Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.04.2013, 14:36   #1
robertjana
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Böse

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Seit einiger Zeit kann ich keine richtigen Eingaben im Internet mehr machen. Es werden bei normalem Schreiben immer wieder Zeichen ausgelassen. Das Problem tritt bei Chats auf, bei Onlinespielen (Siedleronline), aber auch in der Adressleiste oder dem Suchfeld der google Startseite. In e-Mail Programmen oder Word ist alles ganz normal. Auch dieser Text ließ sich problemlos schreiben.

Geändert von robertjana (27.04.2013 um 14:53 Uhr) Grund: logfiles hinzugefügt

Alt 27.04.2013, 18:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Hallo und

Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)?
Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 27.04.2013, 19:18   #3
robertjana
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Dies sind die letzten Funde von Avira Antivir. Ein normales exportieren gelang nicht, da sich kein derartiges Fenster öffnete, indem man den Speicherort festlegen könnte.

Code:
ATTFilter
Die Datei 'C:\Users\Robert\Documents\Cameyo Apps\CCleaner.cameyo.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.kdv.899494' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57693591.qua' verschoben!

Die Datei 'C:\Users\Robert\Documents\Cameyo Apps\CCleaner Pro Free.cameyo.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.953309' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ffe1a36.qua' verschoben!

In der Datei 'C:\Users\remote\AppData\Local\Temp\A9267C35\YontooSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Beim Zugriff auf Daten der URL "hxxp://dl.yontoo.com/Install/6/yontoosetup.exe"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

In der Datei 'C:\Users\remote\AppData\Local\Temp\A9267C35\YontooSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen' [adware] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
         
Zitat:
Zitat von cosinus Beitrag anzeigen
Hallo und



Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)?
Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Code:
ATTFilter
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
         
Nein! Es handelt sich um eine Version für Lehrer an Schulen und Hochschulen, die damals zu einem sehr günstigen Preis angeboten wurde.

Zitat:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => Wichtig: Bitte alle Logs mit Funden posten
Dieses log habe ich angefügt

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke .
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Tut mir leid. Ich muss mich erst einmal in dieses Forum einarbeiten. Die txt Dateien waren leider zu groß - jedenfalls die eine. Dann kam der Hinweis auf das Zippen der logs als Anhang.
__________________

Alt 28.04.2013, 17:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.




Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.04.2013, 21:45   #5
robertjana
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Hallo cosinus. Eure Anleitungen sind ja echt spitze! Hier sind nun meine logs:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.28.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
remote :: MULTIMEDIAPC [administrator]

28.04.2013 21:43:08
mbar-log-2013-04-28 (21-43-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 32091
Time elapsed: 20 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\System32\cmdow.exe (PUP.Tool) -> Delete on reboot.

(end)
         
HIer noch einmal der 2. scan:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.28.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
remote :: MULTIMEDIAPC [administrator]

28.04.2013 22:33:31
mbar-log-2013-04-28 (22-33-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 32061
Time elapsed: 20 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
nun das log von aswMBR

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-28 22:38:40
-----------------------------
22:38:40.804    OS Version: Windows 6.1.7601 Service Pack 1
22:38:40.804    Number of processors: 2 586 0x402
22:38:40.804    ComputerName: MULTIMEDIAPC  UserName: remote
22:38:42.224    Initialize success
22:39:31.787    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:39:31.787    Disk 0 Vendor: SAMSUNG_HD502HI 1AG01118 Size: 476940MB BusType: 3
22:39:31.802    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-4
22:39:31.802    Disk 1 Vendor: ST3250410AS 3.AAC Size: 238475MB BusType: 3
22:39:31.896    Disk 0 MBR read successfully
22:39:31.911    Disk 0 MBR scan
22:39:31.911    Disk 0 Windows 7 default MBR code
22:39:31.927    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
22:39:31.943    Disk 0 Partition - 00     0F Extended LBA             79893 MB offset 208845
22:39:31.958    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       350000 MB offset 163840000
22:39:32.005    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        46939 MB offset 880640000
22:39:32.036    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        79893 MB offset 208908
22:39:32.052    Disk 0 scanning sectors +976771072
22:39:32.130    Disk 0 scanning C:\Windows\system32\drivers
22:39:41.240    Service scanning
22:40:00.163    Modules scanning
22:40:07.121    Disk 0 trace - called modules:
22:40:07.152    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
22:40:07.152    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d4a030]
22:40:07.152    3 CLASSPNP.SYS[8c97959e] -> nt!IofCallDriver -> [0x86b2f400]
22:40:07.167    5 ACPI.sys[8c03d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86b1f908]
22:40:07.167    Scan finished successfully
22:40:18.009    Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\Trojanerboard\MBR.dat"
22:40:18.009    The log file has been saved successfully to "C:\Users\Robert\Desktop\Trojanerboard\aswMBR.txt"
         
und zum Schluss TDSSKiller
Code:
ATTFilter
22:41:46.0904 5916  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:41:47.0124 5916  ============================================================
22:41:47.0124 5916  Current date / time: 2013/04/28 22:41:47.0124
22:41:47.0124 5916  SystemInfo:
22:41:47.0124 5916  
22:41:47.0124 5916  OS Version: 6.1.7601 ServicePack: 1.0
22:41:47.0124 5916  Product type: Workstation
22:41:47.0124 5916  ComputerName: MULTIMEDIAPC
22:41:47.0124 5916  UserName: remote
22:41:47.0124 5916  Windows directory: C:\Windows
22:41:47.0124 5916  System windows directory: C:\Windows
22:41:47.0124 5916  Processor architecture: Intel x86
22:41:47.0124 5916  Number of processors: 2
22:41:47.0124 5916  Page size: 0x1000
22:41:47.0124 5916  Boot type: Normal boot
22:41:47.0124 5916  ============================================================
22:41:48.0274 5916  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:41:48.0304 5916  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:41:48.0324 5916  ============================================================
22:41:48.0324 5916  \Device\Harddisk0\DR0:
22:41:48.0324 5916  MBR partitions:
22:41:48.0324 5916  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:41:48.0344 5916  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3300C, BlocksNum 0x9C0AC4A
22:41:48.0344 5916  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9C40000, BlocksNum 0x2AB98000
22:41:48.0344 5916  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x347D8000, BlocksNum 0x5BAD800
22:41:48.0344 5916  \Device\Harddisk1\DR1:
22:41:48.0364 5916  MBR partitions:
22:41:48.0364 5916  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x10D8728D
22:41:48.0364 5916  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x10D87800, BlocksNum 0xC43D000
22:41:48.0364 5916  ============================================================
22:41:48.0384 5916  C: <-> \Device\Harddisk0\DR0\Partition2
22:41:48.0424 5916  D: <-> \Device\Harddisk0\DR0\Partition3
22:41:48.0464 5916  E: <-> \Device\Harddisk0\DR0\Partition4
22:41:48.0494 5916  H: <-> \Device\Harddisk1\DR1\Partition1
22:41:48.0534 5916  G: <-> \Device\Harddisk1\DR1\Partition2
22:41:48.0534 5916  ============================================================
22:41:48.0534 5916  Initialize success
22:41:48.0534 5916  ============================================================
22:43:14.0287 2908  ============================================================
22:43:14.0287 2908  Scan started
22:43:14.0287 2908  Mode: Manual; SigCheck; TDLFS; 
22:43:14.0287 2908  ============================================================
22:43:15.0035 2908  ================ Scan system memory ========================
22:43:15.0035 2908  System memory - ok
22:43:15.0035 2908  ================ Scan services =============================
22:43:15.0191 2908  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:43:15.0301 2908  1394ohci - ok
22:43:15.0457 2908  [ 77B8A30E614786BB8F878D2B9346F6CC ] ABBYY.Licensing.FineReader.Professional.9.0 C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
22:43:15.0519 2908  ABBYY.Licensing.FineReader.Professional.9.0 - ok
22:43:15.0581 2908  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:43:15.0628 2908  ACPI - ok
22:43:15.0644 2908  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:43:15.0784 2908  AcpiPmi - ok
22:43:15.0940 2908  [ 16EF8223547EDD1C8C2D2077DE0345CE ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
22:43:15.0971 2908  AcrSch2Svc - ok
22:43:16.0081 2908  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:43:16.0096 2908  AdobeARMservice - ok
22:43:16.0190 2908  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:43:16.0237 2908  AdobeFlashPlayerUpdateSvc - ok
22:43:16.0315 2908  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:43:16.0361 2908  adp94xx - ok
22:43:16.0393 2908  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:43:16.0408 2908  adpahci - ok
22:43:16.0424 2908  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:43:16.0439 2908  adpu320 - ok
22:43:16.0455 2908  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:43:16.0517 2908  AeLookupSvc - ok
22:43:16.0564 2908  [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
22:43:16.0595 2908  afcdp - ok
22:43:16.0689 2908  [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv        C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
22:43:16.0751 2908  afcdpsrv - ok
22:43:16.0829 2908  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
22:43:16.0876 2908  AFD - ok
22:43:16.0923 2908  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
22:43:16.0954 2908  agp440 - ok
22:43:16.0985 2908  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
22:43:17.0001 2908  aic78xx - ok
22:43:17.0017 2908  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
22:43:17.0032 2908  ALG - ok
22:43:17.0048 2908  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:43:17.0048 2908  aliide - ok
22:43:17.0079 2908  [ 0FF34F07379FBEB7AFE0B2487C12B5A5 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:43:17.0141 2908  AMD External Events Utility - ok
22:43:17.0157 2908  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:43:17.0173 2908  amdagp - ok
22:43:17.0188 2908  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:43:17.0188 2908  amdide - ok
22:43:17.0219 2908  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:43:17.0266 2908  AmdK8 - ok
22:43:17.0297 2908  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:43:17.0313 2908  AmdPPM - ok
22:43:17.0344 2908  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:43:17.0360 2908  amdsata - ok
22:43:17.0375 2908  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:43:17.0391 2908  amdsbs - ok
22:43:17.0391 2908  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:43:17.0407 2908  amdxata - ok
22:43:17.0500 2908  [ 76544F01FA0D79CE6F525B6EB475BEF9 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
22:43:17.0531 2908  AntiVirMailService - ok
22:43:17.0609 2908  [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:43:17.0641 2908  AntiVirSchedulerService - ok
22:43:17.0687 2908  [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:43:17.0719 2908  AntiVirService - ok
22:43:17.0875 2908  [ 932B178CF3840CFC8B0051523F657A8A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:43:17.0921 2908  AntiVirWebService - ok
22:43:17.0953 2908  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
22:43:18.0062 2908  AppID - ok
22:43:18.0109 2908  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:43:18.0187 2908  AppIDSvc - ok
22:43:18.0202 2908  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
22:43:18.0233 2908  Appinfo - ok
22:43:18.0265 2908  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:43:18.0296 2908  AppMgmt - ok
22:43:18.0343 2908  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:43:18.0374 2908  arc - ok
22:43:18.0389 2908  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:43:18.0405 2908  arcsas - ok
22:43:18.0483 2908  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
22:43:18.0514 2908  AsIO - ok
22:43:18.0530 2908  [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO          C:\Windows\system32\drivers\AsUpIO.sys
22:43:18.0530 2908  AsUpIO - ok
22:43:18.0577 2908  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:43:18.0701 2908  AsyncMac - ok
22:43:18.0764 2908  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
22:43:18.0795 2908  atapi - ok
22:43:18.0826 2908  [ BB9E7C7F937714F05A4E05C287D6DDFF ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
22:43:18.0857 2908  AtiHdmiService - ok
22:43:18.0967 2908  [ E518E13C6F11A94D263F1A611A011B8F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:19.0076 2908  atikmdag - ok
22:43:19.0107 2908  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
22:43:19.0138 2908  AtiPcie - ok
22:43:19.0216 2908  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:43:19.0294 2908  AudioEndpointBuilder - ok
22:43:19.0294 2908  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:43:19.0325 2908  Audiosrv - ok
22:43:19.0403 2908  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:43:19.0435 2908  avgntflt - ok
22:43:19.0466 2908  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:43:19.0481 2908  avipbb - ok
22:43:19.0544 2908  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:43:19.0559 2908  avkmgr - ok
22:43:19.0606 2908  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:43:19.0669 2908  AxInstSV - ok
22:43:19.0700 2908  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
22:43:19.0747 2908  b06bdrv - ok
22:43:19.0793 2908  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
22:43:19.0840 2908  b57nd60x - ok
22:43:19.0887 2908  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:43:19.0918 2908  BDESVC - ok
22:43:19.0934 2908  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:43:19.0981 2908  Beep - ok
22:43:20.0027 2908  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
22:43:20.0043 2908  BFE - ok
22:43:20.0121 2908  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
22:43:20.0199 2908  BITS - ok
22:43:20.0199 2908  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:43:20.0215 2908  blbdrive - ok
22:43:20.0277 2908  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:43:20.0339 2908  bowser - ok
22:43:20.0355 2908  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:43:20.0402 2908  BrFiltLo - ok
22:43:20.0417 2908  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:43:20.0449 2908  BrFiltUp - ok
22:43:20.0495 2908  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
22:43:20.0542 2908  Browser - ok
22:43:20.0573 2908  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:43:20.0605 2908  Brserid - ok
22:43:20.0620 2908  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:43:20.0683 2908  BrSerWdm - ok
22:43:20.0698 2908  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:43:20.0729 2908  BrUsbMdm - ok
22:43:20.0745 2908  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:43:20.0761 2908  BrUsbSer - ok
22:43:20.0776 2908  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:43:20.0807 2908  BTHMODEM - ok
22:43:20.0839 2908  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
22:43:20.0917 2908  bthserv - ok
22:43:20.0948 2908  [ 6B67131A4FE1FCD3F40C184C978B907F ] camvid20        C:\Windows\system32\DRIVERS\camdrv21.sys
22:43:20.0979 2908  camvid20 ( UnsignedFile.Multi.Generic ) - warning
22:43:20.0979 2908  camvid20 - detected UnsignedFile.Multi.Generic (1)
22:43:20.0995 2908  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:43:21.0041 2908  cdfs - ok
22:43:21.0104 2908  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:43:21.0135 2908  cdrom - ok
22:43:21.0182 2908  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:43:21.0213 2908  CertPropSvc - ok
22:43:21.0244 2908  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:43:21.0260 2908  circlass - ok
22:43:21.0275 2908  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
22:43:21.0291 2908  CLFS - ok
22:43:21.0353 2908  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:43:21.0385 2908  clr_optimization_v2.0.50727_32 - ok
22:43:21.0619 2908  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:43:21.0650 2908  clr_optimization_v4.0.30319_32 - ok
22:43:21.0681 2908  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:43:21.0681 2908  CmBatt - ok
22:43:21.0728 2908  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:43:21.0759 2908  cmdide - ok
22:43:21.0853 2908  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:43:21.0899 2908  CNG - ok
22:43:21.0915 2908  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:43:21.0931 2908  Compbatt - ok
22:43:21.0993 2908  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:43:22.0024 2908  CompositeBus - ok
22:43:22.0040 2908  COMSysApp - ok
22:43:22.0071 2908  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:43:22.0087 2908  crcdisk - ok
22:43:22.0180 2908  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:43:22.0227 2908  CryptSvc - ok
22:43:22.0274 2908  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
22:43:22.0336 2908  CSC - ok
22:43:22.0367 2908  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
22:43:22.0414 2908  CscService - ok
22:43:22.0430 2908  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:43:22.0477 2908  DcomLaunch - ok
22:43:22.0508 2908  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:43:22.0539 2908  defragsvc - ok
22:43:22.0586 2908  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:43:22.0664 2908  DfsC - ok
22:43:22.0726 2908  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:43:22.0773 2908  Dhcp - ok
22:43:22.0789 2908  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
22:43:22.0835 2908  discache - ok
22:43:22.0851 2908  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:43:22.0867 2908  Disk - ok
22:43:22.0929 2908  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:43:22.0960 2908  Dnscache - ok
22:43:23.0007 2908  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:43:23.0054 2908  dot3svc - ok
22:43:23.0101 2908  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
22:43:23.0179 2908  DPS - ok
22:43:23.0210 2908  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:43:23.0241 2908  drmkaud - ok
22:43:23.0288 2908  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:43:23.0335 2908  DXGKrnl - ok
22:43:23.0350 2908  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
22:43:23.0397 2908  EapHost - ok
22:43:23.0459 2908  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
22:43:23.0522 2908  ebdrv - ok
22:43:23.0584 2908  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
22:43:23.0631 2908  EFS - ok
22:43:23.0725 2908  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:43:23.0787 2908  ehRecvr - ok
22:43:23.0803 2908  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
22:43:23.0818 2908  ehSched - ok
22:43:23.0849 2908  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:43:23.0865 2908  elxstor - ok
22:43:23.0865 2908  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:43:23.0896 2908  ErrDev - ok
22:43:23.0927 2908  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
22:43:23.0943 2908  EventSystem - ok
22:43:23.0959 2908  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
22:43:24.0005 2908  exfat - ok
22:43:24.0021 2908  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:43:24.0052 2908  fastfat - ok
22:43:24.0068 2908  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
22:43:24.0099 2908  Fax - ok
22:43:24.0115 2908  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:43:24.0115 2908  fdc - ok
22:43:24.0130 2908  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:43:24.0146 2908  fdPHost - ok
22:43:24.0161 2908  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
22:43:24.0193 2908  FDResPub - ok
22:43:24.0208 2908  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:43:24.0224 2908  FileInfo - ok
22:43:24.0224 2908  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:43:24.0255 2908  Filetrace - ok
22:43:24.0395 2908  [ DFADECE1B66095F3F247ACC0EBDC5F8D ] FlexNet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
22:43:24.0427 2908  FlexNet Licensing Service - ok
22:43:24.0442 2908  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:43:24.0458 2908  flpydisk - ok
22:43:24.0489 2908  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:43:24.0505 2908  FltMgr - ok
22:43:24.0692 2908  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
22:43:24.0739 2908  FontCache - ok
22:43:24.0817 2908  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:43:24.0832 2908  FontCache3.0.0.0 - ok
22:43:24.0848 2908  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:43:24.0863 2908  FsDepends - ok
22:43:24.0910 2908  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
22:43:24.0941 2908  fssfltr - ok
22:43:25.0097 2908  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:43:25.0144 2908  fsssvc - ok
22:43:25.0207 2908  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:43:25.0238 2908  Fs_Rec - ok
22:43:25.0316 2908  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:43:25.0347 2908  fvevol - ok
22:43:25.0378 2908  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:43:25.0394 2908  gagp30kx - ok
22:43:25.0456 2908  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:43:25.0534 2908  gpsvc - ok
22:43:25.0550 2908  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:43:25.0581 2908  hcw85cir - ok
22:43:25.0643 2908  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:43:25.0706 2908  HdAudAddService - ok
22:43:25.0721 2908  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:43:25.0753 2908  HDAudBus - ok
22:43:25.0768 2908  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:43:25.0784 2908  HidBatt - ok
22:43:25.0799 2908  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:43:25.0831 2908  HidBth - ok
22:43:25.0846 2908  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:43:25.0877 2908  HidIr - ok
22:43:25.0909 2908  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
22:43:25.0955 2908  hidserv - ok
22:43:26.0018 2908  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:43:26.0065 2908  HidUsb - ok
22:43:26.0127 2908  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:43:26.0189 2908  hkmsvc - ok
22:43:26.0283 2908  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:43:26.0345 2908  HomeGroupListener - ok
22:43:26.0392 2908  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:43:26.0439 2908  HomeGroupProvider - ok
22:43:26.0626 2908  [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:43:26.0642 2908  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:43:26.0642 2908  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:43:26.0689 2908  [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:43:26.0704 2908  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:43:26.0704 2908  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:43:26.0798 2908  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:43:26.0829 2908  HpSAMD - ok
22:43:26.0891 2908  [ 83DB5DD8BE71CBA5447FBD7A48FDBEDA ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:43:26.0907 2908  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:43:26.0907 2908  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:43:26.0985 2908  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:43:27.0047 2908  HTTP - ok
22:43:27.0079 2908  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:43:27.0110 2908  hwpolicy - ok
22:43:27.0125 2908  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:43:27.0157 2908  i8042prt - ok
22:43:27.0172 2908  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:43:27.0203 2908  iaStorV - ok
22:43:27.0297 2908  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:43:27.0328 2908  idsvc - ok
22:43:27.0375 2908  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:43:27.0391 2908  iirsp - ok
22:43:27.0422 2908  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:43:27.0469 2908  IKEEXT - ok
22:43:27.0500 2908  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:43:27.0531 2908  intelide - ok
22:43:27.0562 2908  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:43:27.0578 2908  intelppm - ok
22:43:27.0625 2908  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:43:27.0656 2908  IPBusEnum - ok
22:43:27.0671 2908  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:43:27.0703 2908  IpFilterDriver - ok
22:43:27.0796 2908  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:43:27.0859 2908  iphlpsvc - ok
22:43:27.0890 2908  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:43:27.0921 2908  IPMIDRV - ok
22:43:27.0937 2908  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:43:27.0968 2908  IPNAT - ok
22:43:27.0983 2908  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:43:27.0999 2908  IRENUM - ok
22:43:28.0061 2908  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:43:28.0108 2908  isapnp - ok
22:43:28.0124 2908  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:43:28.0139 2908  iScsiPrt - ok
22:43:28.0171 2908  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:43:28.0186 2908  kbdclass - ok
22:43:28.0217 2908  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:43:28.0249 2908  kbdhid - ok
22:43:28.0264 2908  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
22:43:28.0264 2908  KeyIso - ok
22:43:28.0295 2908  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:43:28.0311 2908  KSecDD - ok
22:43:28.0405 2908  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:43:28.0436 2908  KSecPkg - ok
22:43:28.0498 2908  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:43:28.0592 2908  KtmRm - ok
22:43:28.0623 2908  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:43:28.0654 2908  LanmanServer - ok
22:43:28.0670 2908  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:43:28.0685 2908  LanmanWorkstation - ok
22:43:28.0732 2908  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:43:28.0810 2908  lltdio - ok
22:43:28.0826 2908  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:43:28.0857 2908  lltdsvc - ok
22:43:28.0857 2908  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:43:28.0888 2908  lmhosts - ok
22:43:28.0919 2908  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:43:28.0935 2908  LSI_FC - ok
22:43:28.0935 2908  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:43:28.0935 2908  LSI_SAS - ok
22:43:28.0951 2908  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:43:28.0951 2908  LSI_SAS2 - ok
22:43:28.0951 2908  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:43:28.0966 2908  LSI_SCSI - ok
22:43:28.0997 2908  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
22:43:29.0013 2908  luafv - ok
22:43:29.0107 2908  [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
22:43:29.0138 2908  LVRS - ok
22:43:29.0278 2908  [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
22:43:29.0372 2908  LVUVC - ok
22:43:29.0419 2908  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:43:29.0450 2908  Mcx2Svc - ok
22:43:29.0465 2908  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:43:29.0481 2908  megasas - ok
22:43:29.0512 2908  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:43:29.0512 2908  MegaSR - ok
22:43:29.0653 2908  Microsoft SharePoint Workspace Audit Service - ok
22:43:29.0684 2908  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
22:43:29.0762 2908  MMCSS - ok
22:43:29.0777 2908  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
22:43:29.0809 2908  Modem - ok
22:43:29.0824 2908  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:43:29.0855 2908  monitor - ok
22:43:29.0933 2908  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:43:29.0965 2908  mouclass - ok
22:43:29.0980 2908  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:43:29.0996 2908  mouhid - ok
22:43:30.0074 2908  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:43:30.0105 2908  mountmgr - ok
22:43:30.0199 2908  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:43:30.0230 2908  MozillaMaintenance - ok
22:43:30.0308 2908  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:43:30.0386 2908  mpio - ok
22:43:30.0433 2908  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:43:30.0573 2908  mpsdrv - ok
22:43:30.0635 2908  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:43:30.0698 2908  MpsSvc - ok
22:43:30.0760 2908  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:43:30.0807 2908  MRxDAV - ok
22:43:30.0885 2908  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:43:30.0947 2908  mrxsmb - ok
22:43:30.0994 2908  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:43:31.0041 2908  mrxsmb10 - ok
22:43:31.0057 2908  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:43:31.0103 2908  mrxsmb20 - ok
22:43:31.0119 2908  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:43:31.0135 2908  msahci - ok
22:43:31.0150 2908  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:43:31.0166 2908  msdsm - ok
22:43:31.0181 2908  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
22:43:31.0213 2908  MSDTC - ok
22:43:31.0259 2908  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:43:31.0275 2908  Msfs - ok
22:43:31.0291 2908  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:43:31.0322 2908  mshidkmdf - ok
22:43:31.0353 2908  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:43:31.0369 2908  msisadrv - ok
22:43:31.0447 2908  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:43:31.0509 2908  MSiSCSI - ok
22:43:31.0509 2908  msiserver - ok
22:43:31.0540 2908  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:43:31.0571 2908  MSKSSRV - ok
22:43:31.0587 2908  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:43:31.0603 2908  MSPCLOCK - ok
22:43:31.0618 2908  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:43:31.0649 2908  MSPQM - ok
22:43:31.0665 2908  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:43:31.0681 2908  MsRPC - ok
22:43:31.0681 2908  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:43:31.0696 2908  mssmbios - ok
22:43:31.0712 2908  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:43:31.0727 2908  MSTEE - ok
22:43:31.0743 2908  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:43:31.0743 2908  MTConfig - ok
22:43:31.0774 2908  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
22:43:31.0805 2908  MTsensor - ok
22:43:31.0821 2908  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:43:31.0821 2908  Mup - ok
22:43:31.0930 2908  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
22:43:32.0008 2908  napagent - ok
22:43:32.0039 2908  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:43:32.0055 2908  NativeWifiP - ok
22:43:32.0117 2908  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:43:32.0164 2908  NDIS - ok
22:43:32.0180 2908  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:43:32.0211 2908  NdisCap - ok
22:43:32.0227 2908  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:43:32.0258 2908  NdisTapi - ok
22:43:32.0320 2908  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:43:32.0367 2908  Ndisuio - ok
22:43:32.0414 2908  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:43:32.0461 2908  NdisWan - ok
22:43:32.0476 2908  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:43:32.0523 2908  NDProxy - ok
22:43:32.0601 2908  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:43:32.0617 2908  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:43:32.0617 2908  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:43:32.0648 2908  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:43:32.0695 2908  NetBIOS - ok
22:43:32.0741 2908  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:43:32.0804 2908  NetBT - ok
22:43:32.0819 2908  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
22:43:32.0819 2908  Netlogon - ok
22:43:32.0866 2908  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
22:43:32.0897 2908  Netman - ok
22:43:32.0913 2908  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
22:43:32.0929 2908  netprofm - ok
22:43:32.0944 2908  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:43:32.0960 2908  NetTcpPortSharing - ok
22:43:32.0975 2908  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:43:32.0991 2908  nfrd960 - ok
22:43:33.0069 2908  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:43:33.0100 2908  NlaSvc - ok
22:43:33.0178 2908  [ 4F0DE685A96DC843CCC8A861B3FAC12D ] nmwcdnsu        C:\Windows\system32\drivers\nmwcdnsu.sys
22:43:33.0225 2908  nmwcdnsu - ok
22:43:33.0350 2908  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\Windows\system32\drivers\npf.sys
22:43:33.0381 2908  NPF - ok
22:43:33.0381 2908  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:43:33.0412 2908  Npfs - ok
22:43:33.0443 2908  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
22:43:33.0459 2908  nsi - ok
22:43:33.0490 2908  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:43:33.0537 2908  nsiproxy - ok
22:43:33.0646 2908  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:43:33.0693 2908  Ntfs - ok
22:43:33.0693 2908  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
22:43:33.0724 2908  Null - ok
22:43:33.0755 2908  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:43:33.0771 2908  nvraid - ok
22:43:33.0787 2908  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:43:33.0787 2908  nvstor - ok
22:43:33.0833 2908  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:43:33.0833 2908  nv_agp - ok
22:43:33.0849 2908  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:43:33.0865 2908  ohci1394 - ok
22:43:33.0943 2908  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:43:33.0974 2908  ose - ok
22:43:34.0192 2908  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:43:34.0270 2908  osppsvc - ok
22:43:34.0317 2908  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:43:34.0348 2908  p2pimsvc - ok
22:43:34.0364 2908  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:43:34.0379 2908  p2psvc - ok
22:43:34.0411 2908  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:43:34.0442 2908  Parport - ok
22:43:34.0551 2908  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:43:34.0582 2908  partmgr - ok
22:43:34.0598 2908  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
22:43:34.0629 2908  Parvdm - ok
22:43:34.0645 2908  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:43:34.0660 2908  PcaSvc - ok
22:43:34.0707 2908  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
22:43:34.0738 2908  pci - ok
22:43:34.0754 2908  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
22:43:34.0769 2908  pciide - ok
22:43:34.0801 2908  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:43:34.0832 2908  pcmcia - ok
22:43:34.0863 2908  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
22:43:34.0894 2908  pcw - ok
22:43:34.0972 2908  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:43:35.0035 2908  PEAUTH - ok
22:43:35.0097 2908  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:43:35.0159 2908  PeerDistSvc - ok
22:43:35.0269 2908  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
22:43:35.0315 2908  pla - ok
22:43:35.0393 2908  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:43:35.0440 2908  PlugPlay - ok
22:43:35.0518 2908  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:43:35.0565 2908  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:43:35.0565 2908  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:43:35.0596 2908  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:43:35.0643 2908  PNRPAutoReg - ok
22:43:35.0659 2908  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:43:35.0674 2908  PNRPsvc - ok
22:43:35.0705 2908  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:43:35.0737 2908  PolicyAgent - ok
22:43:35.0752 2908  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
22:43:35.0768 2908  Power - ok
22:43:35.0799 2908  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:43:35.0861 2908  PptpMiniport - ok
22:43:35.0877 2908  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:43:35.0893 2908  Processor - ok
22:43:35.0955 2908  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
22:43:36.0002 2908  ProfSvc - ok
22:43:36.0017 2908  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:43:36.0017 2908  ProtectedStorage - ok
22:43:36.0080 2908  [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
22:43:36.0127 2908  psadd - ok
22:43:36.0158 2908  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:43:36.0205 2908  Psched - ok
22:43:36.0236 2908  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:43:36.0267 2908  ql2300 - ok
22:43:36.0283 2908  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:43:36.0298 2908  ql40xx - ok
22:43:36.0329 2908  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
22:43:36.0345 2908  QWAVE - ok
22:43:36.0361 2908  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:43:36.0376 2908  QWAVEdrv - ok
22:43:36.0376 2908  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:43:36.0407 2908  RasAcd - ok
22:43:36.0470 2908  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:43:36.0532 2908  RasAgileVpn - ok
22:43:36.0548 2908  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
22:43:36.0579 2908  RasAuto - ok
22:43:36.0595 2908  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:43:36.0626 2908  Rasl2tp - ok
22:43:36.0688 2908  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
22:43:36.0751 2908  RasMan - ok
22:43:36.0766 2908  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:43:36.0813 2908  RasPppoe - ok
22:43:36.0829 2908  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:43:36.0844 2908  RasSstp - ok
22:43:36.0922 2908  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:43:37.0000 2908  rdbss - ok
22:43:37.0016 2908  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:43:37.0016 2908  rdpbus - ok
22:43:37.0047 2908  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:43:37.0078 2908  RDPCDD - ok
22:43:37.0094 2908  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:43:37.0125 2908  RDPDR - ok
22:43:37.0156 2908  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:43:37.0187 2908  RDPENCDD - ok
22:43:37.0187 2908  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:43:37.0219 2908  RDPREFMP - ok
22:43:37.0297 2908  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:43:37.0343 2908  RdpVideoMiniport - ok
22:43:37.0499 2908  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:43:37.0577 2908  RDPWD - ok
22:43:37.0624 2908  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:43:37.0640 2908  rdyboost - ok
22:43:37.0671 2908  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:43:37.0718 2908  RemoteAccess - ok
22:43:37.0733 2908  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:43:37.0780 2908  RemoteRegistry - ok
22:43:37.0827 2908  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
22:43:37.0858 2908  rpcapd - ok
22:43:37.0874 2908  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:43:37.0905 2908  RpcEptMapper - ok
22:43:37.0921 2908  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
22:43:37.0936 2908  RpcLocator - ok
22:43:37.0967 2908  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
22:43:37.0983 2908  RpcSs - ok
22:43:38.0014 2908  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:43:38.0030 2908  rspndr - ok
22:43:38.0139 2908  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
22:43:38.0170 2908  RTL8167 - ok
22:43:38.0279 2908  [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
22:43:38.0311 2908  RTL8192su - ok
22:43:38.0373 2908  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:43:38.0404 2908  s3cap - ok
22:43:38.0420 2908  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
22:43:38.0435 2908  SamSs - ok
22:43:38.0451 2908  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:43:38.0451 2908  sbp2port - ok
22:43:38.0467 2908  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:43:38.0498 2908  SCardSvr - ok
22:43:38.0513 2908  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:43:38.0560 2908  scfilter - ok
22:43:38.0607 2908  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
22:43:38.0669 2908  Schedule - ok
22:43:38.0716 2908  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:43:38.0732 2908  SCPolicySvc - ok
22:43:38.0794 2908  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:43:38.0841 2908  SDRSVC - ok
22:43:38.0888 2908  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:43:38.0935 2908  secdrv - ok
22:43:38.0935 2908  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
22:43:38.0966 2908  seclogon - ok
22:43:38.0981 2908  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
22:43:39.0013 2908  SENS - ok
22:43:39.0044 2908  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:43:39.0075 2908  SensrSvc - ok
22:43:39.0091 2908  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:43:39.0122 2908  Serenum - ok
22:43:39.0137 2908  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:43:39.0153 2908  Serial - ok
22:43:39.0169 2908  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:43:39.0184 2908  sermouse - ok
22:43:39.0231 2908  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:43:39.0262 2908  SessionEnv - ok
22:43:39.0293 2908  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:43:39.0325 2908  sffdisk - ok
22:43:39.0340 2908  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:43:39.0356 2908  sffp_mmc - ok
22:43:39.0371 2908  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:43:39.0387 2908  sffp_sd - ok
22:43:39.0403 2908  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:43:39.0418 2908  sfloppy - ok
22:43:39.0449 2908  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:43:39.0481 2908  SharedAccess - ok
22:43:39.0496 2908  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:43:39.0527 2908  ShellHWDetection - ok
22:43:39.0543 2908  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:43:39.0559 2908  sisagp - ok
22:43:39.0574 2908  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:43:39.0590 2908  SiSRaid2 - ok
22:43:39.0605 2908  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:43:39.0621 2908  SiSRaid4 - ok
22:43:39.0637 2908  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:43:39.0652 2908  Smb - ok
22:43:39.0730 2908  [ 85BADA660D57BC5AEF52B11CABD6D8F9 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
22:43:39.0746 2908  snapman - ok
22:43:39.0808 2908  [ D079068B720258EA3D0653ECAC2F9874 ] SNL320XP        C:\Windows\system32\DRIVERS\9kdUSBXP.sys
22:43:39.0855 2908  SNL320XP - ok
22:43:39.0886 2908  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:43:39.0917 2908  SNMPTRAP - ok
22:43:39.0949 2908  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:43:39.0980 2908  spldr - ok
22:43:40.0042 2908  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
22:43:40.0105 2908  Spooler - ok
22:43:40.0229 2908  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
22:43:40.0292 2908  sppsvc - ok
22:43:40.0385 2908  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:43:40.0448 2908  sppuinotify - ok
22:43:40.0526 2908  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:43:40.0588 2908  srv - ok
22:43:40.0619 2908  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:43:40.0651 2908  srv2 - ok
22:43:40.0666 2908  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:43:40.0697 2908  srvnet - ok
22:43:40.0713 2908  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:43:40.0760 2908  SSDPSRV - ok
22:43:40.0822 2908  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:43:40.0838 2908  ssmdrv - ok
22:43:40.0869 2908  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:43:40.0931 2908  SstpSvc - ok
22:43:40.0963 2908  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:43:40.0978 2908  stexstor - ok
22:43:41.0009 2908  [ EDB05BD63148796F23EA78506404A538 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:43:41.0056 2908  StillCam - ok
22:43:41.0103 2908  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
22:43:41.0165 2908  StiSvc - ok
22:43:41.0197 2908  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:43:41.0197 2908  storflt - ok
22:43:41.0228 2908  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
22:43:41.0243 2908  StorSvc - ok
22:43:41.0259 2908  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:43:41.0275 2908  storvsc - ok
22:43:41.0337 2908  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:43:41.0368 2908  swenum - ok
22:43:41.0399 2908  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
22:43:41.0446 2908  swprv - ok
22:43:41.0602 2908  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
22:43:41.0633 2908  SysMain - ok
22:43:41.0649 2908  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:43:41.0680 2908  TabletInputService - ok
22:43:41.0743 2908  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:43:41.0789 2908  TapiSrv - ok
22:43:41.0821 2908  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
22:43:41.0867 2908  TBS - ok
22:43:41.0961 2908  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:43:42.0008 2908  Tcpip - ok
22:43:42.0039 2908  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:43:42.0070 2908  TCPIP6 - ok
22:43:42.0117 2908  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:43:42.0164 2908  tcpipreg - ok
22:43:42.0211 2908  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:43:42.0257 2908  TDPIPE - ok
22:43:42.0476 2908  [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273      C:\Windows\system32\DRIVERS\tdrpm273.sys
22:43:42.0507 2908  tdrpman273 - ok
22:43:42.0554 2908  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:43:42.0632 2908  TDTCP - ok
22:43:42.0710 2908  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:43:42.0757 2908  tdx - ok
22:43:42.0959 2908  [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
22:43:43.0022 2908  TeamViewer8 - ok
22:43:43.0053 2908  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:43:43.0053 2908  TermDD - ok
22:43:43.0131 2908  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
22:43:43.0162 2908  TermService - ok
22:43:43.0193 2908  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
22:43:43.0225 2908  Themes - ok
22:43:43.0240 2908  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
22:43:43.0271 2908  THREADORDER - ok
22:43:43.0365 2908  [ 3E06987FEDBCDFBFF8E85EF8108565F9 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
22:43:43.0381 2908  timounter - ok
22:43:43.0412 2908  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
22:43:43.0443 2908  TrkWks - ok
22:43:43.0568 2908  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:43:43.0615 2908  TrustedInstaller - ok
22:43:43.0661 2908  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:43:43.0693 2908  tssecsrv - ok
22:43:43.0755 2908  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:43:43.0802 2908  TsUsbFlt - ok
22:43:43.0880 2908  [ 45711BAAC7737EE33985B693227FB3CA ] TTUSB2BDA       C:\Windows\system32\DRIVERS\ttusb2bda.sys
22:43:43.0927 2908  TTUSB2BDA - ok
22:43:43.0973 2908  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:43:44.0005 2908  tunnel - ok
22:43:44.0051 2908  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:43:44.0083 2908  uagp35 - ok
22:43:44.0114 2908  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:43:44.0145 2908  udfs - ok
22:43:44.0176 2908  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:43:44.0207 2908  UI0Detect - ok
22:43:44.0270 2908  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:43:44.0285 2908  uliagpkx - ok
22:43:44.0317 2908  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:43:44.0332 2908  umbus - ok
22:43:44.0348 2908  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:43:44.0363 2908  UmPass - ok
22:43:44.0426 2908  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
22:43:44.0457 2908  UmRdpService - ok
22:43:44.0551 2908  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:43:44.0582 2908  UMVPFSrv - ok
22:43:44.0613 2908  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
22:43:44.0660 2908  upnphost - ok
22:43:44.0738 2908  [ D339B7E74D908EEBEB4B4413B756150B ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA.sys
22:43:44.0769 2908  USB28xxBGA - ok
22:43:44.0800 2908  [ 65C288D96EB8DBB6FE6787011E99665C ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM.sys
22:43:44.0831 2908  USB28xxOEM - ok
22:43:44.0909 2908  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:43:44.0956 2908  usbaudio - ok
22:43:45.0034 2908  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:43:45.0097 2908  usbccgp - ok
22:43:45.0128 2908  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:43:45.0175 2908  usbcir - ok
22:43:45.0190 2908  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:43:45.0206 2908  usbehci - ok
22:43:45.0237 2908  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:43:45.0253 2908  usbhub - ok
22:43:45.0284 2908  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:43:45.0299 2908  usbohci - ok
22:43:45.0315 2908  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:43:45.0331 2908  usbprint - ok
22:43:45.0346 2908  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:43:45.0362 2908  USBSTOR - ok
22:43:45.0377 2908  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:43:45.0393 2908  usbuhci - ok
22:43:45.0409 2908  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
22:43:45.0440 2908  UxSms - ok
22:43:45.0455 2908  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
22:43:45.0471 2908  VaultSvc - ok
22:43:45.0487 2908  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:43:45.0487 2908  vdrvroot - ok
22:43:45.0549 2908  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
22:43:45.0611 2908  vds - ok
22:43:45.0627 2908  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:43:45.0627 2908  vga - ok
22:43:45.0643 2908  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:43:45.0674 2908  VgaSave - ok
22:43:45.0689 2908  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:43:45.0689 2908  vhdmp - ok
22:43:45.0736 2908  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:43:45.0752 2908  viaagp - ok
22:43:45.0767 2908  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
22:43:45.0767 2908  ViaC7 - ok
22:43:45.0845 2908  [ A6CAB31A6CFCD41E5213A924B2413EF1 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
22:43:45.0923 2908  VIAHdAudAddService - ok
22:43:45.0955 2908  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
22:43:45.0986 2908  viaide - ok
22:43:46.0001 2908  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:43:46.0017 2908  vmbus - ok
22:43:46.0048 2908  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:43:46.0048 2908  VMBusHID - ok
22:43:46.0079 2908  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:43:46.0095 2908  volmgr - ok
22:43:46.0111 2908  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:43:46.0126 2908  volmgrx - ok
22:43:46.0142 2908  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:43:46.0157 2908  volsnap - ok
22:43:46.0189 2908  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:43:46.0189 2908  vsmraid - ok
22:43:46.0267 2908  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
22:43:46.0329 2908  VSS - ok
22:43:46.0345 2908  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:43:46.0376 2908  vwifibus - ok
22:43:46.0391 2908  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:43:46.0423 2908  vwififlt - ok
22:43:46.0454 2908  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
22:43:46.0485 2908  W32Time - ok
22:43:46.0501 2908  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:43:46.0516 2908  WacomPen - ok
22:43:46.0610 2908  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:43:46.0657 2908  WANARP - ok
22:43:46.0672 2908  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:43:46.0688 2908  Wanarpv6 - ok
22:43:46.0750 2908  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
22:43:46.0797 2908  wbengine - ok
22:43:46.0828 2908  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:43:46.0828 2908  WbioSrvc - ok
22:43:46.0875 2908  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:43:46.0922 2908  wcncsvc - ok
22:43:46.0937 2908  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:43:46.0953 2908  WcsPlugInService - ok
22:43:46.0969 2908  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:43:46.0984 2908  Wd - ok
22:43:47.0062 2908  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:43:47.0109 2908  Wdf01000 - ok
22:43:47.0109 2908  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:43:47.0140 2908  WdiServiceHost - ok
22:43:47.0140 2908  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:43:47.0156 2908  WdiSystemHost - ok
22:43:47.0218 2908  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
22:43:47.0265 2908  WebClient - ok
22:43:47.0281 2908  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:43:47.0312 2908  Wecsvc - ok
22:43:47.0327 2908  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:43:47.0359 2908  wercplsupport - ok
22:43:47.0390 2908  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:43:47.0421 2908  WerSvc - ok
22:43:47.0437 2908  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:43:47.0452 2908  WfpLwf - ok
22:43:47.0468 2908  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:43:47.0483 2908  WIMMount - ok
22:43:47.0546 2908  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:43:47.0593 2908  WinDefend - ok
22:43:47.0593 2908  WinHttpAutoProxySvc - ok
22:43:47.0655 2908  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:43:47.0717 2908  Winmgmt - ok
22:43:47.0780 2908  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
22:43:47.0858 2908  WinRM - ok
22:43:47.0920 2908  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:43:47.0967 2908  WinUsb - ok
22:43:48.0014 2908  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:43:48.0045 2908  Wlansvc - ok
22:43:48.0154 2908  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:43:48.0185 2908  wlcrasvc - ok
22:43:48.0357 2908  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:43:48.0388 2908  wlidsvc - ok
22:43:48.0435 2908  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:43:48.0466 2908  WmiAcpi - ok
22:43:48.0513 2908  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:43:48.0544 2908  wmiApSrv - ok
22:43:48.0685 2908  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:43:48.0731 2908  WMPNetworkSvc - ok
22:43:48.0747 2908  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:43:48.0763 2908  WPCSvc - ok
22:43:48.0809 2908  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:43:48.0856 2908  WPDBusEnum - ok
22:43:48.0887 2908  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:43:48.0934 2908  ws2ifsl - ok
22:43:48.0934 2908  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:43:48.0965 2908  wscsvc - ok
22:43:49.0028 2908  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:43:49.0059 2908  WSDPrintDevice - ok
22:43:49.0059 2908  WSearch - ok
22:43:49.0199 2908  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:43:49.0246 2908  wuauserv - ok
22:43:49.0309 2908  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:43:49.0340 2908  WudfPf - ok
22:43:49.0371 2908  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:43:49.0387 2908  WUDFRd - ok
22:43:49.0402 2908  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:43:49.0433 2908  wudfsvc - ok
22:43:49.0449 2908  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:43:49.0480 2908  WwanSvc - ok
22:43:49.0543 2908  [ 4CAA1637520365C50331B454469DF58C ] [verify-U]      C:\Program Files\[verify-U] AVS\[verify-U]-Service.exe
22:43:49.0558 2908  [verify-U] ( UnsignedFile.Multi.Generic ) - warning
22:43:49.0558 2908  [verify-U] - detected UnsignedFile.Multi.Generic (1)
22:43:49.0589 2908  [ A505FF145D2C056BE52BFA7670D09525 ] [verify-U]_System C:\Windows\system32\drivers\[verify-U]-driver.sys
22:43:49.0605 2908  [verify-U]_System ( UnsignedFile.Multi.Generic ) - warning
22:43:49.0605 2908  [verify-U]_System - detected UnsignedFile.Multi.Generic (1)
22:43:49.0605 2908  ================ Scan global ===============================
22:43:49.0667 2908  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:43:49.0761 2908  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:43:49.0777 2908  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:43:49.0808 2908  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:43:49.0823 2908  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:43:49.0839 2908  [Global] - ok
22:43:49.0839 2908  ================ Scan MBR ==================================
22:43:49.0839 2908  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:43:50.0151 2908  \Device\Harddisk0\DR0 - ok
22:43:50.0182 2908  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
22:43:50.0245 2908  \Device\Harddisk1\DR1 - ok
22:43:50.0245 2908  ================ Scan VBR ==================================
22:43:50.0245 2908  [ C1F2706BE73D8E5E73F93C09726AD469 ] \Device\Harddisk0\DR0\Partition1
22:43:50.0245 2908  \Device\Harddisk0\DR0\Partition1 - ok
22:43:50.0276 2908  [ C9F213821C10DBC98B07CDD538F9AFBF ] \Device\Harddisk0\DR0\Partition2
22:43:50.0276 2908  \Device\Harddisk0\DR0\Partition2 - ok
22:43:50.0291 2908  [ 190D7E0AB05AE8D16BDD082E9B2BA64A ] \Device\Harddisk0\DR0\Partition3
22:43:50.0307 2908  \Device\Harddisk0\DR0\Partition3 - ok
22:43:50.0323 2908  [ DB03E70ED52E7701FE7348B65892D212 ] \Device\Harddisk0\DR0\Partition4
22:43:50.0323 2908  \Device\Harddisk0\DR0\Partition4 - ok
22:43:50.0338 2908  [ FA5EBF2DE3021535A666DC614E04D740 ] \Device\Harddisk1\DR1\Partition1
22:43:50.0338 2908  \Device\Harddisk1\DR1\Partition1 - ok
22:43:50.0369 2908  [ C88940EA26DE454EE830E39178328B75 ] \Device\Harddisk1\DR1\Partition2
22:43:50.0369 2908  \Device\Harddisk1\DR1\Partition2 - ok
22:43:50.0369 2908  ============================================================
22:43:50.0369 2908  Scan finished
22:43:50.0369 2908  ============================================================
22:43:50.0416 4860  Detected object count: 8
22:43:50.0416 4860  Actual detected object count: 8
22:44:08.0996 4860  camvid20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:08.0996 4860  camvid20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:08.0996 4860  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:08.0996 4860  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:08.0996 4860  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:08.0996 4860  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:09.0011 4860  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:09.0011 4860  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:09.0011 4860  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:09.0011 4860  [verify-U] ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860  [verify-U] ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:09.0011 4860  [verify-U]_System ( UnsignedFile.Multi.Generic ) - skipped by user
22:44:09.0011 4860  [verify-U]_System ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:44:32.0642 4212  Deinitialize success
         
Schon einmal Hochachtung für eure Arbeit und Geduld.


Alt 28.04.2013, 22:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)

Alt 29.04.2013, 06:38   #7
robertjana
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Hallo cosinus. Ich habe den Suchlauf durchgeführt. Danach ist etwas merkwürdiges passiert. Statt mit dem Standardbenutzer, melde ich mich auf einmal nur noch mit dem administrator an. Auch bei dem Versuch Benutzer wechseln standardbenutzer meldet sich wieder der administrator an. KOMISCH!
NACHTRAG: Nachdem ich das Kennwort für den Standardbenutzer geändert habe sfunktioniert auch diese Anmeldung wieder. (Vorher hattten beide Konten das gleiche Kennwort)
Code:
ATTFilter
ComboFix 13-04-28.01 - remote 29.04.2013   7:21.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3327.2065 [GMT 2:00]
ausgeführt von:: c:\users\Robert\Desktop\Trojanerboard\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\remote\AppData\Local\assembly\tmp
c:\users\Robert\ALDI NORD Bestellsoftware Setup.exe
c:\users\Robert\AmazonMP3Installer-de_DE.exe
c:\users\Robert\AppData\Local\assembly\tmp
c:\users\Robert\ccsetup400.exe
c:\users\Robert\Documents\MFC668F.tmp
c:\users\Robert\Documents\MFCE379.tmp
c:\users\Robert\FlashPlayer_V.83947134b.exe
c:\users\Robert\FoxitReader602.0413_enu_Setup.exe
c:\users\Robert\gamesplayerinstall.exe
c:\users\Robert\mbam-setup-1.70.0.1100.exe
c:\users\Robert\MoveMediaPlayerWin_071802000001.exe
c:\users\Robert\MozBackup-1.4.10-EN.exe
c:\users\Robert\NPE_3110.exe
c:\users\Robert\OOo_3.2.1_Win_x86_install_de.exe
c:\users\Robert\Rossmann-Fotosoftware-Setup.exe
c:\users\Robert\Setup-SopCast-3.4.0-2011-6-9.exe
c:\users\Robert\SetupAnyDVD6634.exe
c:\users\Robert\SetupDVDDecrypter_3.5.4.0.exe
c:\users\Robert\smartesi2013winwebinstaller.exe
c:\users\Robert\TeamViewer_Setup_de-ckc.exe
c:\users\Robert\TeamViewer_Setup_de.exe
c:\users\Robert\TeamViewerQS_de-ckc.exe
c:\windows\system\Agcgauge.ax
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-28 bis 2013-04-29  ))))))))))))))))))))))))))))))
.
.
2013-04-29 05:29 . 2013-04-29 05:29	--------	d-----w-	c:\users\Kinder\AppData\Local\temp
2013-04-29 05:29 . 2013-04-29 05:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-29 05:29 . 2013-04-29 05:30	--------	d-----w-	c:\users\remote\AppData\Local\temp
2013-04-29 05:29 . 2013-04-29 05:29	--------	d-----w-	c:\users\Robert\AppData\Local\temp
2013-04-29 05:29 . 2013-04-29 05:29	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-04-26 16:28 . 2013-04-26 16:28	97	----a-w-	c:\windows\DeleteOnReboot.bat
2013-04-26 15:55 . 2012-08-24 16:57	247808	----a-w-	c:\windows\system32\schannel.dll
2013-04-26 15:55 . 2012-08-24 17:05	136560	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-04-26 15:55 . 2012-08-24 17:02	369856	----a-w-	c:\windows\system32\drivers\cng.sys
2013-04-26 15:55 . 2012-08-24 16:56	1039360	----a-w-	c:\windows\system32\lsasrv.dll
2013-04-24 07:29 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 18:46 . 2013-04-23 18:46	--------	d-----w-	c:\users\remote\AppData\Roaming\player
2013-04-23 18:46 . 2013-04-23 18:46	--------	d-----w-	c:\program files\Tuguu SL
2013-04-18 05:19 . 2013-04-18 05:19	--------	d-----w-	c:\programdata\PictureMover
2013-04-17 18:45 . 2013-04-19 04:44	--------	d-----w-	c:\users\Robert\AppData\Roaming\TeamDrive3
2013-04-17 18:45 . 2013-04-17 18:45	--------	d-----w-	c:\programdata\TeamDrive3
2013-04-15 06:31 . 2013-04-15 06:31	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-04-09 23:51 . 2013-03-01 03:09	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-04-09 23:51 . 2013-01-24 04:47	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-09 23:51 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-09 23:51 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-09 23:51 . 2013-03-19 04:48	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-09 23:51 . 2013-03-19 02:49	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-09 16:12 . 2013-04-09 16:14	--------	d-----w-	c:\program files\Rossmann Fotowelt Software
2013-04-08 12:13 . 2013-04-08 12:13	--------	d-----w-	c:\users\Kinder\AppData\Roaming\MC-TVConverter
2013-04-08 12:13 . 2013-04-08 12:13	--------	d-----w-	c:\users\Kinder\AppData\Roaming\PictureMover
2013-04-05 17:39 . 2013-04-05 17:43	--------	d-----w-	c:\program files\ALDI NORD Bestellsoftware
2013-04-05 15:54 . 2013-04-05 15:54	--------	d-----w-	c:\program files\Marktkauf
2013-04-05 15:35 . 2013-04-05 15:35	--------	d-----w-	c:\program files\Pixum
2013-04-05 10:06 . 2013-04-05 10:06	--------	d-----w-	c:\users\Robert\AppData\Roaming\SMART Technologies Inc
2013-04-05 10:06 . 2013-04-05 10:06	--------	d-----w-	c:\users\Robert\AppData\Local\SMART Technologies Inc
2013-04-05 10:06 . 2013-04-05 10:06	--------	d-----w-	c:\users\Robert\AppData\Roaming\SMART Technologies
2013-04-05 10:05 . 2013-04-05 10:05	--------	d-----w-	c:\users\Robert\AppData\Local\SMART Technologies
2013-04-05 09:45 . 2013-04-05 09:48	--------	d-----w-	c:\programdata\LAT 2.0 Deutsch
2013-04-05 09:44 . 2013-04-05 09:44	--------	d-----w-	c:\programdata\FLEXnet
2013-04-05 09:35 . 2013-04-05 09:35	--------	d-----w-	c:\users\remote\AppData\Roaming\SMART Technologies Inc
2013-04-05 09:35 . 2013-04-05 09:35	--------	d-----w-	c:\users\remote\AppData\Local\SMART Technologies Inc
2013-04-05 09:34 . 2010-07-12 14:40	33680	----a-w-	c:\windows\system32\smrtlocalmon.dll
2013-04-05 09:34 . 2010-07-12 14:40	23848	----a-w-	c:\windows\system32\smrtlocalui.dll
2013-04-05 09:34 . 2010-05-26 09:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2013-04-05 09:33 . 2013-04-05 09:33	--------	d-----w-	c:\program files\SMART Technologies
2013-04-05 09:33 . 2013-04-05 09:33	--------	d-----w-	c:\program files\National Instruments
2013-04-05 09:32 . 2013-04-05 09:35	--------	d-----w-	c:\programdata\SMART Technologies
2013-04-05 09:31 . 2013-04-05 09:35	--------	d-----w-	c:\program files\Common Files\SMART Technologies
2013-04-05 09:30 . 2013-04-05 09:45	--------	d-----w-	c:\programdata\Downloaded Installations
2013-04-05 09:28 . 2013-04-05 09:28	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2013-03-31 21:23 . 2013-03-31 21:23	--------	d-----w-	c:\users\Robert\restore
2013-03-31 18:11 . 2013-03-31 18:11	--------	d-----w-	c:\users\remote\restore
2013-03-31 18:06 . 2013-04-06 16:46	--------	d-----w-	c:\programdata\tmp
2013-03-31 18:06 . 2013-04-05 15:38	--------	d-----w-	c:\programdata\hps
2013-03-31 18:02 . 2013-04-05 15:56	--------	d-----w-	c:\program files\CEWE COLOR
2013-03-31 16:22 . 2013-03-31 16:22	--------	d-----w-	c:\users\Robert\AppData\Roaming\PictureMover
2013-03-31 15:52 . 2013-03-31 15:53	--------	d-----w-	c:\users\remote\AppData\Roaming\PictureMover
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-23 18:51 . 2012-04-10 13:25	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-23 18:51 . 2011-05-17 09:42	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-15 14:17 . 2012-10-10 07:21	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-15 14:17 . 2012-10-10 07:21	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-15 14:17 . 2012-10-10 07:21	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-15 06:31 . 2012-07-10 07:06	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-15 06:31 . 2010-11-28 21:02	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-13 10:08	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:08	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-20 20:04	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2012-11-29 08:26 . 2011-04-12 16:05	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-01-28 5145824]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-01-28 358944]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-15 345312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\mbar.exe" [2013-04-28 1398856]
" Malwarebytes Anti-Malware  (cleanup)"="c:\users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\Data\cleanup.dll" [2013-04-28 1093192]
.
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\remote\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
dropbox2.bat [2011-11-20 86]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\remote\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
[verify-U]-Software.lnk - c:\program files\[verify-U] AVS\[verify-U]-Software.exe [2008-1-14 475136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 20:08	95504	----a-w-	c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
R3 camvid20;Philips ToUcam Camera; Video [2011-03-08 253909]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\DRIVERS\9kdUSBXP.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;c:\windows\system32\DRIVERS\ttusb2bda.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0-Lizenzierungsdienst;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 87501992
*NewlyCreated* - ASWMBR
*Deregistered* - 87501992
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 18:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\remote\AppData\Roaming\Mozilla\Firefox\Profiles\d9z8nnd6.default\
FF - prefs.js: browser.startup.homepage - 
FF - ExtSQL: 2013-04-23 20:45; ffxtlbr@delta.com; c:\users\remote\AppData\Roaming\Mozilla\Firefox\Profiles\d9z8nnd6.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: !HIDDEN! 2013-01-02 12:26; firejump@firejump.net; c:\users\remote\AppData\Roaming\Mozilla\Firefox\Profiles\d9z8nnd6.default\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-RunOnce-*ForceDelete - c:\users\Robert\Desktop\adwcleaner.exe
AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
.
.
"ImagePath"="\"c:\program files\
[verify-U] AVS\[verify-U]-Service.exe\""
.
"ImagePath"="system32\drivers\
[verify-U]-driver.sys"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\[verify-U]]
"ImagePath"="\"c:\program files\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\[verify-U]_System]
"ImagePath"="system32\drivers\
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d1,e9,f0,3b,b7,a6,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,27,71,29,76,57,a9,4f,ba,88,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,27,71,29,76,57,a9,4f,ba,88,76,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-29  07:31:24
ComboFix-quarantined-files.txt  2013-04-29 05:31
.
Vor Suchlauf: 2.718.318.592 Bytes frei
Nach Suchlauf: 4.695.195.648 Bytes frei
.
- - End Of File - - B05FE469073294C1BEA138CCE3E5585A
         

Geändert von robertjana (29.04.2013 um 06:47 Uhr)

Alt 29.04.2013, 10:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.04.2013, 18:52   #9
robertjana
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.2 (04.29.2013:1)
OS: Windows 7 Professional x86
Ran by remote on 29.04.2013 at 19:16:50,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\remote\desktop\optimizer pro.lnk"



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\remote\AppData\Roaming\mozilla\firefox\profiles\d9z8nnd6.default\invalidprefs.js



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.04.2013 at 19:17:54,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 29/04/2013 um 19:24:52 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : remote - MULTIMEDIAPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Robert\Desktop\Trojanerboard\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\f09wu6ak.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\remote\AppData\Roaming\Mozilla\Firefox\Profiles\d9z8nnd6.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Kinder\AppData\Roaming\Mozilla\Firefox\Profiles\rjr5xnou.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [8708 octets] - [26/04/2013 18:14:09]
AdwCleaner[R2].txt - [8768 octets] - [26/04/2013 18:14:35]
AdwCleaner[R3].txt - [8939 octets] - [26/04/2013 18:27:28]
AdwCleaner[R4].txt - [1701 octets] - [29/04/2013 19:24:35]
AdwCleaner[S1].txt - [8763 octets] - [26/04/2013 18:28:05]
AdwCleaner[S2].txt - [1396 octets] - [26/04/2013 20:35:43]
AdwCleaner[S3].txt - [1636 octets] - [29/04/2013 19:24:52]

########## EOF - \AdwCleaner[S3].txt - [1696 octets] ##########
         
Danach passierte wieder einmal etwas komisches - Es startete der MS Installer und wollte SolutionCenter installieren. Diese Installation brach mit folgender Fehlermeldung ab:
Code:
ATTFilter
The installer has encountered an error installing the package. this may be indicate a problem with the package. the error code is 2761
         
Code:
ATTFilter
OTL logfile created on: 29.04.2013 19:32:12 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop\Trojanerboard
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,51% Memory free
5,87 Gb Paging File | 4,68 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): d:\pagefile.sys 2686 2686 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,02 Gb Total Space | 4,32 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 10,04 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS
Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive H: | 134,76 Gb Total Space | 3,52 Gb Free Space | 2,61% Space Free | Partition Type: NTFS
 
Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robert\Desktop\Trojanerboard\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Kinder\AppData\Roaming\Dropbox\bin\dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Programme\The Maxifier\The Maxifier.exe ()
PRC - C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
PRC - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ()
PRC - C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\resource.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\thread_pool.dll ()
MOD - C:\Programme\The Maxifier\The Maxifier.exe ()
MOD - C:\Programme\[verify-U] AVS\[verify-U]_Software.dll ()
MOD - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FlexNet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (Flexera Software LLC)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - ([verify-U]) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\remote\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (camvid20) -- C:\Windows\System32\drivers\camdrv21.sys (Philips Components BU Imaging Solutions)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (TTUSB2BDA) -- C:\Windows\System32\drivers\ttusb2bda.sys (TechnoTrend Goerler GmbH)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - ([verify-U]_System) -- C:\Windows\System32\drivers\[verify-U]-driver.sys (Cybits AG)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (SNL320XP) -- C:\Windows\System32\drivers\9kdUSBXP.sys (Sonix Technology Co., Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 F0 37 37 7D 97 CA 01  [binary data]
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{A9EE43D8-5797-4B37-BB80-7C27E41CFAE6}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{FD0AB065-284F-4E0F-99F3-6917141DC82D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 AB 7C F4 F9 85 CC 01  [binary data]
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{910671B7-1BFD-4224-907C-666D9CA64B5F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.12 22:46:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.11 08:40:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.13 15:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.20 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions
[2011.08.19 14:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.26 18:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Firefox\Profiles\d9z8nnd6.default\extensions
[2013.03.31 20:22:48 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\firefox\profiles\d9z8nnd6.default\extensions\extension@preispilot.com.xpi
[2012.12.12 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.29 10:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.29 07:30:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\AvACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 29.04.2013 19:32:12 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop\Trojanerboard
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,51% Memory free
5,87 Gb Paging File | 4,68 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): d:\pagefile.sys 2686 2686 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,02 Gb Total Space | 4,32 Gb Free Space | 5,53% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 10,04 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS
Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive H: | 134,76 Gb Total Space | 3,52 Gb Free Space | 2,61% Space Free | Partition Type: NTFS
 
Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Marktkauf Fotowelt] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\Marktkauf Fotowelt.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BBE1AF-ACDD-4616-BBB2-8010B0351578}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0124E97A-D2C4-48CB-B1AD-165995C56F01}" = rport=138 | protocol=17 | dir=out | app=system | 
"{05077F09-B9BA-4F3D-9214-BEBCD185B7E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0A3F24E7-FC11-49C1-A29E-27F26FFE46A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{125686FB-BF21-42F2-B1C7-49762D127508}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2257A98A-A1CC-444C-AD9A-EA040571FA11}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2A856FAF-E52B-44AD-BB70-C9370508D4B4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{39C3FEE9-D9E6-48C0-9FD5-A0ADA9991D64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E239203-EDC0-4015-8781-8AA9A9A52BC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45E42BB3-4DA3-4C7B-854B-884033F51A22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7BD6C829-AD7E-4E62-B0A0-EC592B0BFC00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C1A877B-8980-466E-8F31-F7266F51DDF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7EB81184-8425-4B41-89D4-12EB843C7BCB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{89EAA9EB-9453-4B33-911C-8E3CDFC9ED7B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{909F7F5F-6C59-4A92-A0DC-F30914CB27BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A40AACF2-0235-4981-9BAD-2B66C04908B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B93E2931-4AC7-4B50-9590-EACAC268828E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C42E2A5F-E80E-434B-A1B5-A69B698F143B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CB43E44B-87E1-42C6-ABFB-CC018233204C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6A68863-E00A-4165-80F4-7B1C4F117B2F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{DE06AFA5-13D1-4BAA-9DA1-B3F3DD0C96F3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DF4B3812-36A0-46BC-8BAF-0ADD29D9859F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E1E1A16B-2CD5-4F8E-BB70-F87B53C6B6EB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E52BBA03-1C6C-4998-BFC5-D26890EF5FEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F581072D-3575-421A-B98F-9EDB4320DC3B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020FBDF3-73DB-4505-9B73-FE4D572B974A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{0333CED5-75BB-4F2C-9E4D-3D8BD3F03AC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{07C21D8E-1E8F-4E61-9D84-6118F4DA3306}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{0D3CB104-72D9-412B-BF6B-435476994824}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0F516105-7F87-4B5F-97E2-AD77B9FB508C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{153D9755-92AA-4EC2-B173-B775408C65A7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{1831E975-36A8-4A31-86DE-B264C43A540C}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1C7ADED3-6429-429B-8F2D-AD9684435227}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{1DF4528E-66E9-420D-8C37-628184ECC548}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A9A97D7-FA47-4982-979A-9E232AB694AE}" = protocol=6 | dir=out | app=system | 
"{2B6B670E-CD72-461C-8BAE-26E189673AC1}" = protocol=6 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3416A108-2BAC-48D3-98D2-58B8CDC34070}" = protocol=17 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3B239162-EA6C-46C7-8A53-EA1FCA3769BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{3B8F10C3-323A-477A-937A-D060127EF74B}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3EAF2832-8E46-412E-AC74-02AF7CB814FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A36639B-4DEC-41F5-84C1-4F94C412CDDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55A784B6-749D-4AE5-97BF-C58508EAB8C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{56F65D17-6559-46CA-B8C5-1839A3A2E2C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5F66C389-73C2-4598-955F-E49388386493}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{5FB4953E-054C-4549-9F32-663F836D2482}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61A21EA7-5F9F-4CAB-9F9A-C28DBC4716E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{62AC7A0B-998A-432F-B9B5-ABDAEA22FA20}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{637BBB6C-84A5-4724-9053-34239D149B58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{685C06E5-4DBE-40EC-A663-0BC0AEC8E25A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69C2ABAA-7300-4066-829C-09378A5737FE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{6AF6A577-3011-45CC-91D8-7384C3CABD43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{6C890355-84C3-476B-889E-BDDF88E24F7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EFEEC8E-105B-4958-A3B9-0441C203FC42}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{7ED056C3-C02B-48A8-853C-81A764684BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F36C833-D27E-441F-8A92-857986974E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8171B296-1FAB-41A8-97FE-BC92D90628DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{8455F6A8-7076-4D71-B2A8-CEC6E2E6064E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{9115CB1A-AB8B-4517-89D7-09C37656AABB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{95A093A6-B6B6-4C79-B0B9-3F11FABE54E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{99ACFB7C-6F9A-43AB-BD5F-C73ACC1DDF0A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{AEA89825-52BB-4E5E-BE99-FDD75B318DBB}" = dir=in | app=f:\setup\hpznui01.exe | 
"{B07A451D-D034-4464-A8A6-D1C234FFA275}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B9B7FEE4-ABF2-4C16-A6BF-1CFC37A5173B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA9A4CF1-75F8-4288-940D-1BB3A64860D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{BB1215A4-CB29-4441-8712-8801F3E8EB01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{BCA8209B-DB05-4208-A34C-D2285DFCDD66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{C7EA62C3-EE32-4C9B-BEAF-251DE187D931}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CB2E0654-7383-4274-A70C-6473D19BC333}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3A401E8-1976-479F-9FF2-33DB9E76D9BD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{E1331139-65EC-41E9-941F-D42D8857654B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E5CB4622-ACB0-42ED-8C9E-035A6E3F54B7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{E742B2A0-4B7F-4695-B857-A5C70F3793A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{E9B3D9A5-0DB1-49BA-9F4E-A56AB836DAAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{ED169D4C-50CC-47C0-9E04-FE151683C2B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{F76A9E9D-B4DD-44D4-8D0A-97C8F7A29861}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F9CC7FD7-9072-4893-9AF7-CA15762A738B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{0E59DA79-5EB8-411C-895D-A002591A2437}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe | 
"TCP Query User{2161F6F6-422E-479F-B0EA-A88E05A545EB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5BA19066-3B07-4198-94A9-8306F0F6AACC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{6D5836D8-2323-4DEE-8699-85B2BA001014}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{8AD252CD-CD77-49F5-9534-9C7F50AB051C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{ADC5C1D4-82C7-40B7-B50D-B693FFAB2AB9}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{B0F017FF-34EB-4C55-A0B6-004C22B59422}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BACEC8D8-9322-45DF-B996-C4D562BEE386}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{C3B8F8C0-787F-474A-888E-494891364716}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{E1159490-5698-45FF-8CAE-FB2A8A617221}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E3605124-FCE1-4D73-B235-BAA5E2FA3D51}C:\program files\asus\asusupdate\update.exe" = protocol=6 | dir=in | app=c:\program files\asus\asusupdate\update.exe | 
"TCP Query User{F4CAFF87-44AB-473D-A517-4A7C89CEA6C2}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe | 
"UDP Query User{082D07D6-FFBE-4ACC-A7D3-BAD805B02693}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{136C4661-14A3-4BC6-A81C-84885D357A43}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{169D9788-32B5-4D2D-8E6F-9B164401121F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{25A111B9-E463-43D3-B5E7-FA8D9D152532}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{3AE40E8A-B8B9-4C45-90A9-CDE10353018F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{5BEF3624-B557-41B6-B878-7B4E8CAD0F16}C:\program files\asus\asusupdate\update.exe" = protocol=17 | dir=in | app=c:\program files\asus\asusupdate\update.exe | 
"UDP Query User{6884F62F-6546-4650-9147-460F5D74CE73}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{694F6673-CEBF-43EB-A731-D39CAC9EA1F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{88772BF3-3EB1-4EEF-B4F6-DBC7F9EB2F8D}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{AB845567-2A81-410E-864C-271ACC99E8FC}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe | 
"UDP Query User{AD528A09-4865-4B68-9A95-E08CBC280975}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{DAB85B9A-E861-4310-BB35-2FFA8EE81BD1}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C0C196-54AC-8BC5-5F16-87C4A38D13B8}" = Catalyst Control Center Localization All
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{1063B812-E31C-833F-F5F0-46D9D06B5336}" = Catalyst Control Center Graphics Light
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{13DFC4CE-9089-4907-E042-71DCD6727DBA}" = ccc-utility
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1EE8648A-1141-BF6F-B002-1F279859606B}" = CCC Help Portuguese
"{1EFE2B13-7C03-E454-00F5-5FF8CFC86343}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AB485D-50A0-4F1E-8F43-45B3D2CDCEB7}" = Prisma Arbeitsblätter Biologie 1
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25C55EBA-401C-F7B8-E932-F7A5D53EADEE}" = Catalyst Control Center Graphics Previews Vista
"{26442B73-03B2-44E5-ACBC-8C6625B89481}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2846E2D9-5991-4332-A05D-20B06D15DFD5}" = The Maxifier
"{297ACAAE-FAAC-4817-A3BE-336F63399DA3}_is1" = Calme Version 2012
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E2660AC-6195-C603-A6BD-5FC039891FFF}" = ccc-core-static
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30E0C424-E68A-FB77-6E45-42EC039264F4}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7235B2-3305-4FE1-A9A1-5F8AC2F33122}" = SMART Common Files
"{3DA169A5-3DBC-BBCA-4366-0B8678D5B765}" = Catalyst Control Center Graphics Previews Common
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49E56237-4F46-5E38-FA6E-5A6651C355C7}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1" = 2.0.0
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}" = Catalyst Control Center InstallProxy
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{675D173B-F754-9B62-A847-A78117B3FCEA}" = CCC Help Italian
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{77791725-5D50-C0DE-059A-5C4B5EE8A212}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D}" = Catalyst Control Center Graphics Full New
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACEira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun File not found
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [The Maxifier] C:\Program Files\The Maxifier\The Maxifier.exe ()
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1002..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\Data\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\RunOnce: [Report] \AdwCleaner[S3].txt File not found
O4 - Startup: C:\Users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dropbox2.bat ()
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk =  File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1349814738270 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE8D744-F9C0-4196-9406-7FA6A6CA07F1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.29 19:16:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.29 19:16:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.29 07:31:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.29 07:31:26 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\temp
[2013.04.29 07:16:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.29 07:16:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.29 07:16:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.29 07:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.29 07:16:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.26 17:58:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.04.26 17:58:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.04.26 17:58:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.04.26 17:58:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.04.26 17:58:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.04.26 17:58:45 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.04.26 17:58:45 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.04.26 17:58:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.26 17:58:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.04.26 17:58:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.04.26 17:58:45 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.04.26 17:58:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.04.26 17:58:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.26 17:58:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.04.26 17:58:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.04.23 20:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\player
[2013.04.23 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.04.20 08:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.18 07:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover
[2013.04.17 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TeamDrive3
[2013.04.17 07:23:59 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.04.15 08:31:28 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.15 08:31:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.10 03:04:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 03:04:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 03:04:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 03:04:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 03:04:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 03:04:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 03:04:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 03:04:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 01:51:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 01:51:33 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 01:51:33 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 01:51:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.09 18:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
[2013.04.09 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann Fotowelt Software
[2013.04.05 19:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI NORD Bestellsoftware
[2013.04.05 17:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marktkauf Fotowelt
[2013.04.05 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Marktkauf
[2013.04.05 17:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch
[2013.04.05 17:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pixum
[2013.04.05 11:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LAT 2.0 Deutsch
[2013.04.05 11:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\SMART Technologies Inc
[2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\SMART Technologies Inc
[2013.04.05 11:34:53 | 000,033,680 | ---- | C] (SMART Technologies ULC) -- C:\Windows\System32\smrtlocalmon.dll
[2013.04.05 11:34:53 | 000,023,848 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\System32\smrtlocalui.dll
[2013.04.05 11:34:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Technologies
[2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2013.04.05 11:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2013.04.05 11:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
[2013.04.05 11:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies
[2013.04.05 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.05 11:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013.03.31 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\remote\restore
[2013.03.31 20:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.03.31 20:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.03.31 20:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\CEWE COLOR
[2013.03.31 17:52:54 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\PictureMover
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.29 19:33:49 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 19:33:49 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 19:26:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.29 19:26:05 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.29 19:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.29 07:30:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.28 10:41:30 | 000,657,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.28 10:41:30 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.28 10:41:30 | 000,131,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.28 10:41:30 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.27 10:47:47 | 000,000,000 | ---- | M] () -- C:\Users\remote\defogger_reenable
[2013.04.26 18:28:31 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.23 20:51:54 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.23 20:51:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.23 20:46:31 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.04.20 09:04:38 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.17 08:38:49 | 000,001,642 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083846.reg
[2013.04.17 08:37:55 | 000,111,818 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083751.reg
[2013.04.17 08:29:23 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.17 07:23:59 | 000,001,228 | ---- | M] () -- C:\Users\remote\Desktop\Revo Uninstaller.lnk
[2013.04.15 16:17:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.15 16:17:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.15 16:17:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.15 08:31:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.15 08:31:02 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.04.15 08:31:02 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.04.15 08:31:02 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.10 03:23:19 | 000,543,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.09 18:14:31 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2013.04.05 11:34:25 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.29 07:16:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.29 07:16:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.29 07:16:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.29 07:16:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.29 07:16:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.27 10:47:47 | 000,000,000 | ---- | C] () -- C:\Users\remote\defogger_reenable
[2013.04.26 18:28:16 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.23 20:46:31 | 000,002,587 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.04.20 08:41:43 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.17 08:38:48 | 000,001,642 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083846.reg
[2013.04.17 08:37:52 | 000,111,818 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083751.reg
[2013.04.09 18:14:31 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2013.04.05 11:34:25 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
[2013.01.02 13:26:06 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.11.11 18:01:57 | 000,293,712 | ---- | C] () -- C:\Windows\System32\Tbsql03.dll
[2012.11.11 18:01:57 | 000,246,368 | ---- | C] () -- C:\Windows\System32\Tbqry03.dll
[2012.11.11 18:01:57 | 000,145,696 | ---- | C] () -- C:\Windows\System32\Tblib.dll
[2012.11.11 18:01:57 | 000,090,688 | ---- | C] () -- C:\Windows\System32\Tbutl03.dll
[2012.11.11 18:01:57 | 000,014,512 | ---- | C] () -- C:\Windows\System32\Tbgui03.dll
[2012.11.11 18:01:57 | 000,005,488 | ---- | C] () -- C:\Windows\System32\Tbmds03.dll
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012.01.03 23:59:17 | 000,023,700 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2011.11.13 18:40:29 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011.07.02 01:43:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.26 21:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.03.14 19:30:56 | 000,000,680 | RHS- | C] () -- C:\Users\remote\ntuser.pol
[2010.04.13 19:38:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A01AC54A-5BB8-FE08-1854-5427457FCBCB}" = CCC Help Spanish
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A810B5F5-8ACA-4670-B6B3-F98B07DFF6C4}" = SMART Notebook
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD9821-3290-1B1F-D164-1F6D20601FAF}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD646716-2554-666F-6F72-A5D5B96CF046}" = CCC Help German
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28F4C9C-8348-4B52-BB95-F8FAC95A8325}" = PCTV Package - Windows Media Center
"{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1B109A-F0D0-2406-AFDB-FEBF9C4E0D9A}" = CCC Help Polish
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C748519A-9E3F-6FA2-5A7A-3CABECEC2CE1}" = ATI Catalyst Install Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0F02CE0-491C-11D4-A44A-0000E86D2305}" = Ulead PhotoImpact 6
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DD64C3B5-BE43-4496-9D26-5C4B2E0E104C}" = Langmeier Software Dreieck-1x1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674}" = Catalyst Control Center Core Implementation
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{ECE9F52E-4A25-4265-8459-85DF6A6FEB52}" = SMART German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F41D5B74-E0AC-4D36-9BC4-86A02994AA83}" = 10*000 Aufgaben Mathematik
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FBC386FF-3249-4C37-B87F-51A23E46AEFD}" = TSDoctor
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Blitzrechnen" = Blitzrechnen
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dropbox Shell Tools" = Dropbox Shell Tools 0.2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.2
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.70
"Foxit Reader_is1" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"HaaliMkx" = Haali Media Splitter
"Hdd Speed Test Tool_is1" = Hdd Speed Test Tool v. 1.0.14 (RC 1)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ifolor-Designer" = ifolor Designer
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Marktkauf Fotowelt" = Marktkauf Fotowelt
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Oregon Scientific SmartGlobe(TM) Deluxe_is1" = SmartGlobe(TM) Deluxe V3.13
"Pixum Fotobuch" = Pixum Fotobuch
"Poker im Wilden Westen" = Poker im Wilden Westen
"Ressource 3000" = Ressource 3000
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"S2TNG" = Die Siedler II - Die nächste Generation
"Shop for HP Supplies" = Shop for HP Supplies
"SmartToolsKalender-Assistentv6.00" = SmartTools Publishing • Word Kalender-Assistent
"TeamViewer 8" = TeamViewer 8
"The Maxifier" = The Maxifier
"VLC media player" = VLC media player 2.0.4
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fbaaf7d101824206" = RoboGUI
"Move Media Player" = Move Media Player
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Opera 12.02.1578" = Opera 12.02
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.04.2013 13:20:13 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
 6.1.7601.17514, Zeitstempel: 0x4ce7b86d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003d679
ID
 des fehlerhaften Prozesses: 0xc50  Startzeit der fehlerhaften Anwendung: 0x01ce44fd948e23c5
Pfad
 der fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\EXPLORERFRAME.dll  Berichtskennung: 0cccba3e-b0f1-11e2-b6ac-90e6ba8c80d1
 
Error - 29.04.2013 13:27:47 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 1041
Description = 
 
Error - 29.04.2013 13:30:16 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 10005
Description = 
 
[ System Events ]
Error - 29.04.2013 13:19:42 | Computer Name = MultimediaPC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Alt 30.04.2013, 10:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Log von OTL (otl.txt) ist leider unvollständig
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.04.2013, 12:32   #11
robertjana
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Das verstehe ich nicht - Die logs beginnen mit OTL logfile bzw OTL Extras logfile und enden beide mit End of Report.
Ich habe otl noch einmal laufen lassen, falls ich in den Einstellungen etwas übersehen habe. Hier sind die logs:

Code:
ATTFilter
OTL Extras logfile created on: 30.04.2013 13:23:01 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop\Trojanerboard
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 72,20% Memory free
5,87 Gb Paging File | 4,55 Gb Available in Paging File | 77,54% Paging File free
Paging file location(s): d:\pagefile.sys 2686 2686 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,02 Gb Total Space | 2,75 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 9,07 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS
Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive H: | 134,76 Gb Total Space | 3,50 Gb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive I: | 3,59 Gb Total Space | 3,59 Gb Free Space | 99,83% Space Free | Partition Type: FAT32
 
Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Marktkauf Fotowelt] -- "C:\Program Files\Marktkauf\Marktkauf Fotowelt\Marktkauf Fotowelt.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BBE1AF-ACDD-4616-BBB2-8010B0351578}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0124E97A-D2C4-48CB-B1AD-165995C56F01}" = rport=138 | protocol=17 | dir=out | app=system | 
"{05077F09-B9BA-4F3D-9214-BEBCD185B7E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0A3F24E7-FC11-49C1-A29E-27F26FFE46A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{125686FB-BF21-42F2-B1C7-49762D127508}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2257A98A-A1CC-444C-AD9A-EA040571FA11}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2A856FAF-E52B-44AD-BB70-C9370508D4B4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{39C3FEE9-D9E6-48C0-9FD5-A0ADA9991D64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E239203-EDC0-4015-8781-8AA9A9A52BC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45E42BB3-4DA3-4C7B-854B-884033F51A22}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7BD6C829-AD7E-4E62-B0A0-EC592B0BFC00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C1A877B-8980-466E-8F31-F7266F51DDF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7EB81184-8425-4B41-89D4-12EB843C7BCB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{89EAA9EB-9453-4B33-911C-8E3CDFC9ED7B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{909F7F5F-6C59-4A92-A0DC-F30914CB27BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A40AACF2-0235-4981-9BAD-2B66C04908B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B93E2931-4AC7-4B50-9590-EACAC268828E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C42E2A5F-E80E-434B-A1B5-A69B698F143B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CB43E44B-87E1-42C6-ABFB-CC018233204C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D6A68863-E00A-4165-80F4-7B1C4F117B2F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{DE06AFA5-13D1-4BAA-9DA1-B3F3DD0C96F3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DF4B3812-36A0-46BC-8BAF-0ADD29D9859F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E1E1A16B-2CD5-4F8E-BB70-F87B53C6B6EB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E52BBA03-1C6C-4998-BFC5-D26890EF5FEB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F581072D-3575-421A-B98F-9EDB4320DC3B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020FBDF3-73DB-4505-9B73-FE4D572B974A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{0333CED5-75BB-4F2C-9E4D-3D8BD3F03AC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{07C21D8E-1E8F-4E61-9D84-6118F4DA3306}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{0D3CB104-72D9-412B-BF6B-435476994824}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0F516105-7F87-4B5F-97E2-AD77B9FB508C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{153D9755-92AA-4EC2-B173-B775408C65A7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{1831E975-36A8-4A31-86DE-B264C43A540C}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1C7ADED3-6429-429B-8F2D-AD9684435227}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{1DF4528E-66E9-420D-8C37-628184ECC548}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2A9A97D7-FA47-4982-979A-9E232AB694AE}" = protocol=6 | dir=out | app=system | 
"{2B6B670E-CD72-461C-8BAE-26E189673AC1}" = protocol=6 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3416A108-2BAC-48D3-98D2-58B8CDC34070}" = protocol=17 | dir=in | app=c:\users\kinder\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3B239162-EA6C-46C7-8A53-EA1FCA3769BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{3B8F10C3-323A-477A-937A-D060127EF74B}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3EAF2832-8E46-412E-AC74-02AF7CB814FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A36639B-4DEC-41F5-84C1-4F94C412CDDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55A784B6-749D-4AE5-97BF-C58508EAB8C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{56F65D17-6559-46CA-B8C5-1839A3A2E2C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5F66C389-73C2-4598-955F-E49388386493}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{5FB4953E-054C-4549-9F32-663F836D2482}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61A21EA7-5F9F-4CAB-9F9A-C28DBC4716E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{62AC7A0B-998A-432F-B9B5-ABDAEA22FA20}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{637BBB6C-84A5-4724-9053-34239D149B58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{685C06E5-4DBE-40EC-A663-0BC0AEC8E25A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69C2ABAA-7300-4066-829C-09378A5737FE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{6AF6A577-3011-45CC-91D8-7384C3CABD43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{6C890355-84C3-476B-889E-BDDF88E24F7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EFEEC8E-105B-4958-A3B9-0441C203FC42}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{7ED056C3-C02B-48A8-853C-81A764684BD8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F36C833-D27E-441F-8A92-857986974E08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8171B296-1FAB-41A8-97FE-BC92D90628DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{8455F6A8-7076-4D71-B2A8-CEC6E2E6064E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{9115CB1A-AB8B-4517-89D7-09C37656AABB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{95A093A6-B6B6-4C79-B0B9-3F11FABE54E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{99ACFB7C-6F9A-43AB-BD5F-C73ACC1DDF0A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{AEA89825-52BB-4E5E-BE99-FDD75B318DBB}" = dir=in | app=f:\setup\hpznui01.exe | 
"{B07A451D-D034-4464-A8A6-D1C234FFA275}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B9B7FEE4-ABF2-4C16-A6BF-1CFC37A5173B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA9A4CF1-75F8-4288-940D-1BB3A64860D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{BB1215A4-CB29-4441-8712-8801F3E8EB01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{BCA8209B-DB05-4208-A34C-D2285DFCDD66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{C7EA62C3-EE32-4C9B-BEAF-251DE187D931}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CB2E0654-7383-4274-A70C-6473D19BC333}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3A401E8-1976-479F-9FF2-33DB9E76D9BD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{E1331139-65EC-41E9-941F-D42D8857654B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E5CB4622-ACB0-42ED-8C9E-035A6E3F54B7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{E742B2A0-4B7F-4695-B857-A5C70F3793A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{E9B3D9A5-0DB1-49BA-9F4E-A56AB836DAAA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{ED169D4C-50CC-47C0-9E04-FE151683C2B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{F76A9E9D-B4DD-44D4-8D0A-97C8F7A29861}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{F9CC7FD7-9072-4893-9AF7-CA15762A738B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{0E59DA79-5EB8-411C-895D-A002591A2437}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe | 
"TCP Query User{2161F6F6-422E-479F-B0EA-A88E05A545EB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5BA19066-3B07-4198-94A9-8306F0F6AACC}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{6D5836D8-2323-4DEE-8699-85B2BA001014}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{8AD252CD-CD77-49F5-9534-9C7F50AB051C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{ADC5C1D4-82C7-40B7-B50D-B693FFAB2AB9}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{B0F017FF-34EB-4C55-A0B6-004C22B59422}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BACEC8D8-9322-45DF-B996-C4D562BEE386}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{C3B8F8C0-787F-474A-888E-494891364716}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{E1159490-5698-45FF-8CAE-FB2A8A617221}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{E3605124-FCE1-4D73-B235-BAA5E2FA3D51}C:\program files\asus\asusupdate\update.exe" = protocol=6 | dir=in | app=c:\program files\asus\asusupdate\update.exe | 
"TCP Query User{F4CAFF87-44AB-473D-A517-4A7C89CEA6C2}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe | 
"UDP Query User{082D07D6-FFBE-4ACC-A7D3-BAD805B02693}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{136C4661-14A3-4BC6-A81C-84885D357A43}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{169D9788-32B5-4D2D-8E6F-9B164401121F}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{25A111B9-E463-43D3-B5E7-FA8D9D152532}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{3AE40E8A-B8B9-4C45-90A9-CDE10353018F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{5BEF3624-B557-41B6-B878-7B4E8CAD0F16}C:\program files\asus\asusupdate\update.exe" = protocol=17 | dir=in | app=c:\program files\asus\asusupdate\update.exe | 
"UDP Query User{6884F62F-6546-4650-9147-460F5D74CE73}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{694F6673-CEBF-43EB-A731-D39CAC9EA1F2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{88772BF3-3EB1-4EEF-B4F6-DBC7F9EB2F8D}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{AB845567-2A81-410E-864C-271ACC99E8FC}H:\portableapps\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=h:\portableapps\skypeportable\app\skype\phone\skype.exe | 
"UDP Query User{AD528A09-4865-4B68-9A95-E08CBC280975}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{DAB85B9A-E861-4310-BB35-2FFA8EE81BD1}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng_addon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C0C196-54AC-8BC5-5F16-87C4A38D13B8}" = Catalyst Control Center Localization All
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{1063B812-E31C-833F-F5F0-46D9D06B5336}" = Catalyst Control Center Graphics Light
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{13DFC4CE-9089-4907-E042-71DCD6727DBA}" = ccc-utility
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1EE8648A-1141-BF6F-B002-1F279859606B}" = CCC Help Portuguese
"{1EFE2B13-7C03-E454-00F5-5FF8CFC86343}" = CCC Help Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AB485D-50A0-4F1E-8F43-45B3D2CDCEB7}" = Prisma Arbeitsblätter Biologie 1
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25C55EBA-401C-F7B8-E932-F7A5D53EADEE}" = Catalyst Control Center Graphics Previews Vista
"{26442B73-03B2-44E5-ACBC-8C6625B89481}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2846E2D9-5991-4332-A05D-20B06D15DFD5}" = The Maxifier
"{297ACAAE-FAAC-4817-A3BE-336F63399DA3}_is1" = Calme Version 2012
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E2660AC-6195-C603-A6BD-5FC039891FFF}" = ccc-core-static
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30E0C424-E68A-FB77-6E45-42EC039264F4}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7235B2-3305-4FE1-A9A1-5F8AC2F33122}" = SMART Common Files
"{3DA169A5-3DBC-BBCA-4366-0B8678D5B765}" = Catalyst Control Center Graphics Previews Common
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49E56237-4F46-5E38-FA6E-5A6651C355C7}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F80F043-B003-4820-B8E3-CB7E6CF5BB03}_is1" = 2.0.0
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DC2889B-AF01-3494-38CA-37BBDB1D9F39}" = Catalyst Control Center InstallProxy
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{675D173B-F754-9B62-A847-A78117B3FCEA}" = CCC Help Italian
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{77791725-5D50-C0DE-059A-5C4B5EE8A212}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DEDD94B-32EB-D72C-CDAE-6BBA3E31276D}" = Catalyst Control Center Graphics Full New
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A01AC54A-5BB8-FE08-1854-5427457FCBCB}" = CCC Help Spanish
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A810B5F5-8ACA-4670-B6B3-F98B07DFF6C4}" = SMART Notebook
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD9821-3290-1B1F-D164-1F6D20601FAF}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD646716-2554-666F-6F72-A5D5B96CF046}" = CCC Help German
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28F4C9C-8348-4B52-BB95-F8FAC95A8325}" = PCTV Package - Windows Media Center
"{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE1B109A-F0D0-2406-AFDB-FEBF9C4E0D9A}" = CCC Help Polish
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C748519A-9E3F-6FA2-5A7A-3CABECEC2CE1}" = ATI Catalyst Install Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0F02CE0-491C-11D4-A44A-0000E86D2305}" = Ulead PhotoImpact 6
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DD64C3B5-BE43-4496-9D26-5C4B2E0E104C}" = Langmeier Software Dreieck-1x1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E31B2CB2-1CE3-EEC9-4FC7-48145D6AD674}" = Catalyst Control Center Core Implementation
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{ECE9F52E-4A25-4265-8459-85DF6A6FEB52}" = SMART German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F41D5B74-E0AC-4D36-9BC4-86A02994AA83}" = 10*000 Aufgaben Mathematik
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FBC386FF-3249-4C37-B87F-51A23E46AEFD}" = TSDoctor
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.15
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Blitzrechnen" = Blitzrechnen
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dropbox Shell Tools" = Dropbox Shell Tools 0.2
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.6.0.2
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.70
"Foxit Reader_is1" = Foxit Reader
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"HaaliMkx" = Haali Media Splitter
"Hdd Speed Test Tool_is1" = Hdd Speed Test Tool v. 1.0.14 (RC 1)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ifolor-Designer" = ifolor Designer
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Marktkauf Fotowelt" = Marktkauf Fotowelt
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 13.0 (x86 de)" = Mozilla Thunderbird 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Oregon Scientific SmartGlobe(TM) Deluxe_is1" = SmartGlobe(TM) Deluxe V3.13
"Pixum Fotobuch" = Pixum Fotobuch
"Poker im Wilden Westen" = Poker im Wilden Westen
"Ressource 3000" = Ressource 3000
"Revo Uninstaller" = Revo Uninstaller 1.94
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"S2TNG" = Die Siedler II - Die nächste Generation
"Shop for HP Supplies" = Shop for HP Supplies
"SmartToolsKalender-Assistentv6.00" = SmartTools Publishing • Word Kalender-Assistent
"TeamViewer 8" = TeamViewer 8
"The Maxifier" = The Maxifier
"VLC media player" = VLC media player 2.0.4
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fbaaf7d101824206" = RoboGUI
"Move Media Player" = Move Media Player
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Opera 12.02.1578" = Opera 12.02
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.04.2013 13:20:13 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version:
 6.1.7601.17514, Zeitstempel: 0x4ce7b86d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003d679
ID
 des fehlerhaften Prozesses: 0xc50  Startzeit der fehlerhaften Anwendung: 0x01ce44fd948e23c5
Pfad
 der fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\EXPLORERFRAME.dll  Berichtskennung: 0cccba3e-b0f1-11e2-b6ac-90e6ba8c80d1
 
Error - 29.04.2013 13:27:47 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 1041
Description = 
 
Error - 29.04.2013 13:30:16 | Computer Name = MultimediaPC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 29.04.2013 13:59:27 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
 Zeitstempel: 0x516bc0a9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052cc7  ID des fehlerhaften
 Prozesses: 0xef8  Startzeit der fehlerhaften Anwendung: 0x01ce450342d1f8a0  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 880dc23d-b0f6-11e2-936f-90e6ba8c80d1
 
Error - 29.04.2013 14:06:27 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
 Zeitstempel: 0x516bc0a9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052cc7  ID des fehlerhaften
 Prozesses: 0x1880  Startzeit der fehlerhaften Anwendung: 0x01ce450442f3015f  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 825589ea-b0f7-11e2-936f-90e6ba8c80d1
 
Error - 29.04.2013 18:31:37 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\SMART Technologies\Support\dpinst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.04.2013 18:32:27 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\aldi
 nord bestellsoftware\install_flash_player.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.04.2013 18:34:01 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll".
 Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll"
 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 29.04.2013 18:35:21 | Computer Name = MultimediaPC | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\smarttools\word
 kalender-assistent\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\smarttools\word kalender-assistent\adxloader.dll.Manifest" in
 Zeile 2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 30.04.2013 01:14:53 | Computer Name = MultimediaPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FOXITR~1.EXE, Version: 6.0.2.413,
 Zeitstempel: 0x516bc0a9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00052cc7  ID des fehlerhaften
 Prozesses: 0x14c4  Startzeit der fehlerhaften Anwendung: 0x01ce4561a3926874  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: e3542791-b154-11e2-ab61-90e6ba8c80d1
 
[ System Events ]
Error - 29.04.2013 13:19:42 | Computer Name = MultimediaPC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.04.2013 14:06:56 | Computer Name = MultimediaPC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 29.04.2013 21:21:00 | Computer Name = MultimediaPC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 30.04.2013 01:20:09 | Computer Name = MultimediaPC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 30.04.2013 13:23:01 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robert\Desktop\Trojanerboard
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 72,20% Memory free
5,87 Gb Paging File | 4,55 Gb Available in Paging File | 77,54% Paging File free
Paging file location(s): d:\pagefile.sys 2686 2686 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,02 Gb Total Space | 2,75 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 341,80 Gb Total Space | 9,07 Gb Free Space | 2,65% Space Free | Partition Type: NTFS
Drive E: | 45,84 Gb Total Space | 20,60 Gb Free Space | 44,93% Space Free | Partition Type: NTFS
Drive G: | 98,12 Gb Total Space | 98,02 Gb Free Space | 99,90% Space Free | Partition Type: NTFS
Drive H: | 134,76 Gb Total Space | 3,50 Gb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive I: | 3,59 Gb Total Space | 3,59 Gb Free Space | 99,83% Space Free | Partition Type: FAT32
 
Computer Name: MULTIMEDIAPC | User Name: remote | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Robert\Desktop\Trojanerboard\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Kinder\AppData\Roaming\Dropbox\bin\dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Programme\The Maxifier\The Maxifier.exe ()
PRC - C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
PRC - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ()
PRC - C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\program\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Acronis\TrueImageHome\tishell.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\resource.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Programme\Acronis\TrueImageHome\Common\thread_pool.dll ()
MOD - C:\Programme\The Maxifier\The Maxifier.exe ()
MOD - C:\Programme\[verify-U] AVS\[verify-U]_Software.dll ()
MOD - C:\Programme\[verify-U] AVS\[verify-U]-Software.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FlexNet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (Flexera Software LLC)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - ([verify-U]) -- C:\Programme\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Programme\ABBYY FineReader 9.0\NetworkLicenseServer.exe (ABBYY (BIT Software))
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\remote\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (camvid20) -- C:\Windows\System32\drivers\camdrv21.sys (Philips Components BU Imaging Solutions)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (TTUSB2BDA) -- C:\Windows\System32\drivers\ttusb2bda.sys (TechnoTrend Goerler GmbH)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - ([verify-U]_System) -- C:\Windows\System32\drivers\[verify-U]-driver.sys (Cybits AG)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (SNL320XP) -- C:\Windows\System32\drivers\9kdUSBXP.sys (Sonix Technology Co., Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/firefox
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 F0 37 37 7D 97 CA 01  [binary data]
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{A9EE43D8-5797-4B37-BB80-7C27E41CFAE6}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\SearchScopes\{FD0AB065-284F-4E0F-99F3-6917141DC82D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 AB 7C F4 F9 85 CC 01  [binary data]
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\..\SearchScopes\{910671B7-1BFD-4224-907C-666D9CA64B5F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.12 22:46:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.11 08:40:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.13 15:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.20 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions
[2011.08.19 14:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.26 18:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\Firefox\Profiles\d9z8nnd6.default\extensions
[2013.03.31 20:22:48 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\remote\AppData\Roaming\mozilla\firefox\profiles\d9z8nnd6.default\extensions\extension@preispilot.com.xpi
[2012.12.12 22:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.29 10:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.29 07:30:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun File not found
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1000..\Run: [The Maxifier] C:\Program Files\The Maxifier\The Maxifier.exe ()
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1002..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Users\Robert\Desktop\Trojanerboard\mbar-1.05.0.1001\mbar\Data\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-466582789-729382525-3970006670-1001..\RunOnce: [Report] \AdwCleaner[S3].txt File not found
O4 - Startup: C:\Users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dropbox2.bat ()
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk =  File not found
O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-466582789-729382525-3970006670-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1349814738270 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AE8D744-F9C0-4196-9406-7FA6A6CA07F1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.30 03:02:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.30 03:02:47 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.30 03:02:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.30 03:02:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.30 03:02:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.30 03:02:47 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.30 03:02:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.30 03:02:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.30 03:02:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.30 03:02:47 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.30 03:02:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.30 03:02:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.30 03:02:47 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.30 03:02:46 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.30 03:02:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.30 03:02:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.30 03:02:46 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.30 03:02:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.30 03:02:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.30 03:02:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.30 03:02:46 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.30 03:02:46 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.30 03:02:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.30 03:02:46 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.30 03:02:46 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.30 03:02:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.30 03:02:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.30 03:02:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.30 03:02:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.30 03:02:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.30 03:02:46 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.30 03:02:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.30 03:02:46 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.30 03:02:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.30 03:02:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.30 03:02:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.29 19:16:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.29 19:16:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.29 07:31:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.29 07:31:26 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\temp
[2013.04.29 07:16:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.29 07:16:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.29 07:16:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.29 07:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.29 07:16:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.26 17:58:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013.04.26 17:58:50 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013.04.26 17:58:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013.04.26 17:58:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.04.26 17:58:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013.04.26 17:58:45 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.04.26 17:58:45 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013.04.26 17:58:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.26 17:58:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013.04.26 17:58:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013.04.26 17:58:45 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013.04.26 17:58:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013.04.26 17:58:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.26 17:58:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013.04.26 17:58:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013.04.23 20:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013.04.23 20:46:30 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\player
[2013.04.23 20:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.04.20 08:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.04.18 07:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover
[2013.04.17 20:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TeamDrive3
[2013.04.17 07:23:59 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.04.15 08:31:28 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.15 08:31:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.10 01:51:37 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 01:51:33 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 01:51:33 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 01:51:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.09 18:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
[2013.04.09 18:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann Fotowelt Software
[2013.04.05 19:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI NORD Bestellsoftware
[2013.04.05 17:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marktkauf Fotowelt
[2013.04.05 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Marktkauf
[2013.04.05 17:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch
[2013.04.05 17:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pixum
[2013.04.05 11:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LAT 2.0 Deutsch
[2013.04.05 11:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\SMART Technologies Inc
[2013.04.05 11:35:51 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Local\SMART Technologies Inc
[2013.04.05 11:34:53 | 000,033,680 | ---- | C] (SMART Technologies ULC) -- C:\Windows\System32\smrtlocalmon.dll
[2013.04.05 11:34:53 | 000,023,848 | ---- | C] (SMART Technologies Inc.) -- C:\Windows\System32\smrtlocalui.dll
[2013.04.05 11:34:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Technologies
[2013.04.05 11:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2013.04.05 11:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SMART Technologies
[2013.04.05 11:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART Technologies
[2013.04.05 11:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies
[2013.04.05 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013.04.05 11:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013.03.31 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\remote\restore
[2013.03.31 20:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2013.03.31 20:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2013.03.31 20:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\CEWE COLOR
[2013.03.31 17:52:54 | 000,000,000 | ---D | C] -- C:\Users\remote\AppData\Roaming\PictureMover
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.30 13:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.30 07:21:29 | 000,657,660 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.30 07:21:29 | 000,618,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.30 07:21:29 | 000,131,032 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.30 07:21:29 | 000,107,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.30 03:28:39 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 03:28:39 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 03:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.30 03:22:02 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.30 03:02:47 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.30 03:02:47 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.30 03:02:47 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.30 03:02:47 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.30 03:02:47 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.30 03:02:47 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.30 03:02:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.30 03:02:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.30 03:02:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.30 03:02:47 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.30 03:02:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.30 03:02:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.30 03:02:47 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.30 03:02:46 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.30 03:02:46 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.30 03:02:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.30 03:02:46 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.30 03:02:46 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.30 03:02:46 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.30 03:02:46 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.30 03:02:46 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.30 03:02:46 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.30 03:02:46 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.30 03:02:46 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.30 03:02:46 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.30 03:02:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.30 03:02:46 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.30 03:02:46 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.30 03:02:46 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.30 03:02:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.30 03:02:46 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.30 03:02:46 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.30 03:02:46 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.30 03:02:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.30 03:02:46 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.30 03:02:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.30 03:02:46 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.29 07:30:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.27 10:47:47 | 000,000,000 | ---- | M] () -- C:\Users\remote\defogger_reenable
[2013.04.26 18:28:31 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.23 20:51:54 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.23 20:51:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.23 20:46:31 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.04.20 09:04:38 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.17 08:38:49 | 000,001,642 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083846.reg
[2013.04.17 08:37:55 | 000,111,818 | ---- | M] () -- C:\Users\remote\Documents\cc_20130417_083751.reg
[2013.04.17 08:29:23 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.17 07:23:59 | 000,001,228 | ---- | M] () -- C:\Users\remote\Desktop\Revo Uninstaller.lnk
[2013.04.15 16:17:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.04.15 16:17:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.04.15 16:17:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.04.15 08:31:03 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.15 08:31:02 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.04.15 08:31:02 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.04.15 08:31:02 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.15 08:31:02 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.10 03:23:19 | 000,543,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.09 18:14:31 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2013.04.05 11:34:25 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.30 03:02:46 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.04.29 07:16:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.29 07:16:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.29 07:16:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.29 07:16:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.29 07:16:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.27 10:47:47 | 000,000,000 | ---- | C] () -- C:\Users\remote\defogger_reenable
[2013.04.26 18:28:16 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.23 20:46:31 | 000,002,587 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.04.20 08:41:43 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013.04.17 08:38:48 | 000,001,642 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083846.reg
[2013.04.17 08:37:52 | 000,111,818 | ---- | C] () -- C:\Users\remote\Documents\cc_20130417_083751.reg
[2013.04.09 18:14:31 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2013.04.05 11:34:25 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
[2013.01.02 13:26:06 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.11.11 18:01:57 | 000,293,712 | ---- | C] () -- C:\Windows\System32\Tbsql03.dll
[2012.11.11 18:01:57 | 000,246,368 | ---- | C] () -- C:\Windows\System32\Tbqry03.dll
[2012.11.11 18:01:57 | 000,145,696 | ---- | C] () -- C:\Windows\System32\Tblib.dll
[2012.11.11 18:01:57 | 000,090,688 | ---- | C] () -- C:\Windows\System32\Tbutl03.dll
[2012.11.11 18:01:57 | 000,014,512 | ---- | C] () -- C:\Windows\System32\Tbgui03.dll
[2012.11.11 18:01:57 | 000,005,488 | ---- | C] () -- C:\Windows\System32\Tbmds03.dll
[2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html
[2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012.01.03 23:59:17 | 000,023,700 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2011.11.13 18:40:29 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp
[2011.07.02 01:43:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.26 21:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.03.14 19:30:56 | 000,000,680 | RHS- | C] () -- C:\Users\remote\ntuser.pol
[2010.04.13 19:38:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Alt 30.04.2013, 15:45   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Standard

Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)
adressleiste, adware/yontoo.gen, chats, chrome, e-mail, eingabe, eingaben, fehlende, fehlende zeichen, google, google chrome, immer wieder, interne, internet, normalem, onlinespiele, problem, problemlos, programme, programmen, suchfeld, tr/rogue.953309, tr/rogue.kdv.899494, zeichen



Ähnliche Themen: Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)


  1. Firefox + Chrome stürzen ab bei div.Google-Diensten
    Log-Analyse und Auswertung - 03.08.2015 (17)
  2. Sicherheitslücke in Millionen Android-Geräten: Google empfiehlt Chrome oder Firefox als Abhilfe
    Nachrichten - 26.01.2015 (0)
  3. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  4. OS X Yosemite protokolliert Eingaben in Firefox und Thunderbird
    Nachrichten - 05.12.2014 (0)
  5. Google + FB öffnen nicht über Firefox. Neuer Tab Meldung chrome://quick_start/content/index.html
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (9)
  6. mystartsearch Browserstartseite bei Google Chrome, Mozilla Firefox und Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 05.10.2014 (15)
  7. Google Chrome und Firefox funktionieren nach Anwendung von Malwarebytes nicht mehr
    Log-Analyse und Auswertung - 03.09.2014 (12)
  8. Firefox-Eingaben mit Verzögerung wiedergegeben (Firefox-US 28.0)
    Log-Analyse und Auswertung - 27.05.2014 (13)
  9. Win 7: Google Chrome/Mozilla firefox lässt vermehrt Werbung auf Webseiten zu & Google Suchergebnisse scheinen manipuliert zu sein
    Log-Analyse und Auswertung - 29.04.2014 (8)
  10. Ständige Popups in Chrome sowie Firefox, langsames Internet, Avast findet keine Fehler
    Log-Analyse und Auswertung - 24.03.2014 (21)
  11. Nach versehentlichem Download öffnen sich im IE Firefox und Google Chrome Nation Zoom Seiten
    Plagegeister aller Art und deren Bekämpfung - 09.01.2014 (5)
  12. Doppelunterstreichungen bei Firefox und Google Chrome
    Log-Analyse und Auswertung - 15.12.2013 (7)
  13. Windows 7 - Flashwerbung u. Popups in Firefox sowie google Chrome
    Log-Analyse und Auswertung - 18.10.2013 (18)
  14. Windows 7 x64 - Werbung über dem gesamten Browserfenster bei Google Chrome/Firefox
    Log-Analyse und Auswertung - 21.09.2013 (5)
  15. Programme und Spiele crashen direkt nach Start.- Google chrome lädt keine Internet Seiten.
    Alles rund um Windows - 10.03.2013 (0)
  16. delta-search Startseite in Google Chrome und Firefox
    Log-Analyse und Auswertung - 26.02.2013 (4)
  17. Alle Web-Browser funktionieren nicht mehr (Internet Explorer, Google Chrome etc.) auser Firefox
    Plagegeister aller Art und deren Bekämpfung - 07.11.2010 (1)

Zum Thema Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) - Seit einiger Zeit kann ich keine richtigen Eingaben im Internet mehr machen. Es werden bei normalem Schreiben immer wieder Zeichen ausgelassen. Das Problem tritt bei Chats auf, bei Onlinespielen (Siedleronline), - Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome)...
Archiv
Du betrachtest: Fehlende Zeichen bei Eingaben im Internet (Firefox; Google Chrome) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.