{22357B5C-6C18-4B9F-BB21-76E1A082A1F0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{2926DA13-36B8-4174-BBB7-FA746713A6E5}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{444E29FE-A59D-43A6-AA83-71DA4A0BF01C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{49532E43-F699-4911-AB8C-C9E92DD3D101}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{4C0D926A-69C1-486C-996C-5E9CD7C1C28A}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{4D3185E7-9D55-481A-ACAF-B3638B2002F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{667E21FC-CEA0-4A74-AAD5-77401E35EB75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{698A9FDE-839E-42CD-ABDA-526EDC6D35EC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{85EC9699-A3A1-4C38-B2DD-3AD58C550054}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{8B1EA298-3E73-411D-9BEE-6556CD641C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{94F0A839-2144-481A-AA9C-8C0541B3A0C3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{9D45C2F3-34A6-4779-8604-FDB32801D804}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A650CD94-4535-4DD5-B0D6-0400CCD7A2EC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{A81F8DB1-7BEF-4AEC-B23D-C9D836E90E45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{BC68C766-5C73-4D56-9C33-20C5687A413D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 
"{BD8152AB-F470-4CE9-B39E-461E8496B47E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 
"{C3148E0D-4F82-47EE-AC76-F2F10EB676CA}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{DCAD3AA8-CA96-41CF-8D40-75C94C1FDC4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EF90DD06-1BA8-49E9-9592-7736D80121EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 
"{F101AE4F-F852-4322-BB89-19E5F68B0B0B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"{FD147598-BA3B-43C2-A1D4-649FB7BE2BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 
"TCP Query User{0368F263-3028-484D-AA20-0A40DE7F7233}C:\utils\jdownloader 2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\utils\jdownloader 2.0\jdownloader2.exe | 
"TCP Query User{5778B2B5-C25D-4243-AD8F-7FA5134371A3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{6E6C125B-B130-4B12-A360-61DDA2732FD9}C:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C00025EA-EE5C-4206-BC0D-30CEBB0F3609}C:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C3FD12E1-33FE-41C2-AA81-6FDD22F90023}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{D2745DED-2A09-467B-AF44-D7AF44B3EFFF}C:\utils\spybotportable\app\spybot\sdupdate.exe" = protocol=6 | dir=in | app=c:\utils\spybotportable\app\spybot\sdupdate.exe | 
"TCP Query User{E3FBC323-8400-4B65-8C53-BD5C8F22AD6A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E6590E5E-D0BA-4778-8802-242B79530495}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{F9A6B305-F639-46D1-AE1E-D87389292C0D}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe | 
"UDP Query User{0DB0A748-F838-4F95-9D19-C978B6E88F04}C:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{8CEB1B8A-8073-4ABD-9067-254B5A407A34}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{9A082CA9-99D6-43EE-B594-1E81D3AD3630}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A3FA818E-8156-4FC9-9531-B0753B2D7531}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{CE8247C8-8EDB-48CB-8D6F-24C9759E0475}C:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\hadbanger\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D089B0EE-9133-4CD2-BEF1-0B677625DE32}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{E1302591-12D8-4711-9D3E-9262EECDFCAD}C:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs4\support files\afterfx.exe | 
"UDP Query User{EA963A6B-3D81-4748-9CE3-FFDABD2A950A}C:\utils\jdownloader 2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\utils\jdownloader 2.0\jdownloader2.exe | 
"UDP Query User{FB50E4B4-5BE8-4BF9-BDA0-D81F043A931F}C:\utils\spybotportable\app\spybot\sdupdate.exe" = protocol=17 | dir=in | app=c:\utils\spybotportable\app\spybot\sdupdate.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22950922-8438-4c84-80d5-a17e6c2a5717}.sdb" = Adobe Audition 3 Vista Compatibility
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{26DE7BAD-453E-4C96-979F-1C288ECAA159}" = Intel(R) Network Connections 16.7.166.0
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5E2D7D76-30DE-4DDE-B416-9B0B925EBFEC}" = WD SmartWare Drive Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{858C1B33-C3D5-4377-B77B-1E2F338C7F66}" = Intel(R) Network Connections 17.2.154.0
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A1ED3F26-CF0C-4371-9960-8140B94E09F0}" = System Requirements Lab for Intel (64-bit)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{AA1EED5E-4FBA-44E7-8E53-46F16FB2AA65}" = System Requirements Lab for Intel (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C17EE011-15A9-4542-91FA-567B0F3D123F}" = Windows Live Family Safety
"{C1DC5F4D-25DA-4C78-B7E9-FF80805B096A}_is1" = Transport Stream Packet Editor (TSPE) Version 0.760
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.5
"HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.1 Plug-in (build 2105)
"MediaInfo" = MediaInfo 0.7.60
"Mediencenter Software" = Mediencenter Assistent
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PROSetDX" = Intel(R) Network Connections 17.2.154.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{15206372-2480-4698-9879-9825F12A307B}" = Adobe Premiere Pro CS4 Third Party Content
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A1443D7-7A4E-51EC-B41D-EB84114ED943}" = DVD2AVI Ripper v3.1.0.71
"{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1" = HostsMan 4.0.94 RC2
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{281D28EC-1357-4778-B2D7-DEA56D70EF96}" = Logitech High Quality Video
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{31F16C12-D74F-4FDA-849D-51DA39A97C60}" = Snapseed
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37FF74E1-843A-4431-AA07-E73E2B847CA4}" = Pegasus Imaging PICVideo Motion JPEG 3.0
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}" = DVD-Cover Printmaster 1.4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{473DDE79-6E9F-47AD-8D76-312D7660E877}" = Bororo 3D Plug-in
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{61933A31-A387-4D74-B319-9A15306471C3}" = MainConcept MPEG Pro 4.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{666BA8CB-753C-4C6B-B515-382F0D97EBCB}" = Force Skype HD Video
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{928501C9-CB3B-416C-99D7-9B6B89751FAD}" = Angry Birds Seasons
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D644743-267C-4E15-A806-B5011830D14E}" = Pantarheon 3D AviSynth Toolbox
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB893FB5-2AFF-4758-A5AA-360A49C98509}" = StarMoney 8.0 
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.197
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD93253E-9CB3-425B-A13F-12D5DF0E8FDF}" = Adobe Encore CS4 Codecs
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8C451E-A820-48C8-AE92-A0FF088969D8}" = Stereoscopic Player
"{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch
"{CFDF0961-77C7-4392-96EE-624DFE81C3C2}" = Watchtower Library 2012 - Deutsch
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D7D38949-8251-4F07-BC2C-AA767308010B}" = TMPGEnc Authoring Works 4
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB1F1933-58B6-4ACD-A7E8-ABE8CC086A07}" = System Requirements Lab for Intel
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7A8BC75-50A9-32F2-8DFB-C499D21881B7}" = Google Talk Plugin
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FDA09C-57AA-40CC-A555-FED7EF421E7E}" = Angry Birds Seasons
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDAD2767-11CA-4D38-9CC4-48770CE3CC7B}" = Notification Center
"Ac3Tool" = Ac3Tool (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_126a6c50d960aa4e8761045cec9b633" = Adobe Media Encoder CS4 Exporter
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_48bbd0b5673fdf22ea2ad2f6f129e8e" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_5a8cdebdcb3cd1974a9407c51ce9b53" = Adobe Media Encoder CS4 Importer
"Adobe_b3449bacc3f59b3b46b353ca9840034" = Adobe Encore CS4 Codecs
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.83
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avidemux 2.5" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete Stand-Alone" = Color Efex Pro 3.0 Complete
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Debut" = Debut Video Capture Software
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EasyBCD" = EasyBCD 2.0
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.3.1206
"foobar2000" = foobar2000 v1.2.2
"Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{37FF74E1-843A-4431-AA07-E73E2B847CA4}" = Pegasus Imaging PICVideo Motion JPEG 3.0
"InstallShield_{61933A31-A387-4D74-B319-9A15306471C3}" = MainConcept MPEG Pro 4.0
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"IsoBuster_is1" = IsoBuster 2.6
"jdownloader2" = JDownloader 2.0
"LAME_is1" = LAME v3.99.3 (for Windows)
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.2
"MainConcept MPEG Pro HD" = MainConcept MPEG Pro HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mediapurge" = Mediapurge
"MKVtoolnix" = MKVtoolnix 3.3.0
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.55
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Pixum ePrint" = Pixum ePrint 1.2
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Revo Uninstaller" = Revo Uninstaller 1.94
"SopCast" = SopCast 3.4.0
"SumatraPDF" = SumatraPDF
"TeamViewer 8" = TeamViewer 8
"ToolBox" = NCH Toolbox
"Trapcode EchoSpace" = Trapcode EchoSpace
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode SoundKeys" = Trapcode SoundKeys
"Trapcode Starglow" = Trapcode Starglow
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.6
"webmmf" = WebM Media Foundation Components
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"XMedia Recode" = XMedia Recode 3.0.9.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MusicManager" = Music Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2013 11:48:56 | Computer Name = Hadbanger-Acer | Source = ESENT | ID = 416
Description = taskhost (2920) WebCacheLocal: Beim Leeren von Protokolldatei C:\Users\Hadbanger\AppData\Local\Microsoft\Windows\WebCache\V01.log
 kann nicht in Abschnitt 2 geschrieben werden. Fehler -1011 (0xfffffc0d).
 
Error - 01.05.2013 11:48:56 | Computer Name = Hadbanger-Acer | Source = ESENT | ID = 492
Description = taskhost (2920) WebCacheLocal: Die Protokolldatei-Reihenfolge in "C:\Users\Hadbanger\AppData\Local\Microsoft\Windows\WebCache\"
 wurde durch einen schwerwiegenden Fehler angehalten. Für die Datenbank, die diese
 Protokolldatei-Reihenfolge verwendet, sind keine weiteren Aktualisierungen möglich.
 Bitte korrigieren Sie das Problem, und starten Sie erneut, oder führen Sie eine
 Wiederherstellung aus einer Sicherung durch.
 
Error - 01.05.2013 11:48:57 | Computer Name = Hadbanger-Acer | Source = ESENT | ID = 104
Description = taskhost (2920) WebCacheLocal: Das Datenbankmodul hat die Instanz 
(0) mit dem Fehler (-510) beendet.
 
Error - 02.05.2013 03:33:53 | Computer Name = Hadbanger-Acer | Source = Software Protection Platform Service | ID = 1001
Description = Fehler beim Starten des Softwareschutzdiensts.  0xD000009A  6.1.7601.17514
 
Error - 02.05.2013 03:36:03 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 03.05.2013 02:38:38 | Computer Name = Hadbanger-Acer | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antiviren, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 03.05.2013 02:41:02 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 03.05.2013 02:46:35 | Computer Name = Hadbanger-Acer | Source = ESENT | ID = 482
Description = wuaueng.dll (1164) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log"
 bei Offset 1148928 (0x0000000000118800) für 512 (0x00000200) Bytes zu schreiben,
 ist nach 0 Sekunden mit Systemfehler 1453 (0x000005ad): "Nicht genügend Quoten,
 um den angeforderten Dienst auszuführen. " fehlgeschlagen. Fehler -1011 (0xfffffc0d)
 bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise
 beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
 
Error - 03.05.2013 02:46:35 | Computer Name = Hadbanger-Acer | Source = ESENT | ID = 408
Description = wuaueng.dll (1164) SUS20ClientDataStore: In Protokolldatei 'C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log'
 konnte nicht geschrieben werden. Fehler -1011 (0xfffffc0d).
 
Error - 03.05.2013 02:49:03 | Computer Name = Hadbanger-Acer | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
[ System Events ]
Error - 01.05.2013 03:47:11 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 01.05.2013 03:47:11 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 02.05.2013 03:33:52 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 02.05.2013 03:33:52 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 02.05.2013 03:33:53 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
   %%1450
 
Error - 03.05.2013 02:38:38 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 03.05.2013 02:38:38 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 03.05.2013 02:46:34 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 03.05.2013 02:46:34 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 03.05.2013 02:48:21 | Computer Name = Hadbanger-Acer | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 03.05.2013 12:09:06 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hadbanger\Desktop\Virus-Scan
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 83,43% Memory free
11,98 Gb Paging File | 10,34 Gb Available in Paging File | 86,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 29,15 Gb Free Space | 24,45% Space Free | Partition Type: NTFS
Drive D: | 550,13 Gb Total Space | 455,10 Gb Free Space | 82,73% Space Free | Partition Type: NTFS
Drive K: | 366,72 Gb Total Space | 297,68 Gb Free Space | 81,18% Space Free | Partition Type: NTFS
Drive Z: | 1851,41 Gb Total Space | 1482,22 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
 
Computer Name: HADBANGER-ACER | User Name: Hadbanger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hadbanger\Desktop\Virus-Scan\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (SOURCENEXT)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (Poweroff) -- C:\Windows\SysWOW64\poweroff.exe (Jorgen Bosman)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (SOURCENEXT)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudserd) -- C:\Windows\SysNative\drivers\ssudserd.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (GFI Software)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (vidsflt53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (dsltestSp5a64) -- C:\Windows\SysNative\drivers\DslTestSp5a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0409&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{189FB78B-93F8-4211-BE2E-E07842D96315}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&index=blended&linkCode=ur2&camp=1638&creative=6742&tag=iepluginsearch-21
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE333
IE - HKCU\..\SearchScopes\{D436B8EC-80EA-4DD4-9F14-0C6957BF0762}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: eliteproxyswitcher%40my-proxy.com:1.2.0.2
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.586
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.ssl: "76.120.135.104"
FF - prefs.js..network.proxy.ssl_port: 35521
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010.11.14 19:08:17 | 000,000,000 | ---D | M]
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010.11.14 19:08:17 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Hadbanger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Hadbanger\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Hadbanger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hadbanger\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hadbanger\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.17 10:08:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.01 15:59:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 16:37:17 | 000,000,000 | ---D | M]
 
[2010.01.30 12:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\Extensions
[2013.02.27 17:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\Firefox\Profiles\kgbel092.default\extensions
[2013.02.27 16:36:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\Firefox\Profiles\kgbel092.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.21 16:47:51 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\firefox\profiles\kgbel092.default\extensions\eliteproxyswitcher@my-proxy.com.xpi
[2013.02.27 17:19:33 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\Hadbanger\AppData\Roaming\mozilla\firefox\profiles\kgbel092.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2009.08.24 19:47:33 | 000,000,952 | ---- | M] () -- C:\Users\Hadbanger\AppData\Roaming\mozilla\firefox\profiles\kgbel092.default\searchplugins\youtube-videosuche.xml
[2013.04.01 15:59:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.01 15:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.01 15:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.01 15:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.17 10:08:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010.01.30 12:24:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.04.01 15:59:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.30 20:34:46 | 000,002,284 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MusicManager] C:\Users\Hadbanger\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - Startup: C:\Users\Hadbanger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hadbanger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - Reg Error: Key error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.9.0.cab (SysInfo Class)
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.9.2)
O16:64bit: - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/x64/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Reg Error: Key error.)
O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.21.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA77B759-FEA5-456B-9E21-9DEBB205250C}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer03.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer03.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.21 16:41:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f3871469-65b8-11df-9ce8-00226863bc55}\Shell - "" = AutoRun
O33 - MountPoints2\{f3871477-65b8-11df-9ce8-00226863bc55}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.30 20:16:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HostsMan Backups
[2013.04.30 20:16:51 | 000,000,000 | ---D | C] -- C:\Users\Hadbanger\AppData\Roaming\abelhadigital.com
[2013.04.30 20:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\abelhadigital.com
[2013.04.30 20:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan
[2013.04.30 20:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HostsMan
[2013.04.30 17:08:13 | 000,000,000 | ---D | C] -- C:\Users\Hadbanger\AppData\Roaming\vlc
[2013.04.30 17:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.30 11:29:38 | 000,000,000 | ---D | C] -- C:\Users\Hadbanger\Desktop\Virus-Scan
[2013.04.27 21:51:32 | 000,000,000 | ---D | C] -- C:\Users\Hadbanger\AppData\Roaming\PDAppFlex
[2013.04.26 19:04:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.26 17:00:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.22 10:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.20 11:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2013.04.10 09:52:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 09:52:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 09:52:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 09:52:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 09:52:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 09:52:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 09:52:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 09:52:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 09:52:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 09:52:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 09:52:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 09:52:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 09:52:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 09:52:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.10 09:52:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 09:39:05 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 09:39:05 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 09:39:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 09:39:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 09:39:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 09:39:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.10 09:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.04.09 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\Hadbanger\AppData\Local\ElevatedDiagnostics
[2013.04.09 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.04.09 14:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.03 12:04:58 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1661754313-4272918001-2753178953-1000UA.job
[2013.05.03 12:04:58 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.03 12:04:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.03 12:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 09:24:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 08:51:36 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 08:51:36 | 000,011,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 08:44:29 | 529,928,191 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.02 20:07:37 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2013.05.02 17:26:02 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1661754313-4272918001-2753178953-1000Core.job
[2013.04.30 20:12:56 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\HostsMan.lnk
[2013.04.30 11:31:40 | 000,000,020 | ---- | M] () -- C:\Users\Hadbanger\defogger_reenable
[2013.04.29 17:58:02 | 000,884,736 | ---- | M] () -- C:\Users\Hadbanger\Documents\Gebiete Frankfurt-Süd.accdb
[2013.04.22 11:06:49 | 000,000,600 | ---- | M] () -- C:\Users\Hadbanger\AppData\Local\PUTTY.RND
[2013.04.19 19:14:36 | 131,276,901 | ---- | M] () -- C:\Users\Hadbanger\Desktop\Abschied_Boon.psd
[2013.04.19 18:01:02 | 003,248,208 | ---- | M] () -- C:\Users\Hadbanger\Desktop\pk-04—Lied 120.mp3
[2013.04.11 19:56:21 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.11 19:56:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.10 19:54:45 | 004,961,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.30 20:12:56 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\HostsMan.lnk
[2013.04.30 11:31:40 | 000,000,020 | ---- | C] () -- C:\Users\Hadbanger\defogger_reenable
[2013.04.19 18:00:51 | 003,248,208 | ---- | C] () -- C:\Users\Hadbanger\Desktop\pk-04—Lied 120.mp3
[2013.04.15 19:56:38 | 131,276,901 | ---- | C] () -- C:\Users\Hadbanger\Desktop\Abschied_Boon.psd
[2013.02.21 15:20:58 | 000,000,004 | ---- | C] () -- C:\Users\Hadbanger\AppData\Roaming\skype.ini
[2012.12.20 17:41:18 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.11.16 12:05:57 | 000,000,600 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\PUTTY.RND
[2012.08.23 16:30:06 | 000,000,021 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\mc.pixel.data
[2012.01.27 22:34:25 | 000,000,017 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\resmon.resmoncfg
[2012.01.25 21:15:34 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2012.01.18 15:30:50 | 000,000,457 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011.11.24 22:19:47 | 000,839,623 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\census.cache
[2011.11.24 22:19:38 | 000,117,779 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\ars.cache
[2011.11.24 22:11:50 | 000,000,036 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\housecall.guid.cache
[2011.06.27 11:20:54 | 000,004,096 | -H-- | C] () -- C:\Users\Hadbanger\AppData\Local\keyfile3.drm
[2010.11.18 19:41:39 | 000,000,103 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat
[2010.04.20 19:03:12 | 000,007,168 | ---- | C] () -- C:\Users\Hadbanger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.29 07:19:10 | 000,000,000 | ---- | C] () -- C:\Users\Hadbanger\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1407 bytes -> C:\ProgramData\Microsoft:ksCyKmybPmTCIheMhM
@Alternate Data Stream - 1261 bytes -> C:\Users\Hadbanger\AppData\Local\yPjahNDpOYT:lNSDoJ8O5LYxMYtnBR54ASq
@Alternate Data Stream - 1196 bytes -> C:\Users\Hadbanger\AppData\Local\2M5xrfiZFTIbDW0:Zh98LUPBROhAl5EiAt
@Alternate Data Stream - 1195 bytes -> C:\ProgramData\Microsoft:WNvns3w8cqPamUy1wxW1HMc

< End of report >
         

Alt 06.05.2013, 07:39   #14
Psychotic
/// Malwareteam
 
GVU Trojaner - Standard

GVU Trojaner



Dann sind wir durch!


Schritt 1: Java update


Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme, speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version herunterladen.
  • Wenn die Installation beendet wurde, gehe zu Start --> Systemsteuerung --> Programme und Funktionen (bzw. Software unter Windows XP) und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu, sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart:
  • Öffne die Systemsteuerung und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen ....
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.




Schritt 2: Adobe Reader update


Dein Adobe Reader ist veraltet. Da einige Schädlinge die Schwachstellen in veralteten Versionen nutzen, werden wir sie aktualisieren.

  • Lade dir den aktuellen Adobe Reader von hier herunter. Wichtig: Entferne den Haken für optionale Software (z.B. Google Chrome), der auf der Seite angezeigt wird, bevor du auf "Jetzt herunterladen" klickst.
  • Starte die Installation und folge den Anweisungen auf dem Bildschirm.
  • Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
  • Suche und entferne alle älteren Reader-Versionen.




Schritt 3: Mozilla Firefox update

Dein Firefox-Browser ist veraltet. Gehe wie folgt vor, um ihn zu aktualisieren:
  • Lade dir den aktuellen Firefox von hier herunter.
  • Starte das Setup und folge den Anweisungen auf dem Bildschirm.
  • Drücke die Windows- und die R-Taste, gib im folgenden Fenster appwiz.cpl ein und klicke auf OK.
  • Entferne alle älteren Firefox-Versionen.
  • Melde dich umgehend, falls Schwierigkeiten auftreten.




Defogger re-enable

Starte bitte den Defogger und klicke den re-enable Button




Systemwiederherstellungspunkte löschen

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:Commands
[clearallrestorepoints]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • [color=green] OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.[/color




OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




adwCleaner

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 06.05.2013, 10:04   #15
hadbanger
 
GVU Trojaner - Standard

GVU Trojaner



Hallo Marius,

ich habe alle Updates bzw. Deinstallationen durchgeführt, hat problemlos geklappt.

Ich denke, so sauber war mein Rechner noch nie, deswegen vielen Dank für Deine Mühe!!

Du kannst diesen Thread nun löschen!

Alles Gute und Grüße
Hadbanger

Antwort

Themen zu GVU Trojaner
bild, entferne, entfernen, erfolg, gestern, hoffe, kaspersky, kaspersky rescue disk, konnte, laufe, leicht, melde, meldet, nichts, otlpe, rescue, rescue disk, sperre, sperren, starte, startet, troja, trojaner, virus, windows



Zum Thema GVU Trojaner - Hallo, ich habe mir gestern den GVU-Trojaner eingefangen. Also Windows startet, aber dann ein Bild mit Zahlungsaufforderung, das sich nicht entfernen laesst. Ich hatte den schon mal letztes Jahr, da - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.