Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Googlelinks/Links werden umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.05.2013, 10:04   #1
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Hallo,

Habe ein Probleme mit Googletreffern bzw. allgemein Links.

Mein Problem:
Ich Suche etwas über die normale Googlesuche und es erscheinen Treffer. Darüber die normal Google Adworksanzeigen. Nur sind oftmals einige Anzeigen etwas dubios: Sie haben als erstes einen blinkenden roten Schriftzug: "Click Free" (Was mir als keine Funktion von Google Adworks erscheint), ein Klick auf die Anzeige bringt meist kurz ein weißes Fenster worin oben rechts irgendetwas von "The document has moved, redirecting...", auch werden zum Teil auch normale Suchergebnisse oder Links (wie hier im Forum) umgeleitet.

Ich schätze mal ich habe mir Malware oder so etwas in der Art eingefangen.
Habe schon etwas gegoogelt und auch andere Posts dazu gefunden, worin das gleiche Problem beschrieben war. Nur da ich nicht allzuviel Ahnung von den Logfileprogrammen etc. habe und auch die meisten Dinge speziell für den jeweiligen Nutzer angepasst wurden wollte ich hier nocheinmal nachfragen, wie ich am besten vorgehe oder wie ich der Malware zu Leibe rücken kann.

Gestern habe ich schon einen kompletten Systemscan mit Kaserpsky durchgeführt, doch auch dies brachte keine Ergebnisse.

Mein System:
Win7 64Bit
Intel Core i7 2600K
8Gb Ram
Kaspersky Internet Security 2013


Gruss Philipp

Meine Logs:

defogger_disable.txt
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:25 on 25/05/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL.txt

Code:
ATTFilter
OTL logfile created on: 5/25/2013 11:28:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 79.03% Memory free
15.95 Gb Paging File | 14.21 Gb Available in Paging File | 89.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 644.20 Gb Free Space | 35.17% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 11.93 Gb Free Space | 39.76% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.21 Mb Free Space | 71.21% Space Free | Partition Type: NTFS
 
Computer Name: PC-PHILIPP-PÜTZ | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/25 11:27:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/06 12:30:16 | 008,219,400 | ---- | M] (AceBIT GmbH) -- C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/03/11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/03/11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/10 16:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/11/17 18:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/05 08:47:36 | 000,023,728 | ---- | M] () [Auto | Running] -- c:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe -- (ocster_1clk_backup)
SRV:64bit: - [2012/04/26 11:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2010/10/28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/05/23 18:26:30 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/18 21:00:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/04 21:53:46 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/12/29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/12 15:30:42 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2011/03/11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/03/11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/20 12:44:32 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013/05/20 12:44:32 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2013/04/24 11:58:35 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/04/24 11:58:35 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/04/24 11:58:35 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/02/25 20:02:50 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2012/12/26 16:46:26 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/11/09 16:33:30 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/11/09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012/11/09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/11/09 16:33:30 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012/11/09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/11/09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/10/25 13:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/25 13:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/10/17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/10/08 20:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/11/17 11:38:32 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011/11/14 08:11:10 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011/11/14 08:11:10 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011/11/14 08:11:10 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011/09/22 22:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/12 15:30:42 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/29 17:46:48 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/03/11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010/09/01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/05/20 12:30:24 | 000,030,800 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\OODrvled.sys -- (oodrvled)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/12 15:28:52 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=fa252e1200000000000000ff47ed28cd
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {353E8332-C635-4408-B21A-8D11376775F3}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=fa252e1200000000000000ff47ed28cd
IE - HKCU\..\SearchScopes\{353E8332-C635-4408-B21A-8D11376775F3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_de
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{961737C4-F3E3-4849-B7EA-4A64EE3B9FCF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang=de&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledAddons: AppTabNavBGone%40FireFox:1.0
FF - prefs.js..extensions.enabledAddons: savesession%40noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B8A6C82A1-F6C9-481a-AAE7-C96444C9A754%7D:6.2.0
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.5
FF - prefs.js..extensions.enabledAddons: SoundFrost%40helper.com:3.7.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "212.88.157.205 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox6\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files (x86)\AceBIT\Password Depot 6\Firefox\ [2012/09/21 17:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox6\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox6\plugins [2013/05/23 18:26:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/29 20:44:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SoundFrost@helper.com: C:\Program Files (x86)\SoundFrost\SoundFrost.xpi [2013/05/20 11:21:23 | 000,038,116 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox6\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox6\plugins [2013/05/23 18:26:28 | 000,000,000 | ---D | M]
 
[2011/04/29 18:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013/02/09 16:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions
[2012/04/02 11:06:18 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions\clickclean@hotcleaner.com
[2012/12/14 17:06:42 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions\ffxtlbr@babylon.com
[2013/05/23 21:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions
[2012/10/08 18:52:02 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/11/30 20:55:24 | 000,000,000 | ---D | M] (PrefBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754}
[2012/12/14 17:06:42 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\ffxtlbr@babylon.com
[2013/02/09 16:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkg3fotr.FF6\extensions
[2012/12/14 17:06:42 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkg3fotr.FF6\extensions\ffxtlbr@babylon.com
[2012/03/30 13:05:12 | 000,035,695 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\facebook@disconnect.me.xpi
[2012/05/09 18:21:22 | 000,272,844 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012/03/30 13:05:12 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\longurlplease@darragh.curran.xpi
[2012/05/09 19:12:45 | 000,181,880 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\stealthyextension@gmail.com.xpi
[2012/03/30 13:05:12 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\trackerblock@privacychoice.org.xpi
[2012/06/03 17:54:23 | 000,524,866 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/03/30 13:05:12 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/04 15:04:18 | 000,010,219 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\AppTabNavBGone@FireFox.xpi
[2011/11/06 19:01:39 | 000,011,238 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\autohidetabbar@tiptt.blogspot.com.xpi
[2013/04/20 19:10:50 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\compatibility@addons.mozilla.org.xpi
[2012/07/06 17:51:31 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/01/08 22:06:42 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\isreaditlater@ideashower.com.xpi
[2011/04/29 18:52:04 | 000,013,039 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\savesession@noasobi.net.xpi
[2012/09/12 18:45:53 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\testpilot@labs.mozilla.com.xpi
[2011/09/12 18:18:09 | 000,972,420 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{3cd27e92-1a30-11da-94c6-00e08161165f}.xpi
[2013/05/02 18:01:40 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2013/05/05 18:17:49 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/17 21:30:17 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/12/11 20:44:51 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/08 19:59:31 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/23 18:29:46 | 000,395,933 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2011/10/29 20:48:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/05/23 21:07:33 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011/08/15 14:52:17 | 000,588,498 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkg3fotr.FF6\extensions\testpilot@labs.mozilla.com.xpi
[2012/12/14 17:06:43 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\searchplugins\babylon1.xml
[2013/02/09 16:40:22 | 000,001,300 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\searchplugins\claro.xml
[2011/09/18 20:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/20 11:21:23 | 000,038,116 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\SOUNDFROST\SOUNDFROST.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{8A6C82A1-F6C9-481A-AAE7-C96444C9A754}
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\APPTABNAVBGONE@FIREFOX.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\SAVESESSION@NOASOBI.NET.XPI
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=fa252e1200000000000000ff47ed28cd
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: J3S cbasscfg Plugin (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\User Data\Default\Extensions\godhaonflehefmbmgmlpenkpagcplgoa\1.0.26_0\cbasscfg.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npwachk.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Voice Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.1.1_0\
CHR - Extension: Password Depot Browser Extension for Google Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkcgcjpeajeajpcpbdbgbknfaijnpdc\6.1.6_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: SoundFrost = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikglikieapkdofgcaifhkgmkclbamcm\3.7.0_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2012/09/21 17:13:12 | 000,000,825 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn64.dll (AceBIT)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SoundFrost) - {081524f7-7ed8-43ff-b01e-915c410a9cbe} - C:\PROGRA~2\SOUNDF~1\SOUNDF~1.DLL (SoundFrost Company)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Password Depot] C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3670E1BA-272C-4AD6-9B24-F5090D9A727D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D49D72A-73C8-416F-AC56-5057BACB0B4C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E3C0950-82AC-4CA4-BA5C-5553F4EADEF1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBCBA93C-83CE-4B24-8FCB-CC70CDAD0B93}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/14 17:51:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05e8ea0b-7e29-11e0-af12-1078d2eb1e44}\Shell - "" = AutoRun
O33 - MountPoints2\{05e8ea0b-7e29-11e0-af12-1078d2eb1e44}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{6a77913d-a27c-11e0-9d4d-1078d2eb1e44}\Shell - "" = AutoRun
O33 - MountPoints2\{6a77913d-a27c-11e0-9d4d-1078d2eb1e44}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{c55c6e51-7275-11e0-ad08-1078d2eb1e44}\Shell - "" = AutoRun
O33 - MountPoints2\{c55c6e51-7275-11e0-ad08-1078d2eb1e44}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e919b4df-3d1c-11e1-a765-1078d2eb1e44}\Shell - "" = AutoRun
O33 - MountPoints2\{e919b4df-3d1c-11e1-a765-1078d2eb1e44}\Shell\AutoRun\command - "" = Z:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/25 11:27:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013/05/24 14:07:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/23 18:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox6
[2013/05/20 12:44:32 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2013/05/20 12:44:32 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2013/05/20 12:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2013/05/20 12:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2013/05/20 12:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/05/20 12:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/05/20 12:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013/05/20 11:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundFrost
[2013/05/20 11:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundFrost
[2013/05/19 13:36:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0BF64BBD-B97F-44D1-8462-1601E5CF4927}
[2013/05/18 21:48:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D0A5BD75-6024-4A3B-96DC-EBFF85F5EFB9}
[2013/05/17 21:21:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kursfahrt London 2013
[2013/05/11 12:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ocster 1-Click Backup
[2013/05/02 19:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NSS
[2013/05/02 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NSS
[2013/05/01 11:27:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Religion
[2013/04/28 10:43:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Leawo
[2013/04/28 10:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013/04/28 10:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013/04/28 10:42:38 | 000,606,208 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2013/04/28 10:42:38 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2013/04/28 10:42:38 | 000,139,264 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013/04/28 10:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2011/05/19 00:56:23 | 000,266,240 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\vbalTreeView6.ocx
[2011/05/19 00:56:23 | 000,122,880 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\cPopMenu6.ocx
[2011/05/19 00:56:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\SSubTmr6.dll
[2011/05/18 23:56:23 | 000,266,240 | ---- | C] (vbAccelerator) -- C:\Program Files\vbalTreeView6.ocx
[2011/05/18 23:56:23 | 000,122,880 | ---- | C] (vbAccelerator) -- C:\Program Files\cPopMenu6.ocx
[2011/05/18 23:56:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Program Files\SSubTmr6.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/25 11:27:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013/05/25 11:25:54 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013/05/25 11:25:25 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013/05/25 11:22:01 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749649401-1888572752-1075402513-1000UA.job
[2013/05/25 10:42:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/25 10:38:34 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 10:38:34 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 10:34:50 | 001,800,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/25 10:34:50 | 000,763,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/25 10:34:50 | 000,718,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/25 10:34:50 | 000,173,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/25 10:34:50 | 000,146,344 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/25 10:27:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/25 10:27:15 | 2128,744,447 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/24 22:20:23 | 000,010,644 | ---- | M] () -- C:\Windows\SysNative\log.xml
[2013/05/24 22:20:23 | 000,000,008 | ---- | M] () -- C:\Windows\SysNative\log-suffix.xml
[2013/05/24 18:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749649401-1888572752-1075402513-1000Core.job
[2013/05/24 14:53:18 | 075,187,200 | ---- | M] () -- C:\Users\***\backup.pst
[2013/05/21 18:24:34 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2013/05/20 12:49:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/05/20 12:49:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/05/20 12:44:32 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2013/05/20 12:44:32 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2013/05/20 11:21:24 | 000,000,306 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2013/05/18 20:55:53 | 000,356,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/17 21:16:40 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/17 21:16:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/11 12:00:35 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Ocster 1-Click Backup.lnk
[2013/05/02 19:38:04 | 000,000,070 | ---- | M] () -- C:\Windows\SysWow64\NSS.ini
[2013/05/01 18:46:07 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/25 11:25:54 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013/05/25 11:25:25 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013/05/20 12:49:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/05/20 12:49:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/05/20 11:21:24 | 000,000,306 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2013/05/11 12:00:35 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Ocster 1-Click Backup.lnk
[2013/05/02 19:19:05 | 000,000,070 | ---- | C] () -- C:\Windows\SysWow64\NSS.ini
[2013/04/02 16:03:17 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\CIUtils.dll
[2013/02/02 13:50:47 | 000,000,625 | ---- | C] () -- C:\Users\***\jshrink.ini
[2013/01/21 19:21:30 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini
[2012/12/14 17:06:36 | 000,000,364 | ---- | C] () -- C:\Windows\wininit.ini
[2012/12/14 17:05:46 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/12/14 16:39:05 | 000,000,050 | ---- | C] () -- C:\Users\***\.j2e
[2012/12/11 15:49:57 | 000,000,851 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012/12/10 18:39:30 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/12/05 18:47:18 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012/10/17 19:39:04 | 000,000,155 | ---- | C] () -- C:\Users\***\.appletviewer
[2012/09/28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/21 17:06:44 | 000,003,072 | ---- | C] () -- C:\Users\***\AppData\Local\file__0.localstorage
[2012/05/13 17:32:28 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012/03/22 16:52:45 | 000,000,725 | ---- | C] () -- C:\Users\***\*** - Verknüpfung.lnk
[2012/03/02 20:51:48 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
[2012/03/02 20:51:48 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
[2012/03/02 20:51:48 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
[2012/03/02 20:51:48 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
[2011/12/11 13:52:54 | 000,000,007 | ---- | C] () -- C:\Program Files\amsd20.dat
[2011/11/07 19:12:43 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011/09/01 17:42:19 | 000,000,849 | ---- | C] () -- C:\Users\***\SciTE.session
[2011/08/30 17:12:14 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011/08/29 17:08:59 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011/07/16 20:44:10 | 001,777,024 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/06 14:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011/06/29 20:36:37 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/06/29 20:36:37 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/06/29 20:36:37 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/06/29 20:25:52 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/06/29 20:22:55 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/06/29 20:22:55 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011/06/29 20:22:55 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011/05/13 21:18:55 | 000,000,077 | ---- | C] () -- C:\Users\***\Lizenz.omegakey
[2011/04/30 20:26:37 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011/04/30 20:06:22 | 000,000,936 | ---- | C] () -- C:\Users\***\Konten speicherung.OPS - Verknüpfung.lnk
[2011/04/30 18:39:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/30 17:19:20 | 075,187,200 | ---- | C] () -- C:\Users\***\backup.pst
[2011/04/05 18:38:08 | 002,595,740 | ---- | C] () -- C:\Users\***\Powerpoint.zip
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/26 20:27:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012/11/09 21:22:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7-PDFSplitMerge
[2012/09/21 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT
[2012/12/31 19:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AllDup
[2011/07/16 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AntiBrowserSpy 2009
[2011/12/12 14:48:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apowersoft
[2013/01/15 15:51:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011/12/27 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012/12/14 17:05:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2011/12/11 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CBL-Electronics
[2011/05/01 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD Mein-Datensafe
[2011/05/22 15:39:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012/02/16 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD-Abzockschutz Premium
[2011/06/29 20:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2011/12/08 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeskSoft
[2012/12/14 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2011/10/28 17:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Digiarty
[2012/04/15 20:20:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Duden
[2012/09/09 18:42:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012/09/09 19:09:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/12/20 12:00:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Easy Macro Recorder
[2013/03/02 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Expert PDF 8
[2013/02/09 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2013/05/22 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012/07/20 15:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\getleft
[2011/04/30 15:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2012/04/23 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012/06/18 18:58:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICSharpCode
[2011/07/17 16:57:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iMaxGen
[2013/02/05 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012/09/06 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JavaEditor
[2011/04/29 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012/08/27 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2013/03/17 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Landscape Filter
[2012/12/08 12:35:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011/07/17 16:59:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meridian93
[2011/11/08 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mintext
[2012/09/09 19:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011/12/05 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeoDownloader
[2013/05/25 11:39:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2012/07/29 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011/06/15 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012/05/06 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2012/06/18 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NuGet
[2012/12/14 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS
[2012/04/15 19:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfficeRecovery
[2013/04/12 19:03:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012/01/27 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012/05/13 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011/08/10 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012/12/19 13:25:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Experte 8
[2012/12/10 18:39:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayClaw4
[2011/04/30 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2011/06/04 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D
[2011/12/15 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand
[2011/06/24 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Informer
[2011/08/07 11:22:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2011/05/30 18:38:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Startpage24
[2011/11/04 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos
[2011/12/08 15:27:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software
[2011/11/25 19:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TagTuner
[2013/02/25 20:04:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tenable
[2012/01/30 22:47:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2013/04/01 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012/12/10 18:57:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011/11/21 14:39:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\URSoft
[2012/04/28 21:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2012/12/03 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012/12/12 12:54:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wondershare
[2012/04/15 19:28:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:EEDA5B17
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:C39AA0B1
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:1CE11B51

< End of report >
         

PS: Hoffe ich diesmal im richtigen Unterforum

Alt 26.05.2013, 10:05   #2
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 5/25/2013 11:28:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 79.03% Memory free
15.95 Gb Paging File | 14.21 Gb Available in Paging File | 89.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 644.20 Gb Free Space | 35.17% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 11.93 Gb Free Space | 39.76% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.21 Mb Free Space | 71.21% Space Free | Partition Type: NTFS
 
Computer Name: PC-PHILIPP-PÜTZ | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox6\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EC242B7-7740-4CF3-A44C-BF72BCEC32B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{26773EF3-C370-4495-A37C-E6C2E830ACDA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{29F6066E-C024-4FC2-9E23-15D7E8985AA8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2FC24E4A-0359-4885-9533-60FFC7E27E2D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3382823D-91A7-4393-98F0-D74AC334685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4DA0E719-4129-43A7-B32B-4B6686ADDA43}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4ECD0259-CB93-496B-A7F4-68E0AAB405FA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5EB9AE0B-A7C9-47AB-B0BD-00AF392D0237}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{83A7B532-4A8C-4918-B91B-56FFB8586E94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8702BF23-6F0B-4930-85FE-4FC58D284AB2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{944AA216-838A-4BF1-A3F0-4E8C30290F2D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E0F29B58-7E04-4950-9E58-67AB255A7462}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E12EB189-707B-48F9-A632-C4673E1330ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5B515C2-513C-4E32-A978-AEA80FE2243A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FA631D5C-425C-4CBC-9E5D-FC16CD3FCCDA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FEB9D438-4873-4CE0-AACE-DE5E965CCE9A}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0564B75B-5842-4043-9C71-8E098BAE0E4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{097BE084-B5B6-4FA5-AC46-BF77467732CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{0AA10738-3474-43DB-B47C-4B87EA4F5A64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{0B1AB972-C7CB-40A0-8975-2D1824D2CFFC}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{0EBE8A3A-FFE7-44F2-A8DA-585DC519C3C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{1165C4FD-8E45-4C94-81A6-7BFA193B9B51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{16207F27-E370-4AFD-A963-EEA943D13737}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1F2E7803-2D23-4922-AC2C-6791EDFF6AD5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2234AE1F-D7D8-4567-ADBF-2AEB165C1E23}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{236B7F0B-36A8-4C32-9BF3-BE887942D327}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{24AB8C07-6019-4F5D-9A04-FFBCD262922C}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{26F0E69F-E17A-4E10-910D-9BBCC0F80AF3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{2DDF2AB0-AF18-4676-A9E8-549C90114455}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{2F84E31C-382C-4EA6-A8A1-AF8E7F10086A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{30E9EBCF-2DC1-432D-953C-4DA629A8F0BC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{311BE38F-4E1E-4848-9C1F-1DCD78FFC204}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{39870918-90AA-440A-9379-00D6F7154746}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"{3A19C698-467C-45E1-AC81-147F8A71C8DF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{431A1CCA-CB3B-40EB-9506-96691BD19B93}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4410CB5E-6873-45CE-B69F-B9386418C2F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{48663FF4-BDC2-4848-9EE8-EA0631BB0839}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{544CEE52-EB2E-4519-8989-2DA92EF15658}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screen-recording-suite.exe | 
"{57AA9A78-90C4-4723-B07E-86DB5676F8B8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{57AB7550-AD09-4F09-AB53-856D01305AEF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{58AE24A4-1373-47D0-9195-CB755B62684D}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe | 
"{5B266659-AF9D-4B7F-90BA-16641E6EDEDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{5EB42C56-F0F8-49B2-A5A3-6EF95E915398}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{63AD25A3-FC4F-405A-9866-25168E554BF7}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{65E1C9A6-AF2D-4611-A476-1F38ED301BF0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68B7050D-7FFA-497D-9603-E0CD752B6304}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{690E1721-960E-4B51-B53B-5F20DC69DF9B}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"{6CC47515-6775-437E-9486-1515D5210425}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{756A0B6B-B429-4FAB-8019-34994B4D9C97}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{8E494CD3-9FAA-4D73-826D-81F8C6F2E750}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{91F6F2F9-5EBC-48B5-94C3-CB3A00B9C56C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{957A3483-B708-4AFD-85C4-E697F444D064}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{9E34649B-EA9F-40CB-9256-721F704BB450}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A5D02DFB-D2D3-476D-B3BF-42996628F632}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A6F8E3F4-65FB-4322-9092-255D3219BD5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{A6FCA0A4-0C04-41E5-B1D7-925A2FF38EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold\stronghold.exe | 
"{A8DC7C01-AC70-4585-AC7A-0F093B4FF206}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{B18530F5-0954-4468-B853-6FC6C0B124AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B8C2C535-630A-4D70-BC89-53DB07A1D14F}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{B99AC272-D48C-46BE-90A8-80A45640A10C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BADC97D0-1209-4E26-A442-841BAAE8B0F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{BC1F13FA-EFBC-4F3E-9788-F71074E132F0}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{BF695828-EBB4-4E43-91F0-AE13BE61976F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{C08EA48D-1180-4EFF-AB78-C9A2057D4791}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C5AB24B6-575C-41E5-8B24-E45742F6E3E2}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | 
"{C7B0C4CB-47CE-476F-9C59-E67580E735F9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C98163E5-1CD4-4135-AF21-A2BA56F5492F}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{CD956B9C-52A9-4306-B020-DACCED0884FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF00F81C-F632-4B8F-84EC-2335C3CD68A7}" = dir=in | app=c:\program files (x86)\apowersoft\screen recording suite\screenrecordingsuite.exe | 
"{CF942FC2-A6F1-4756-B624-323C621E2257}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{D2DCC387-38DF-44A2-9B20-BF39B97F4A5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{DAD5D94C-A0D8-409B-BD22-8AA8A322C982}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA21E45A-8197-4BB4-A52F-800C3A98C855}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{EC623591-6AB9-4C64-A867-7F41892DD39D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{EEB78103-3B5E-42A4-BFDA-7171CAA1859C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{F210BA7D-81E5-43C8-A683-92DE501CF6F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F2DF1E72-B5A6-4ADA-9598-532104AFFF60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F4455673-3B2F-48D3-AD9C-1C8999C98BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{F8BA434F-3751-4264-BB64-81A691281D5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"TCP Query User{2563D96E-55B2-4B10-A83B-603CDA284D0B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{2B11E09B-61B0-49CA-8D01-B5DCDF9C3328}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{5586C88C-A0E2-4EBC-9636-83A595CC9A6F}C:\users\***\desktop\spiele\steamless counterstrikesource pack\hl2.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\steamless counterstrikesource pack\hl2.exe | 
"TCP Query User{59066BD6-141E-4563-8FE1-358E8AB3AEB9}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{78FA1FA7-EC71-43B5-88CA-096DEC6A90FE}C:\program files (x86)\call of duty\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty\blackops.exe | 
"TCP Query User{9643F29F-1018-4552-98FE-8D91C81C786B}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{A356C1BD-EA7B-42E5-AC77-7665DCD4ECBC}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{B0C278CC-0586-4578-9528-CDCC9652075A}C:\program files (x86)\call of duty\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call of duty\blackopsmp.exe | 
"TCP Query User{CCAADEDE-608C-4AB7-B3E5-923A5C58C5BC}C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"UDP Query User{064CD555-5DDD-472B-9419-B5051B584CB2}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{23E77063-23E2-45DD-AAFF-7E1A1AE20196}C:\users\***\desktop\spiele\steamless counterstrikesource pack\hl2.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\steamless counterstrikesource pack\hl2.exe | 
"UDP Query User{64D46F2A-6433-48F6-8CE7-D1DEEBD885DE}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{8A2A98DF-0A0F-46DC-A244-C114E3A902CA}C:\program files (x86)\call of duty\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty\blackopsmp.exe | 
"UDP Query User{A6CA4B57-9F14-49D9-90D0-310E0DD5F6FD}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{AC1D20DF-797A-4904-A2C4-96D3F3EAFE71}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{C36836FA-5098-4C52-946F-020E33097DBA}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{C3FCF6ED-9AFE-4882-91B4-26484077B6E5}C:\program files (x86)\call of duty\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call of duty\blackops.exe | 
"UDP Query User{CCCE249E-744C-4799-8AED-E4E152A35230}C:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C37EA24C-8D95-468E-93B8-9724A84F4A64}" = O&O DriveLED Professional
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB61F989-7664-4E18-97C8-0AC4C5DD9FFC}" = e-mix 5.6.4 Basic Edition
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"GIMP-2_is1" = GIMP 2.8.4
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Ocster 1-Click Backup" = Ocster 1-Click Backup
"Shop for HP Supplies" = Shop for HP Supplies
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.27
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 3.4.3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{02B0E0F2-1596-4EE3-8758-81B8A777C8FB}" = Nero Kwik Media Computerbild
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09E8352D-CAD2-4DF0-AF95-0783C873D142}" = Microsoft SQL Server 2008 Database Engine Services
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0AFCF5C4-D09B-4BAA-8C4D-1F61CF67BD65}" = mufin player 2.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.0
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DD2DCC6-21AE-4678-8629-1084B17BE077}" = Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch)
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F1D1572-9311-4590-A8A6-425224984E54}" = Steganos Privacy Suite 12
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{113EBE84-73FA-4C44-8C4D-CAAA3AEE960C}" = COMPUTERBILD Datei-Reparierer
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{143B33B7-458A-452A-8939-8B165B4B5067}" = Microsoft SQL Server 2008 Management Studio
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{224A804F-ABB4-4938-96EA-EC65BB699933}" = OfficeRecovery 2010 Essential 10.0.38278.1
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.3
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{32A9C5B3-D166-4C6D-A11E-A54473150000}" = Java 3D 1.5.2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C894249-6B6B-4AE5-9023-A2E7B738AA49}_is1" = PictureLoKiT version 1.0
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{42087B24-ECD8-41d2-8053-E6EB99E5083F}_is1" = Aiseesoft Total Media Konverter 6.2.18
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45460F07-0CB5-4E9C-A2DD-693ADB690E69}" = Microsoft SQL Server 2008 Database Engine Services
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4BC051E5-5521-4F01-0001-6DCA22CA4A7F}" = Cinema HD 2.0
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD App-Center
"{5D5CB188-F9B1-4103-B2AD-07FB33068377}_is1" = Leawo PowerPoint to Video Pro version 2.6.0.68
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 11.21, 2012.11.06
"{6669784C-0C28-415D-A688-6BEDECBF79D8}" = COMPUTERBILD Datei-Reparierer
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{695E67B6-8B95-4160-9650-92974980CDC1}" = Microsoft SQL Server 2008 Policies
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{762F617E-9E86-4064-AFF1-4275F04D066C}" = aXmag -- Digital Magazine Creator
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88EDDC73-6EB3-4FC6-AD52-71C8F34B86ED}" = Magic Landscape Filter
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90599D63-1879-4B90-BE4F-051CE70FA576}_is1" = Wondershare PDF to Word (Build 4.0.1)
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B5D7FA6-9E73-426E-81C4-2C8FE5ACFBEF}" = Duden Korrektor Standard
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{a490602e-9350-4104-aa16-b31a31544121}" = Nero 9
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a72ce741-1f32-4d79-bffb-a714375c678d}_is1" = Bigasoft Total Video Converter 3.5.18.4353
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2C85224-88C1-4ED2-8ECC-EF7362D9F63B}" = Movie Templates - Pack 1
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6916E4B-FD07-47E7-B906-B3F734F08E29}" = C4100
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BAEBE7F0-BB3E-4228-BFE0-8FF70BB9B837}" = Menu Templates - Pack 1
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDD0BC3E-4992-4962-8372-2D700425F42D}" = Menu Templates - Pack 2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A85247-63B6-4F20-910E-58377D1B7430}_is1" = Picture Resizer 2.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6BAD6AB-D3D9-46ad-B2C4-5A969006CE48}_is1" = Aiseesoft DVD Ripper 6.2.26
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DF94566F-BDEC-4529-9532-7FBBEDA38045}" = Menu Templates - Pack 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44C57E8-2E0B-418A-AAC1-043EF2065EB7}" = AcroPano Photo Stitcher, Panorama software
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1" = NeoDownloader 2.8.1 (GiveAwayOfTheDay Version)
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1" = Screen Recording Suite V2.5.0
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAF448F1-4460-440C-9280-07F66A63D6F5}" = Nero Kwik Media
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = PDF Experte 8 Ultimate
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-PDF Split & Merge_is1" = 7-PDF Split & Merge Version 2.0.4 (Build 112)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.3.1
"AllDup_is1" = AllDup 3.3.10
"Ashampoo Undeleter_is1" = Ashampoo Undeleter v.1.10
"Audacity_is1" = Audacity 2.0.2
"AutoItv3" = AutoIt v3.3.6.1
"B969B390-AC77-49F7-B928-C5147A6008C0" = Physion
"Cut Out_is1" = Cut Out 3.0
"Derive5" = Derive 5
"Diagram Designer" = Diagram Designer
"Digital Editions" = Adobe Digital Editions
"Driver Magician_is1" = Driver Magician 3.61
"DS-MP3 Source" = DS-MP3 Source 1.30
"EADM" = EA Download Manager
"Easy Macro Recorder_is1" = Easy Macro Recorder 4.51
"ffs2011_is1" = Franzis Führerschein Trainer 2012
"FileZilla Client" = FileZilla Client 3.6.0.2
"FormatFactory" = FormatFactory 2.60
"Free Download Manager_is1" = Free Download Manager 3.9.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"GameSpy Arcade" = GameSpy Arcade
"Getleft_is1" = Getleft v1.2
"HomeGallery_is1" = HomeGallery 1.5.1
"Ideal DVD Copy_is1" = Ideal DVD Copy V4.1.2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"Kernel For PDF Repair_is1" = Kernel For PDF Repair ver 9.11.01
"Lion_is1" = Lion 3.1.0
"LOLReplay" = LOLReplay
"Longo DVD Copy_is1" = Longo DVD Copy V4.00
"MAGIX_{591B29D8-4A37-4202-9F74-3B43A45EC036}" = MAGIX Foto & Grafik Designer 6 SE
"MAGIX_MSI_mufin_player_2" = mufin player 2.0
"Mail Undelete Recovery Toolbox Free_is1" = Mail Undelete Recovery Toolbox Free 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"Nokia Suite" = Nokia Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.14.1738" = Opera 12.14
"PCSUITE_ADVISOR_PRO_is1" = PCSUITE ADVISOR
"Photo Stamp Remover_is1" = Photo Stamp Remover 4.2
"PlayClaw 4_is1" = PlayClaw 4
"RonyaSoft Poster Designer (Poster Forge)" = RonyaSoft Poster Designer (Poster Forge) 2.01
"Schriftenbibliothek_is1" = Schriftenbibliothek
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Shock 4Way 3D v1.29" = Shock 4Way 3D v1.29
"Software Informer_is1" = Software Informer 1.0 BETA
"SoundFrost_is1" = SoundFrost
"SystemRequirementsLab" = System Requirements Lab
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"The KMPlayer" = The KMPlayer (remove only)
"Treiber-Studio 2011" = Treiber-Studio 2011 7.0.2.111 
"Ulead GIF Animator Lite Edition 1.0" = Ulead GIF Animator Lite Edition 1.0
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite" = Windows Live Essentials
"xampp" = XAMPP 1.7.4
"XMedia Recode" = XMedia Recode 3.0.5.6
"YU2010_is1" = Your Uninstaller! 7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"EncSpot Basic_is1" = EncSpot Basic 2.0
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/21/2012 4:58:42 PM | Computer Name = PC-Philipp-Pütz | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/22/2012 11:39:52 AM | Computer Name = PC-Philipp-Pütz | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/22/2012 12:19:02 PM | Computer Name = PC-Philipp-Pütz | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 
2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 6/22/2012 3:39:28 PM | Computer Name = PC-Philipp-Pütz | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/22/2012 4:11:38 PM | Computer Name = PC-Philipp-Pütz | Source = Application Hang | ID = 1002
Description = Programm Trockenobst.exe, Version 1.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1b28    Startzeit:
 01cd50b32f199c0e    Endzeit: 16    Anwendungspfad: C:\Users\***\Desktop\Trockenobst
 4.0 22.06.2012 ohne Daten 16-23\Trockenobst\Trockenobst\bin\Release\Trockenobst.exe

Berichts-ID:
 7715fcff-bca6-11e1-91fe-1078d2eb1e44  
 
Error - 6/23/2012 11:43:55 AM | Computer Name = PC-Philipp-Pütz | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/23/2012 1:10:43 PM | Computer Name = PC-Philipp-Pütz | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/23/2012 1:48:39 PM | Computer Name = PC-Philipp-Pütz | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 
2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
Error - 6/24/2012 4:44:38 AM | Computer Name = PC-Philipp-Pütz | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/24/2012 5:06:31 AM | Computer Name = PC-Philipp-Pütz | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 
2.  Das Stammelement der Manifestdatei muss assembliert sein.
 
[ System Events ]
Error - 5/24/2013 8:10:29 AM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ntiomin  UimBus  Uim_IM  Uim_VIM
 
Error - 5/24/2013 8:13:05 AM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 5/24/2013 8:13:05 AM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 5/24/2013 1:33:46 PM | Computer Name = PC-Philipp-Pütz | Source = bowser | ID = 8003
Description = 
 
Error - 5/24/2013 4:20:44 PM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7043
Description = Der Dienst Steganos Volatile Disk konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
Error - 5/25/2013 4:28:39 AM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 SQL Server (SQLEXPRESS) erreicht.
 
Error - 5/25/2013 4:28:39 AM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SQL Server (SQLEXPRESS)" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 5/25/2013 4:29:12 AM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   ntiomin  UimBus  Uim_IM  Uim_VIM
 
Error - 5/25/2013 4:31:37 AM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 5/25/2013 4:31:37 AM | Computer Name = PC-Philipp-Pütz | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
gmer.txt
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-25 12:41:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AQ1 1863,02GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\PHILIP~1\AppData\Local\Temp\kxniykob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                         fffff800033b8000 45 bytes [00, 00, 10, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                         fffff800033b802f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076611465 2 bytes [61, 76]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[1940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000766114bb 2 bytes [61, 76]
.text     ...                                                                                                        * 2

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----
         
__________________


Alt 26.05.2013, 10:06   #3
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Nachtrag: Vorgestern hat ein Freund von mir versucht mit einem Rootkit Programm oder ähnlichem mit zu helfen... Dies brachte aber keine Ergebnisse.
Naja er redete von Rootkits und im Internet stand etwas von malware
__________________

Alt 28.05.2013, 23:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.05.2013, 11:59   #5
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Hallo,

Danke für deine Antwort. Leider besitze ich keine weiteren Logs von Antivirenprogramm in denen etwas gefunden wurde.

Malwarebytes und weitere Programme die in dem Link waren, habe ich nicht auf dem PC.

jPPütz


Alt 29.05.2013, 12:38   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Zitat:
Leider besitze ich keine weiteren Logs von Antivirenprogramm in denen etwas gefunden wurde.
Ok, du hast keine Logs davon, aber gab es denn nun jemals Funde oder nicht?
__________________
--> Googlelinks/Links werden umgeleitet

Alt 29.05.2013, 12:51   #7
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Hallo,

Ja es gab Funde, diese sind aber schon etwas länger her und wurden laut Kaspersky Internet Security 2013 erfolgreich entfernt.

Von dem aktuellen Problem gab es bisher keine Funde oder Berichte!

Aber vielleicht haben diese alten Funde etwas damit zu tun?
Code:
ATTFilter
Schädlicher Link	Inaktiv	25.05.2013 13:48:39	hxxp://antibotsys.com/click/	
Schädlicher Link	Inaktiv	04.05.2013 20:14:48	hxxp://clickstatonlinetreker.com/	
Schädlicher Link	Inaktiv	04.05.2013 20:14:48	hxxp://clickstatonlinetreker.com/	
Schädlicher Link	Inaktiv	25.05.2013 10:38:18	hxxp://antibotsys.com/click/	
Schädlicher Link	Inaktiv	25.05.2013 13:48:39	hxxp://antibotsys.com/	

(Dies sind Seiten auf die ich umgeleitet wurde durch den Virus, Kaspersky hatte sie direkt gesperrt)


Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (2)	

not-a-virus:HEUR:WebToolbar.Win32.BetterInstaller.gen	Inaktiv	03.02.2013 13:16:01	hxxp://static.bicdn.com/installers/6/3/PDFCreator_downloader_by_network_matomyi_1/PDFCreatorSetup-1yKkuG7.exe//	
not-a-virus:HEUR:WebToolbar.Win32.BetterInstaller.gen	Inaktiv	25.01.2013 15:37:55	hxxp://static.bicdn.com/installers/6/3/PDFCreator_downloader_by_network_matomyi_1/PDFCreatorSetup-2g3goCV.exe//	

(Damals habte ich den PDF-Creator updaten wollen, doch als die Meldung kam habe ich das Update löschen lassen bzw. Kaspersky auf desinfiziern oder löschen angewiesen)
         
Edit: Hatte ich die Log-Programme richtig eingestellt und richtig ausgeführt?

Geändert von jPPütz (29.05.2013 um 13:13 Uhr)

Alt 29.05.2013, 13:24   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.05.2013, 13:54   #9
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Hallo,

hier das Combofix Log:
Code:
ATTFilter
ComboFix 13-05-29.01 - *** 29.05.2013  14:33:14.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8168.6652 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\SOUNDF~1\SOUNdf~1.dll
c:\users\***\AppData\Roaming\Microsoft\~DFK300270.tmp
c:\users\***\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\***\AppData\Roaming\Microsoft\bass.dll
c:\users\***\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\***\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\***\AppData\Roaming\Microsoft\peaadje.dll
c:\users\***\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\***\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-29  ))))))))))))))))))))))))))))))
.
.
2013-05-29 12:41 . 2013-05-29 12:41	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-05-29 12:41 . 2013-05-29 12:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-26 16:43 . 2013-05-26 16:43	--------	d-----w-	c:\users\***\AppData\Local\{B77BB212-FE9B-4FBE-B44B-1928F2A32D3F}
2013-05-24 12:07 . 2013-05-24 12:07	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-05-23 16:26 . 2013-05-23 16:26	--------	d-----w-	c:\program files (x86)\Mozilla Firefox6
2013-05-20 10:44 . 2013-05-20 10:44	27760	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2013-05-20 10:44 . 2013-05-20 10:44	14448	----a-w-	c:\windows\system32\drivers\ggflt.sys
2013-05-20 10:43 . 2013-05-20 10:43	--------	d-----w-	c:\programdata\Sony Ericsson
2013-05-20 10:43 . 2013-05-20 10:43	--------	d-----w-	c:\program files (x86)\Sony Ericsson
2013-05-20 10:37 . 2013-05-20 10:37	--------	d-----w-	c:\programdata\Sony
2013-05-20 10:37 . 2013-05-20 10:37	--------	d-----w-	c:\program files (x86)\Sony
2013-05-20 09:21 . 2013-05-29 12:41	--------	d-----w-	c:\program files (x86)\SoundFrost
2013-05-19 11:36 . 2013-05-19 11:36	--------	d-----w-	c:\users\***\AppData\Local\{0BF64BBD-B97F-44D1-8462-1601E5CF4927}
2013-05-18 19:48 . 2013-05-18 19:48	--------	d-----w-	c:\users\***\AppData\Local\{D0A5BD75-6024-4A3B-96DC-EBFF85F5EFB9}
2013-05-17 19:51 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-17 19:51 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-17 19:51 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-17 19:50 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-17 19:50 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-17 19:50 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-17 19:50 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-17 19:50 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-17 19:50 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-17 19:50 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-17 19:50 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-17 19:50 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-11 10:00 . 2013-05-21 15:56	--------	d-----w-	c:\users\_ocster_1clk_backup_
2013-05-02 17:04 . 2013-05-02 17:44	--------	d-----w-	c:\program files (x86)\NSS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 19:00 . 2012-04-11 14:28	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-18 19:00 . 2012-03-02 19:15	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-17 20:26 . 2011-02-10 20:56	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-09 08:51 . 2010-06-24 19:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-24 09:58 . 2013-01-04 15:54	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-04-24 09:58 . 2013-01-04 15:54	620128	----a-w-	c:\windows\system32\drivers\klif.sys
2013-04-24 09:58 . 2012-08-13 15:49	178448	----a-w-	c:\windows\system32\drivers\kneps.sys
2013-04-24 09:58 . 2012-06-08 10:38	55056	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-04-13 05:49 . 2013-05-17 19:51	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-17 19:51	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-17 19:51	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-17 19:51	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-17 19:51	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-17 19:51	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:53	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-04 03:35 . 2013-04-29 11:57	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-23 08:29 . 2013-03-23 08:29	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-23 08:29 . 2013-03-23 08:29	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-23 08:29 . 2013-03-23 08:29	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-23 08:29 . 2013-03-23 08:29	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-23 08:29 . 2013-03-23 08:29	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-23 08:29 . 2013-03-23 08:29	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-23 08:29 . 2013-03-23 08:29	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-23 08:29 . 2013-03-23 08:29	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-23 08:29 . 2013-03-23 08:29	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-23 08:29 . 2013-03-23 08:29	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-23 08:29 . 2013-03-23 08:29	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-23 08:29 . 2013-03-23 08:29	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-23 08:29 . 2013-03-23 08:29	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-23 08:29 . 2013-03-23 08:29	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-23 08:29 . 2013-03-23 08:29	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-23 08:29 . 2013-03-23 08:29	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-23 08:29 . 2013-03-23 08:29	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-23 08:29 . 2013-03-23 08:29	441856	----a-w-	c:\windows\system32\html.iec
2013-03-23 08:29 . 2013-03-23 08:29	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-23 08:29 . 2013-03-23 08:29	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-23 08:29 . 2013-03-23 08:29	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-23 08:29 . 2013-03-23 08:29	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-23 08:29 . 2013-03-23 08:29	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-23 08:29 . 2013-03-23 08:29	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-23 08:29 . 2013-03-23 08:29	235008	----a-w-	c:\windows\system32\url.dll
2013-03-23 08:29 . 2013-03-23 08:29	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-23 08:29 . 2013-03-23 08:29	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-23 08:29 . 2013-03-23 08:29	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-23 08:29 . 2013-03-23 08:29	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-23 08:29 . 2013-03-23 08:29	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-23 08:29 . 2013-03-23 08:29	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-23 08:29 . 2013-03-23 08:29	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-23 08:29 . 2013-03-23 08:29	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-23 08:29 . 2013-03-23 08:29	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-23 08:29 . 2013-03-23 08:29	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-23 08:29 . 2013-03-23 08:29	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-23 08:29 . 2013-03-23 08:29	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-23 08:29 . 2013-03-23 08:29	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-23 08:29 . 2013-03-23 08:29	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-23 08:29 . 2013-03-23 08:29	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-23 08:29 . 2013-03-23 08:29	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-23 08:29 . 2013-03-23 08:29	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-23 08:29 . 2013-03-23 08:29	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-23 08:29 . 2013-03-23 08:29	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-23 08:29 . 2013-03-23 08:29	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-23 08:29 . 2013-03-23 08:29	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-23 08:29 . 2013-03-23 08:29	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-23 08:29 . 2013-03-23 08:29	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-23 08:29 . 2013-03-23 08:29	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-10 10:52	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 10:52	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 10:52	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 10:52	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 10:52	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 10:52	112640	----a-w-	c:\windows\system32\smss.exe
2013-03-11 15:15 . 2012-09-21 19:05	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-11 15:15 . 2011-02-10 20:50	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2004-02-28 19:05 . 2011-05-18 22:56	266240	----a-w-	c:\program files (x86)\vbalTreeView6.ocx
2004-02-28 18:05 . 2011-05-18 21:56	266240	----a-w-	c:\program files\vbalTreeView6.ocx
2004-01-21 22:35 . 2011-05-18 22:56	40960	----a-w-	c:\program files (x86)\SSubTmr6.dll
2004-01-21 21:35 . 2011-05-18 21:56	40960	----a-w-	c:\program files\SSubTmr6.dll
2003-04-01 13:35 . 2011-05-18 22:56	122880	----a-w-	c:\program files (x86)\cPopMenu6.ocx
2003-04-01 12:35 . 2011-05-18 21:56	122880	----a-w-	c:\program files\cPopMenu6.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Password Depot"="c:\program files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe" [2012-08-06 8219400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-04 356376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
"SSS12 HotKeys"="c:\program files (x86)\Steganos Privacy Suite 12\SteganosHotKeyService.exe"
"SSS12 File Redirection Starter"="c:\program files (x86)\Steganos Privacy Suite 12\fredirstarter.exe"
"hpqSRMon"=c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 ntiomin;ntiomin; [x]
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-14 352816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ALSysIO;ALSysIO;c:\users\PHILIP~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-12-26 276256]
R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-05-20 14448]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-04-29 716800]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-11-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-11-09 171008]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2013-02-25 53312]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 oodrvled;oodrvled;c:\windows\system32\DRIVERS\oodrvled.sys [2010-05-20 30800]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-24 55056]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-04-24 178448]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2011-09-12 13:28 108256]
S1 STGMFEngine64;Steganos RAM Disk Engine 64 Bit [Driver];c:\windows\system32\drivers\STGMFEngine64.sys [2011-09-12 13:30 28576]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 ocster_1clk_backup;Ocster 1-Click Backup;c:\program files\Ocster 1-Click Backup\bin\backupService-ox1c.exe [2013-05-05 23728]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 Steganos Volatile Disk;Steganos Volatile Disk;c:\windows\system32\STGRAMDiskHandler64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 19:00]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 14:38]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 14:38]
.
2012-11-25 c:\windows\Tasks\NeroLiveEpgUpdate-PC-Philipp-Pütz_Philipp-Pütz.job
- c:\program files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-01 12:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=fa252e1200000000000000ff47ed28cd
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.http - 212.88.157.205 
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-02 18:01; {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}; c:\users\Philipp Pütz\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
FF - ExtSQL: 2013-05-29 13:55; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Philipp Pütz\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=fa252e1200000000000000ff47ed28cd&q=
FF - user.js: extensions.BabylonToolbar.id - fa252e1200000000000000ff47ed28cd
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15688
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.916:06
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109727&tt=5012_8
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.claro.tlbrSrchUrl - 
FF - user.js: extensions.claro.id - fa252e1200000000000000ff47ed28cd
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15745
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.515:40
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{081524f7-7ed8-43ff-b01e-915c410a9cbe} - c:\progra~2\SOUNDF~1\SOUNDF~1.DLL
SafeBoot-49300839.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{3C894249-6B6B-4AE5-9023-A2E7B738AA49}_is1 - w:\neuer ordner\Test\Programms\PictureLoKiT\unins000.exe
AddRemove-EncSpot Basic_is1 - c:\program files (x86)\GuerillaSoft\EncSpot\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODLED04.00.00.01PRO"="759576F61B4BFA2FF716A12662379A9D57473537062546C152FC8540805989F85EB3FAEF1B033890281E70E8CE137836583AE334F59C9A63388279395844C06C9823CAD379495B9011C5856CBD11EBA70AEE5DABE34E9FD01E65CE33C3323B3E40AB2AF2E2AFCF8ABB0F7A815EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6678EDD5E5BE2F6E6679DB7CE019D40AA5CF5AAE0B2D20BD05328B834FD61D1D32C3E42304BFB0FB9D87C3F1CC72E6C9D45CE43B3C16A6FCE5B8A3987A813DFABDCBC685A581674969D15D01F351555EA0650CC7C9923E994E9BE12DF920B7EA7A757752B6A2E2C96A5D7816285EB24E70E7966FD121FB889E4AF27B38124BD31F280AF66D2F6BDC47362219C365EF6DF9AAE010073A2AC5CE9A9B0F9A7DB47F3D58DB559D348456F3BB05007B5BB7C611F39E5CDF9972AF947DEB930315352E19EB9774FA39BEF2767A883616977F9C04346AD38D6892C1A81E32356BBD12E304CA2399A6E1083431591866D28AB4694DFE348912FA93E32CFB29FF1D8403ED7934B159053E9555D1695F5F2BD11CDB7830978329CCD827E1DA8B60C8F2D7716DC1AF60AE30E51556FC544BBEA8913C8720DD3752B6D2E808886C4AF59CAE3EBC5D820E7298976CADB1436966418A72DA1AA47BB5C270A7CE772F9EEA46DA39E1E36A4889C8959A547D7665751663609BB841068263BF4F840F5D95DD111E6B7EA456E522D619F10D3CDC3D24D3E78CA9F9EC0626F0D5E424E7E3B94B8D17504E37CB82FBF8885F6D7940DE36911C09DDFE0C11697A74C6B02DBCBB023F2A79475B4150EA999D98CDB2FDA6A29F1F1F843184CF2EDB658457D468952CDD86E3FC0ADE95E365380C79D0616C88418061144F3EF6C380C2FE899D3C81F6C0FC91C9A0A6D16249870630E637BE4E7E0876111898EFA2F9B12336105B1BD24C252090BCFACB1A7F0345C54771E2AB2CB972B0C51DF19017ED7C294B83FDC8FC530264E688AAA6606EB75C8556307397C6A6ECB276EC64DF167FDA5B6C22CBB0E225AD4A339867DA74C34F9F385ED43B9C8759B4B980829D6BF0C3EA65E602B347A4E44334348F8C89863A7B091D48DF10D48F8E211E41EB27158B7958AB1D4F8A0ED75AC05F9DE01AF9148C8E8B7C734AA3997F660E729AC2114A2F693DDA03D0D6B728CAF2AA309001007DFC2159633A259DBF15FA13B920932C21F97246E854FBBFDAF476A34410C75BD7EA7EE11478F7FE2A63D26395677EB0EC68CCA107C89188B59244FEE2D6B1B810FF54CC26C9CC87A46FC8BFC8B4B3E330CB8994B70F1FCC42FF4F326F1C91F96E1DE37AC430A13A3ECF56D52EB7BE60E70385DD9D2D1AC04BC38F4225C66E5752A69BF438F2D011694516D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-29  14:43:55
ComboFix-quarantined-files.txt  2013-05-29 12:43
.
Vor Suchlauf: 21 Verzeichnis(se), 690.390.556.672 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 689.900.380.160 Bytes frei
.
- - End Of File - - C7943140ABAE0C36AE29B795D7EEA1BA
         
Zusatz: Folgende Ereignisse sind nach dem Combofix ausführung aufgetreten:
- Als ich Kaspersky wieder über das Widget starten wollte kam ein Fehler(Irgenwas in der Art "Probleme beim starten ..COM...")
- Firefox meldete sich beim Start das er nicht mehr Standardbrowser ist.
Keine Ahnung ob etwas davon wichtig ist...

Gruß jPPütz

Alt 29.05.2013, 15:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.05.2013, 17:58   #11
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Einmal Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.05.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
*** :: *** [administrator]

29.05.2013 17:10:41
mbar-log-2013-05-29 (17-10-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 323312
Time elapsed: 22 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Dann beim aswMBR Scan bricht das Programm immer bei dem selben Eintrag ab.
Die Virendefinition wurde heruntergeladen und danach die Internetverbindung geschlossen und das Kaspersky deaktiviert. Das Programm wurde auch als Admin gestartet

Habe es nun 3mal versucht, doch das Programm bricht immer wieder ab bzw. hängt sich auf.

Der Hinweis besagt das ich den Scanmodus auf -none- stellen soll, soll ich dies nun tun?


Bild im Anhang zeigt den Punkt wo es sich aufhängt.
Miniaturansicht angehängter Grafiken
Googlelinks/Links werden umgeleitet-fehler.jpg  

Geändert von jPPütz (29.05.2013 um 18:12 Uhr)

Alt 30.05.2013, 09:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Zitat:
Der Hinweis besagt das ich den Scanmodus auf -none- stellen soll, soll ich dies nun tun?
ja genau das sollst du tun
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2013, 09:44   #13
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



Jetzt hat es funktioniert. War aber sehr schnell fertig...

aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-30 10:34:39
-----------------------------
10:34:39.723    OS Version: Windows x64 6.1.7601 Service Pack 1
10:34:39.723    Number of processors: 8 586 0x2A07
10:34:39.723    ComputerName: ***  UserName: ***
10:34:41.361    Initialize success
10:34:52.968    AVAST engine defs: 13052900
10:35:07.023    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:35:07.023    Disk 0 Vendor: SAMSUNG_ 1AQ1 Size: 1907729MB BusType: 3
10:35:07.133    Disk 0 MBR read successfully
10:35:07.133    Disk 0 MBR scan
10:35:07.133    Disk 0 unknown MBR code
10:35:07.148    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:35:07.164    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1875883 MB offset 206848
10:35:07.179    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        30720 MB offset 3842015232
10:35:07.195    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 3904929792
10:35:07.226    Disk 0 scanning C:\Windows\system32\drivers
10:35:16.773    Service scanning
10:35:37.537    Modules scanning
10:35:37.537    Disk 0 trace - called modules:
10:35:38.036    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
10:35:38.052    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009368790]
10:35:38.052    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007727050]
10:35:38.052    Scan finished successfully
10:35:57.287    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
10:35:57.287    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         

TDSSKiller

Code:
ATTFilter
10:39:44.0885 2832  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:39:45.0852 2832  ============================================================
10:39:45.0852 2832  Current date / time: 2013/05/30 10:39:45.0852
10:39:45.0852 2832  SystemInfo:
10:39:45.0852 2832  
10:39:45.0852 2832  OS Version: 6.1.7601 ServicePack: 1.0
10:39:45.0852 2832  Product type: Workstation
10:39:45.0852 2832  ComputerName: ***
10:39:45.0852 2832  UserName: ***
10:39:45.0852 2832  Windows directory: C:\Windows
10:39:45.0852 2832  System windows directory: C:\Windows
10:39:45.0852 2832  Running under WOW64
10:39:45.0852 2832  Processor architecture: Intel x64
10:39:45.0852 2832  Number of processors: 8
10:39:45.0852 2832  Page size: 0x1000
10:39:45.0852 2832  Boot type: Normal boot
10:39:45.0852 2832  ============================================================
10:39:46.0179 2832  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:39:46.0179 2832  ============================================================
10:39:46.0179 2832  \Device\Harddisk0\DR0:
10:39:46.0179 2832  MBR partitions:
10:39:46.0179 2832  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:39:46.0179 2832  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE4FD5800
10:39:46.0179 2832  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE5008000, BlocksNum 0x3C00000
10:39:46.0179 2832  ============================================================
10:39:46.0226 2832  C: <-> \Device\Harddisk0\DR0\Partition2
10:39:46.0257 2832  D: <-> \Device\Harddisk0\DR0\Partition3
10:39:46.0304 2832  F: <-> \Device\Harddisk0\DR0\Partition1
10:39:46.0304 2832  ============================================================
10:39:46.0304 2832  Initialize success
10:39:46.0304 2832  ============================================================
10:39:51.0171 3636  ============================================================
10:39:51.0171 3636  Scan started
10:39:51.0171 3636  Mode: Manual; SigCheck; TDLFS; 
10:39:51.0171 3636  ============================================================
10:39:51.0359 3636  ================ Scan system memory ========================
10:39:51.0359 3636  System memory - ok
10:39:51.0359 3636  ================ Scan services =============================
10:39:51.0468 3636  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:39:51.0546 3636  1394ohci - ok
10:39:51.0577 3636  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:39:51.0593 3636  ACPI - ok
10:39:51.0624 3636  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:39:51.0671 3636  AcpiPmi - ok
10:39:51.0764 3636  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:39:51.0764 3636  AdobeARMservice - ok
10:39:51.0889 3636  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:39:51.0889 3636  AdobeFlashPlayerUpdateSvc - ok
10:39:51.0920 3636  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:39:51.0936 3636  adp94xx - ok
10:39:51.0967 3636  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:39:51.0967 3636  adpahci - ok
10:39:51.0983 3636  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:39:51.0983 3636  adpu320 - ok
10:39:51.0998 3636  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:39:52.0107 3636  AeLookupSvc - ok
10:39:52.0154 3636  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
10:39:52.0201 3636  AFD - ok
10:39:52.0232 3636  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:39:52.0248 3636  agp440 - ok
10:39:52.0263 3636  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
10:39:52.0279 3636  ALG - ok
10:39:52.0295 3636  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:39:52.0295 3636  aliide - ok
10:39:52.0404 3636  ALSysIO - ok
10:39:52.0404 3636  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:39:52.0419 3636  amdide - ok
10:39:52.0435 3636  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:39:52.0482 3636  AmdK8 - ok
10:39:52.0497 3636  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:39:52.0529 3636  AmdPPM - ok
10:39:52.0560 3636  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:39:52.0560 3636  amdsata - ok
10:39:52.0591 3636  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:39:52.0607 3636  amdsbs - ok
10:39:52.0622 3636  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:39:52.0622 3636  amdxata - ok
10:39:52.0685 3636  [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
10:39:52.0700 3636  Apowersoft_AudioDevice - ok
10:39:52.0731 3636  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
10:39:52.0856 3636  AppID - ok
10:39:52.0887 3636  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:39:52.0934 3636  AppIDSvc - ok
10:39:52.0965 3636  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
10:39:52.0997 3636  Appinfo - ok
10:39:53.0043 3636  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
10:39:53.0043 3636  arc - ok
10:39:53.0059 3636  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:39:53.0075 3636  arcsas - ok
10:39:53.0075 3636  ASNDIS4 - ok
10:39:53.0168 3636  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:39:53.0168 3636  aspnet_state - ok
10:39:53.0184 3636  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:39:53.0215 3636  AsyncMac - ok
10:39:53.0231 3636  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
10:39:53.0231 3636  atapi - ok
10:39:53.0262 3636  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:39:53.0293 3636  AudioEndpointBuilder - ok
10:39:53.0309 3636  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:39:53.0324 3636  AudioSrv - ok
10:39:53.0418 3636  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
10:39:53.0418 3636  AVP - ok
10:39:53.0449 3636  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:39:53.0511 3636  AxInstSV - ok
10:39:53.0543 3636  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:39:53.0574 3636  b06bdrv - ok
10:39:53.0589 3636  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:39:53.0621 3636  b57nd60a - ok
10:39:53.0667 3636  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:39:53.0699 3636  BDESVC - ok
10:39:53.0699 3636  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:39:53.0745 3636  Beep - ok
10:39:53.0777 3636  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
10:39:53.0808 3636  BFE - ok
10:39:53.0855 3636  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
10:39:53.0901 3636  BITS - ok
10:39:53.0917 3636  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:39:53.0964 3636  blbdrive - ok
10:39:53.0995 3636  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:39:54.0026 3636  bowser - ok
10:39:54.0057 3636  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:39:54.0073 3636  BrFiltLo - ok
10:39:54.0104 3636  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:39:54.0135 3636  BrFiltUp - ok
10:39:54.0198 3636  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:39:54.0213 3636  BridgeMP - ok
10:39:54.0245 3636  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
10:39:54.0276 3636  Browser - ok
10:39:54.0276 3636  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:39:54.0307 3636  Brserid - ok
10:39:54.0354 3636  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:39:54.0369 3636  BrSerWdm - ok
10:39:54.0416 3636  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:39:54.0416 3636  BrUsbMdm - ok
10:39:54.0447 3636  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:39:54.0479 3636  BrUsbSer - ok
10:39:54.0494 3636  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:39:54.0510 3636  BTHMODEM - ok
10:39:54.0541 3636  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
10:39:54.0557 3636  bthserv - ok
10:39:54.0588 3636  catchme - ok
10:39:54.0603 3636  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:39:54.0635 3636  cdfs - ok
10:39:54.0635 3636  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:39:54.0666 3636  cdrom - ok
10:39:54.0681 3636  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
10:39:54.0713 3636  CertPropSvc - ok
10:39:54.0822 3636  [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
10:39:54.0853 3636  CGVPNCliSrvc - ok
10:39:54.0869 3636  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
10:39:54.0900 3636  circlass - ok
10:39:54.0900 3636  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:39:54.0915 3636  CLFS - ok
10:39:54.0962 3636  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:39:54.0978 3636  clr_optimization_v2.0.50727_32 - ok
10:39:55.0009 3636  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:39:55.0009 3636  clr_optimization_v2.0.50727_64 - ok
10:39:55.0056 3636  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:39:55.0071 3636  clr_optimization_v4.0.30319_32 - ok
10:39:55.0071 3636  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:39:55.0087 3636  clr_optimization_v4.0.30319_64 - ok
10:39:55.0087 3636  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:39:55.0118 3636  CmBatt - ok
10:39:55.0134 3636  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:39:55.0149 3636  cmdide - ok
10:39:55.0181 3636  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
10:39:55.0196 3636  CNG - ok
10:39:55.0212 3636  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:39:55.0227 3636  Compbatt - ok
10:39:55.0243 3636  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:39:55.0259 3636  CompositeBus - ok
10:39:55.0259 3636  COMSysApp - ok
10:39:55.0290 3636  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:39:55.0290 3636  crcdisk - ok
10:39:55.0321 3636  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:39:55.0352 3636  CryptSvc - ok
10:39:55.0383 3636  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:39:55.0430 3636  DcomLaunch - ok
10:39:55.0446 3636  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
10:39:55.0493 3636  defragsvc - ok
10:39:55.0524 3636  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:39:55.0555 3636  DfsC - ok
10:39:55.0571 3636  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:39:55.0602 3636  Dhcp - ok
10:39:55.0664 3636  [ 79B9D7643C9E3AD10B89DF8EF0A9D2FE ] DigiartyVirtualCDBus C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys
10:39:55.0664 3636  DigiartyVirtualCDBus - ok
10:39:55.0680 3636  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:39:55.0711 3636  discache - ok
10:39:55.0727 3636  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
10:39:55.0742 3636  Disk - ok
10:39:55.0758 3636  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:39:55.0805 3636  Dnscache - ok
10:39:55.0820 3636  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:39:55.0851 3636  dot3svc - ok
10:39:55.0883 3636  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
10:39:55.0898 3636  Dot4 - ok
10:39:55.0914 3636  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:39:55.0945 3636  Dot4Print - ok
10:39:55.0961 3636  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
10:39:55.0992 3636  dot4usb - ok
10:39:56.0007 3636  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
10:39:56.0023 3636  DPS - ok
10:39:56.0023 3636  DRHARD - ok
10:39:56.0054 3636  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:39:56.0070 3636  drmkaud - ok
10:39:56.0117 3636  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:39:56.0132 3636  DXGKrnl - ok
10:39:56.0148 3636  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
10:39:56.0179 3636  EapHost - ok
10:39:56.0226 3636  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:39:56.0288 3636  ebdrv - ok
10:39:56.0319 3636  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
10:39:56.0366 3636  EFS - ok
10:39:56.0429 3636  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:39:56.0460 3636  ehRecvr - ok
10:39:56.0507 3636  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
10:39:56.0553 3636  ehSched - ok
10:39:56.0600 3636  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:39:56.0616 3636  elxstor - ok
10:39:56.0647 3636  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:39:56.0663 3636  ErrDev - ok
10:39:56.0725 3636  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
10:39:56.0741 3636  EventSystem - ok
10:39:56.0772 3636  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
10:39:56.0834 3636  exfat - ok
10:39:56.0881 3636  Fabs - ok
10:39:56.0897 3636  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:39:56.0959 3636  fastfat - ok
10:39:56.0990 3636  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
10:39:57.0021 3636  Fax - ok
10:39:57.0037 3636  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
10:39:57.0068 3636  fdc - ok
10:39:57.0084 3636  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:39:57.0115 3636  fdPHost - ok
10:39:57.0131 3636  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:39:57.0162 3636  FDResPub - ok
10:39:57.0193 3636  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:39:57.0193 3636  FileInfo - ok
10:39:57.0224 3636  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:39:57.0271 3636  Filetrace - ok
10:39:57.0302 3636  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:39:57.0318 3636  flpydisk - ok
10:39:57.0333 3636  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:39:57.0349 3636  FltMgr - ok
10:39:57.0396 3636  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
10:39:57.0427 3636  FontCache - ok
10:39:57.0458 3636  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:39:57.0458 3636  FontCache3.0.0.0 - ok
10:39:57.0474 3636  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:39:57.0474 3636  FsDepends - ok
10:39:57.0505 3636  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:39:57.0521 3636  Fs_Rec - ok
10:39:57.0567 3636  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:39:57.0567 3636  fvevol - ok
10:39:57.0599 3636  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:39:57.0599 3636  gagp30kx - ok
10:39:57.0645 3636  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
10:39:57.0645 3636  ggflt - ok
10:39:57.0677 3636  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
10:39:57.0677 3636  ggsemc - ok
10:39:57.0708 3636  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
10:39:57.0755 3636  gpsvc - ok
10:39:57.0801 3636  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:39:57.0801 3636  gupdate - ok
10:39:57.0801 3636  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:39:57.0817 3636  gupdatem - ok
10:39:57.0833 3636  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:39:57.0848 3636  hcw85cir - ok
10:39:57.0879 3636  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:39:57.0895 3636  HdAudAddService - ok
10:39:57.0911 3636  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:39:57.0926 3636  HDAudBus - ok
10:39:57.0957 3636  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:39:57.0973 3636  HidBatt - ok
10:39:58.0004 3636  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:39:58.0004 3636  HidBth - ok
10:39:58.0035 3636  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:39:58.0051 3636  HidIr - ok
10:39:58.0067 3636  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
10:39:58.0098 3636  hidserv - ok
10:39:58.0113 3636  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:39:58.0129 3636  HidUsb - ok
10:39:58.0160 3636  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:39:58.0207 3636  hkmsvc - ok
10:39:58.0223 3636  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:39:58.0254 3636  HomeGroupListener - ok
10:39:58.0285 3636  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:39:58.0316 3636  HomeGroupProvider - ok
10:39:58.0332 3636  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:39:58.0332 3636  HpSAMD - ok
10:39:58.0363 3636  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:39:58.0394 3636  HTTP - ok
10:39:58.0410 3636  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:39:58.0410 3636  hwpolicy - ok
10:39:58.0425 3636  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:39:58.0425 3636  i8042prt - ok
10:39:58.0441 3636  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
10:39:58.0457 3636  iaStor - ok
10:39:58.0503 3636  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:39:58.0519 3636  IAStorDataMgrSvc - ok
10:39:58.0550 3636  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:39:58.0566 3636  iaStorV - ok
10:39:58.0597 3636  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:39:58.0613 3636  idsvc - ok
10:39:58.0644 3636  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:39:58.0644 3636  iirsp - ok
10:39:58.0675 3636  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:39:58.0722 3636  IKEEXT - ok
10:39:58.0769 3636  [ 3E49DAC8EEFA6016AA2A6331BEC866AE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:39:58.0800 3636  IntcAzAudAddService - ok
10:39:58.0831 3636  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:39:58.0831 3636  intelide - ok
10:39:58.0862 3636  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:39:58.0878 3636  intelppm - ok
10:39:58.0893 3636  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:39:58.0925 3636  IPBusEnum - ok
10:39:58.0940 3636  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:39:58.0971 3636  IpFilterDriver - ok
10:39:59.0003 3636  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:39:59.0049 3636  iphlpsvc - ok
10:39:59.0065 3636  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:39:59.0081 3636  IPMIDRV - ok
10:39:59.0112 3636  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:39:59.0143 3636  IPNAT - ok
10:39:59.0143 3636  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:39:59.0159 3636  IRENUM - ok
10:39:59.0174 3636  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:39:59.0174 3636  isapnp - ok
10:39:59.0190 3636  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:39:59.0205 3636  iScsiPrt - ok
10:39:59.0221 3636  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:39:59.0221 3636  kbdclass - ok
10:39:59.0237 3636  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:39:59.0252 3636  kbdhid - ok
10:39:59.0268 3636  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:39:59.0268 3636  KeyIso - ok
10:39:59.0346 3636  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
10:39:59.0346 3636  kl1 - ok
10:39:59.0424 3636  [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
10:39:59.0439 3636  KLIF - ok
10:39:59.0439 3636  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
10:39:59.0455 3636  KLIM6 - ok
10:39:59.0486 3636  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
10:39:59.0502 3636  klkbdflt - ok
10:39:59.0533 3636  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
10:39:59.0549 3636  klmouflt - ok
10:39:59.0564 3636  [ 982974975E679276F0FA39EFA331A268 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
10:39:59.0580 3636  kltdi - ok
10:39:59.0595 3636  [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
10:39:59.0611 3636  kneps - ok
10:39:59.0627 3636  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:39:59.0642 3636  KSecDD - ok
10:39:59.0673 3636  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:39:59.0689 3636  KSecPkg - ok
10:39:59.0689 3636  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:39:59.0736 3636  ksthunk - ok
10:39:59.0767 3636  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:39:59.0814 3636  KtmRm - ok
10:39:59.0845 3636  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:39:59.0876 3636  LanmanServer - ok
10:39:59.0892 3636  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:39:59.0923 3636  LanmanWorkstation - ok
10:39:59.0970 3636  [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:39:59.0970 3636  LBTServ - ok
10:39:59.0985 3636  [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:40:00.0001 3636  LHidFilt - ok
10:40:00.0001 3636  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:40:00.0032 3636  lltdio - ok
10:40:00.0063 3636  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:40:00.0095 3636  lltdsvc - ok
10:40:00.0110 3636  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:40:00.0141 3636  lmhosts - ok
10:40:00.0157 3636  [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:40:00.0173 3636  LMouFilt - ok
10:40:00.0204 3636  [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:40:00.0204 3636  LMS - ok
10:40:00.0219 3636  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:40:00.0235 3636  LSI_FC - ok
10:40:00.0251 3636  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:40:00.0251 3636  LSI_SAS - ok
10:40:00.0266 3636  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:40:00.0282 3636  LSI_SAS2 - ok
10:40:00.0297 3636  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:40:00.0297 3636  LSI_SCSI - ok
10:40:00.0329 3636  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
10:40:00.0360 3636  luafv - ok
10:40:00.0375 3636  [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
10:40:00.0375 3636  LUsbFilt - ok
10:40:00.0438 3636  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
10:40:00.0438 3636  LVRS64 - ok
10:40:00.0469 3636  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:40:00.0485 3636  Mcx2Svc - ok
10:40:00.0516 3636  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:40:00.0516 3636  megasas - ok
10:40:00.0547 3636  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:40:00.0547 3636  MegaSR - ok
10:40:00.0563 3636  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
10:40:00.0578 3636  MEIx64 - ok
10:40:00.0594 3636  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
10:40:00.0625 3636  MMCSS - ok
10:40:00.0641 3636  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
10:40:00.0656 3636  Modem - ok
10:40:00.0672 3636  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:40:00.0687 3636  monitor - ok
10:40:00.0703 3636  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:40:00.0719 3636  mouclass - ok
10:40:00.0734 3636  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:40:00.0734 3636  mouhid - ok
10:40:00.0750 3636  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:40:00.0765 3636  mountmgr - ok
10:40:00.0859 3636  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:40:00.0859 3636  MozillaMaintenance - ok
10:40:00.0875 3636  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:40:00.0890 3636  mpio - ok
10:40:00.0890 3636  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:40:00.0921 3636  mpsdrv - ok
10:40:00.0953 3636  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:40:00.0984 3636  MpsSvc - ok
10:40:00.0999 3636  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:40:01.0031 3636  MRxDAV - ok
10:40:01.0062 3636  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:01.0077 3636  mrxsmb - ok
10:40:01.0124 3636  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:01.0124 3636  mrxsmb10 - ok
10:40:01.0140 3636  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:01.0171 3636  mrxsmb20 - ok
10:40:01.0187 3636  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:40:01.0202 3636  msahci - ok
10:40:01.0202 3636  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:40:01.0218 3636  msdsm - ok
10:40:01.0233 3636  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
10:40:01.0249 3636  MSDTC - ok
10:40:01.0265 3636  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:40:01.0296 3636  Msfs - ok
10:40:01.0311 3636  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:40:01.0327 3636  mshidkmdf - ok
10:40:01.0343 3636  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:40:01.0358 3636  msisadrv - ok
10:40:01.0374 3636  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:40:01.0405 3636  MSiSCSI - ok
10:40:01.0421 3636  msiserver - ok
10:40:01.0421 3636  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:40:01.0452 3636  MSKSSRV - ok
10:40:01.0467 3636  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:01.0499 3636  MSPCLOCK - ok
10:40:01.0514 3636  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:40:01.0545 3636  MSPQM - ok
10:40:01.0561 3636  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:40:01.0561 3636  MsRPC - ok
10:40:01.0592 3636  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:40:01.0592 3636  mssmbios - ok
10:40:01.0748 3636  MSSQL$SQLEXPRESS - ok
10:40:01.0889 3636  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:40:01.0889 3636  MSSQLServerADHelper100 - ok
10:40:01.0904 3636  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:40:01.0935 3636  MSTEE - ok
10:40:01.0951 3636  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:40:01.0967 3636  MTConfig - ok
10:40:01.0998 3636  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:40:02.0013 3636  Mup - ok
10:40:02.0060 3636  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:40:02.0107 3636  napagent - ok
10:40:02.0154 3636  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:40:02.0185 3636  NativeWifiP - ok
10:40:02.0310 3636  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
10:40:02.0325 3636  NAUpdate - ok
10:40:02.0372 3636  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:40:02.0372 3636  NDIS - ok
10:40:02.0388 3636  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:02.0435 3636  NdisCap - ok
10:40:02.0466 3636  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:02.0497 3636  NdisTapi - ok
10:40:02.0513 3636  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:02.0559 3636  Ndisuio - ok
10:40:02.0575 3636  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:02.0622 3636  NdisWan - ok
10:40:02.0637 3636  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:40:02.0669 3636  NDProxy - ok
10:40:02.0731 3636  [ 27FE4B70C12A2C67A58D799B9A4E8D81 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:40:02.0747 3636  Nero BackItUp Scheduler 4.0 - ok
10:40:02.0747 3636  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:40:02.0778 3636  NetBIOS - ok
10:40:02.0793 3636  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:40:02.0825 3636  NetBT - ok
10:40:02.0856 3636  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:40:02.0856 3636  Netlogon - ok
10:40:02.0887 3636  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:40:02.0918 3636  Netman - ok
10:40:02.0949 3636  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:02.0965 3636  NetMsmqActivator - ok
10:40:02.0965 3636  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:02.0965 3636  NetPipeActivator - ok
10:40:02.0981 3636  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:40:02.0996 3636  netprofm - ok
10:40:03.0043 3636  [ 93A240FD4C133D1ED7CCF829159C4B78 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
10:40:03.0059 3636  netr7364 - ok
10:40:03.0074 3636  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:03.0074 3636  NetTcpActivator - ok
10:40:03.0074 3636  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:03.0090 3636  NetTcpPortSharing - ok
10:40:03.0105 3636  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:40:03.0105 3636  nfrd960 - ok
10:40:03.0121 3636  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:40:03.0137 3636  NlaSvc - ok
10:40:03.0199 3636  [ 4903177FC90E77ABEB19021451E9475E ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
10:40:03.0215 3636  nmwcd - ok
10:40:03.0246 3636  [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
10:40:03.0277 3636  nmwcdc - ok
10:40:03.0324 3636  [ F59F8CF59F7905622686637177E2A828 ] nmwcdnsucx64    C:\Windows\system32\drivers\nmwcdnsucx64.sys
10:40:03.0355 3636  nmwcdnsucx64 - ok
10:40:03.0402 3636  [ A0E7F80157AF77B1CEAA8ADD3A3E7D85 ] nmwcdnsux64     C:\Windows\system32\drivers\nmwcdnsux64.sys
10:40:03.0417 3636  nmwcdnsux64 - ok
10:40:03.0433 3636  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:40:03.0449 3636  Npfs - ok
10:40:03.0480 3636  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
10:40:03.0511 3636  nsi - ok
10:40:03.0527 3636  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:40:03.0558 3636  nsiproxy - ok
10:40:03.0620 3636  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:40:03.0651 3636  Ntfs - ok
10:40:03.0651 3636  ntiomin - ok
10:40:03.0667 3636  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:40:03.0698 3636  Null - ok
10:40:03.0729 3636  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
10:40:03.0745 3636  nusb3hub - ok
10:40:03.0776 3636  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:40:03.0807 3636  nusb3xhc - ok
10:40:03.0854 3636  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:40:03.0854 3636  NVHDA - ok
10:40:04.0010 3636  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:40:04.0104 3636  nvlddmkm - ok
10:40:04.0135 3636  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:40:04.0151 3636  nvraid - ok
10:40:04.0166 3636  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:40:04.0182 3636  nvstor - ok
10:40:04.0213 3636  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] NVSvc           C:\Windows\system32\nvvsvc.exe
10:40:04.0229 3636  NVSvc - ok
10:40:04.0307 3636  [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:40:04.0322 3636  nvUpdatusService - ok
10:40:04.0353 3636  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:40:04.0369 3636  nv_agp - ok
10:40:04.0447 3636  [ 15D084D9F57564DC4730B8A9209C27AE ] ocster_1clk_backup c:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe
10:40:04.0463 3636  ocster_1clk_backup - ok
10:40:04.0494 3636  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:40:04.0509 3636  ohci1394 - ok
10:40:04.0525 3636  [ 6E4A24273571924B6346353B10CD2986 ] oodrvled        C:\Windows\system32\DRIVERS\oodrvled.sys
10:40:04.0525 3636  oodrvled - ok
10:40:04.0572 3636  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:40:04.0572 3636  ose - ok
10:40:04.0603 3636  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:40:04.0634 3636  p2pimsvc - ok
10:40:04.0650 3636  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:40:04.0681 3636  p2psvc - ok
10:40:04.0728 3636  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
10:40:04.0759 3636  Parport - ok
10:40:04.0790 3636  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:40:04.0790 3636  partmgr - ok
10:40:04.0821 3636  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:40:04.0821 3636  PcaSvc - ok
10:40:04.0853 3636  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:40:04.0868 3636  pccsmcfd - ok
10:40:04.0868 3636  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
10:40:04.0884 3636  pci - ok
10:40:04.0899 3636  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
10:40:04.0915 3636  pciide - ok
10:40:04.0915 3636  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:40:04.0931 3636  pcmcia - ok
10:40:04.0962 3636  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:40:04.0962 3636  pcw - ok
10:40:04.0993 3636  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:40:05.0024 3636  PEAUTH - ok
10:40:05.0087 3636  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:40:05.0102 3636  PerfHost - ok
10:40:05.0133 3636  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
10:40:05.0180 3636  pla - ok
10:40:05.0227 3636  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:40:05.0243 3636  PlugPlay - ok
10:40:05.0258 3636  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:40:05.0274 3636  PNRPAutoReg - ok
10:40:05.0289 3636  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:40:05.0305 3636  PNRPsvc - ok
10:40:05.0321 3636  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:40:05.0352 3636  PolicyAgent - ok
10:40:05.0383 3636  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
10:40:05.0414 3636  Power - ok
10:40:05.0430 3636  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:40:05.0461 3636  PptpMiniport - ok
10:40:05.0477 3636  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
10:40:05.0492 3636  Processor - ok
10:40:05.0523 3636  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:40:05.0539 3636  ProfSvc - ok
10:40:05.0539 3636  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:40:05.0555 3636  ProtectedStorage - ok
10:40:05.0570 3636  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:40:05.0601 3636  Psched - ok
10:40:05.0617 3636  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
10:40:05.0633 3636  PSI - ok
10:40:05.0695 3636  [ CD33CB6FECF65520466F95AB89CC4AF5 ] PSSDK42         C:\Windows\system32\Drivers\pssdk42.sys
10:40:05.0695 3636  PSSDK42 - ok
10:40:05.0742 3636  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:40:05.0773 3636  ql2300 - ok
10:40:05.0789 3636  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:40:05.0789 3636  ql40xx - ok
10:40:05.0820 3636  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
10:40:05.0835 3636  QWAVE - ok
10:40:05.0835 3636  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:40:05.0867 3636  QWAVEdrv - ok
10:40:05.0882 3636  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:40:05.0913 3636  RasAcd - ok
10:40:05.0929 3636  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:40:05.0960 3636  RasAgileVpn - ok
10:40:05.0976 3636  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
10:40:06.0007 3636  RasAuto - ok
10:40:06.0023 3636  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:40:06.0054 3636  Rasl2tp - ok
10:40:06.0069 3636  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:40:06.0101 3636  RasMan - ok
10:40:06.0132 3636  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:40:06.0163 3636  RasPppoe - ok
10:40:06.0194 3636  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:40:06.0210 3636  RasSstp - ok
10:40:06.0225 3636  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:40:06.0257 3636  rdbss - ok
10:40:06.0272 3636  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:40:06.0288 3636  rdpbus - ok
10:40:06.0288 3636  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:40:06.0319 3636  RDPCDD - ok
10:40:06.0335 3636  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:40:06.0366 3636  RDPENCDD - ok
10:40:06.0381 3636  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:40:06.0397 3636  RDPREFMP - ok
10:40:06.0459 3636  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:40:06.0475 3636  RdpVideoMiniport - ok
10:40:06.0506 3636  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:40:06.0537 3636  RDPWD - ok
10:40:06.0553 3636  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:40:06.0553 3636  rdyboost - ok
10:40:06.0600 3636  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:40:06.0631 3636  RemoteAccess - ok
10:40:06.0647 3636  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:40:06.0678 3636  RemoteRegistry - ok
10:40:06.0709 3636  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:40:06.0740 3636  RpcEptMapper - ok
10:40:06.0756 3636  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:40:06.0771 3636  RpcLocator - ok
10:40:06.0803 3636  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
10:40:06.0818 3636  RpcSs - ok
10:40:06.0881 3636  [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
10:40:06.0881 3636  RsFx0105 - ok
10:40:06.0896 3636  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:40:06.0927 3636  rspndr - ok
10:40:06.0974 3636  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:40:06.0990 3636  RTL8167 - ok
10:40:07.0005 3636  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
10:40:07.0005 3636  SamSs - ok
10:40:07.0037 3636  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:40:07.0052 3636  sbp2port - ok
10:40:07.0052 3636  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:40:07.0099 3636  SCardSvr - ok
10:40:07.0099 3636  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:40:07.0130 3636  scfilter - ok
10:40:07.0177 3636  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:40:07.0208 3636  Schedule - ok
10:40:07.0239 3636  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:40:07.0255 3636  SCPolicySvc - ok
10:40:07.0286 3636  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:40:07.0317 3636  SDRSVC - ok
10:40:07.0349 3636  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:40:07.0395 3636  secdrv - ok
10:40:07.0411 3636  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:40:07.0458 3636  seclogon - ok
10:40:07.0505 3636  [ 7198BBFBE46C0070257278C536386687 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
10:40:07.0520 3636  Secunia PSI Agent - ok
10:40:07.0536 3636  [ D2FCA567F9BE87E29B9A9FA32FFE79CA ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
10:40:07.0551 3636  Secunia Update Agent - ok
10:40:07.0551 3636  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
10:40:07.0583 3636  SENS - ok
10:40:07.0583 3636  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:40:07.0598 3636  SensrSvc - ok
10:40:07.0629 3636  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:40:07.0645 3636  Serenum - ok
10:40:07.0676 3636  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
10:40:07.0692 3636  Serial - ok
10:40:07.0707 3636  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:40:07.0723 3636  sermouse - ok
10:40:07.0754 3636  [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
10:40:07.0770 3636  ServiceLayer - ok
10:40:07.0801 3636  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:40:07.0817 3636  SessionEnv - ok
10:40:07.0848 3636  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:40:07.0848 3636  sffdisk - ok
10:40:07.0879 3636  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:40:07.0895 3636  sffp_mmc - ok
10:40:07.0895 3636  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:40:07.0910 3636  sffp_sd - ok
10:40:07.0926 3636  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:40:07.0926 3636  sfloppy - ok
10:40:07.0988 3636  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:40:08.0019 3636  SharedAccess - ok
10:40:08.0051 3636  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:40:08.0082 3636  ShellHWDetection - ok
10:40:08.0097 3636  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:40:08.0113 3636  SiSRaid2 - ok
10:40:08.0113 3636  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:40:08.0129 3636  SiSRaid4 - ok
10:40:08.0238 3636  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:40:08.0238 3636  SkypeUpdate - ok
10:40:08.0285 3636  [ 544788D536087DAF32B846F10D8392F5 ] SLEE_17_DRIVER  C:\Windows\Sleen1764.sys
10:40:08.0285 3636  SLEE_17_DRIVER - ok
10:40:08.0316 3636  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:40:08.0331 3636  Smb - ok
10:40:08.0363 3636  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:40:08.0378 3636  SNMPTRAP - ok
10:40:08.0534 3636  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
10:40:08.0550 3636  Sony PC Companion - ok
10:40:08.0550 3636  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:40:08.0550 3636  spldr - ok
10:40:08.0597 3636  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
10:40:08.0612 3636  Spooler - ok
10:40:08.0659 3636  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:40:08.0721 3636  sppsvc - ok
10:40:08.0737 3636  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:40:08.0768 3636  sppuinotify - ok
10:40:08.0909 3636  [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
10:40:08.0909 3636  SQLAgent$SQLEXPRESS - ok
10:40:08.0987 3636  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:40:08.0987 3636  SQLBrowser - ok
10:40:09.0049 3636  [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:40:09.0065 3636  SQLWriter - ok
10:40:09.0080 3636  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:40:09.0111 3636  srv - ok
10:40:09.0143 3636  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:40:09.0158 3636  srv2 - ok
10:40:09.0189 3636  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:40:09.0205 3636  srvnet - ok
10:40:09.0236 3636  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:40:09.0267 3636  SSDPSRV - ok
10:40:09.0283 3636  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:40:09.0330 3636  SstpSvc - ok
10:40:09.0330 3636  Steganos Volatile Disk - ok
10:40:09.0423 3636  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:40:09.0423 3636  Stereo Service - ok
10:40:09.0455 3636  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:40:09.0455 3636  stexstor - ok
10:40:09.0486 3636  [ 70D9E406A1170A801B0D9CCECF9D6914 ] STGMFEngine64   C:\Windows\system32\drivers\STGMFEngine64.sys
10:40:09.0501 3636  STGMFEngine64 - ok
10:40:09.0533 3636  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:40:09.0564 3636  stisvc - ok
10:40:09.0579 3636  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:40:09.0595 3636  swenum - ok
10:40:09.0626 3636  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
10:40:09.0657 3636  swprv - ok
10:40:09.0704 3636  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
10:40:09.0735 3636  SysMain - ok
10:40:09.0751 3636  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:40:09.0782 3636  TabletInputService - ok
10:40:09.0813 3636  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
10:40:09.0829 3636  tap0901 - ok
10:40:09.0845 3636  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:40:09.0876 3636  TapiSrv - ok
10:40:09.0923 3636  [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
10:40:09.0938 3636  tbhsd - ok
10:40:09.0954 3636  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
10:40:09.0969 3636  TBS - ok
10:40:10.0032 3636  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:40:10.0063 3636  Tcpip - ok
10:40:10.0079 3636  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:40:10.0110 3636  TCPIP6 - ok
10:40:10.0141 3636  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:40:10.0157 3636  tcpipreg - ok
10:40:10.0188 3636  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:40:10.0203 3636  TDPIPE - ok
10:40:10.0235 3636  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:40:10.0250 3636  TDTCP - ok
10:40:10.0281 3636  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:40:10.0297 3636  tdx - ok
10:40:10.0313 3636  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:40:10.0313 3636  TermDD - ok
10:40:10.0328 3636  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
10:40:10.0359 3636  TermService - ok
10:40:10.0359 3636  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:40:10.0391 3636  Themes - ok
10:40:10.0406 3636  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:40:10.0437 3636  THREADORDER - ok
10:40:10.0453 3636  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:40:10.0484 3636  TrkWks - ok
10:40:10.0531 3636  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:40:10.0562 3636  TrustedInstaller - ok
10:40:10.0578 3636  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:40:10.0609 3636  tssecsrv - ok
10:40:10.0656 3636  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:40:10.0671 3636  TsUsbFlt - ok
10:40:10.0703 3636  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:40:10.0734 3636  TsUsbGD - ok
10:40:10.0749 3636  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:40:10.0765 3636  tunnel - ok
10:40:10.0796 3636  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:40:10.0796 3636  uagp35 - ok
10:40:10.0812 3636  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:40:10.0859 3636  udfs - ok
10:40:10.0874 3636  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:40:10.0890 3636  UI0Detect - ok
10:40:10.0921 3636  [ BD955C54F7759F4833E8DF6BEE20849E ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
10:40:10.0937 3636  UimBus - ok
10:40:10.0952 3636  [ FF50AC44B6FCD61FEE4D5F3A5CED6E27 ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
10:40:10.0968 3636  Uim_IM - ok
10:40:11.0015 3636  [ F0430333EC10A151DE633D2362960BDE ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
10:40:11.0030 3636  Uim_VIM - ok
10:40:11.0046 3636  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:40:11.0061 3636  uliagpkx - ok
10:40:11.0077 3636  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:40:11.0093 3636  umbus - ok
10:40:11.0093 3636  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:40:11.0108 3636  UmPass - ok
10:40:11.0186 3636  [ FC43877B4625F6EB773C98233EB625C5 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:40:11.0217 3636  UNS - ok
10:40:11.0249 3636  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:40:11.0280 3636  upnphost - ok
10:40:11.0327 3636  [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
10:40:11.0342 3636  upperdev - ok
10:40:11.0405 3636  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:40:11.0405 3636  usbaudio - ok
10:40:11.0436 3636  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:40:11.0451 3636  usbccgp - ok
10:40:11.0467 3636  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:40:11.0483 3636  usbcir - ok
10:40:11.0498 3636  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:40:11.0514 3636  usbehci - ok
10:40:11.0529 3636  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:40:11.0545 3636  usbhub - ok
10:40:11.0576 3636  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:40:11.0592 3636  usbohci - ok
10:40:11.0607 3636  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:40:11.0623 3636  usbprint - ok
10:40:11.0670 3636  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:40:11.0685 3636  usbscan - ok
10:40:11.0701 3636  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
10:40:11.0732 3636  usbser - ok
10:40:11.0763 3636  [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
10:40:11.0779 3636  UsbserFilt - ok
10:40:11.0810 3636  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:40:11.0826 3636  USBSTOR - ok
10:40:11.0841 3636  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:40:11.0857 3636  usbuhci - ok
10:40:11.0919 3636  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:40:11.0935 3636  usbvideo - ok
10:40:11.0951 3636  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
10:40:11.0982 3636  UxSms - ok
10:40:11.0997 3636  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:40:11.0997 3636  VaultSvc - ok
10:40:12.0013 3636  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:40:12.0029 3636  vdrvroot - ok
10:40:12.0044 3636  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
10:40:12.0075 3636  vds - ok
10:40:12.0091 3636  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:40:12.0107 3636  vga - ok
10:40:12.0138 3636  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:40:12.0185 3636  VgaSave - ok
10:40:12.0247 3636  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:40:12.0263 3636  vhdmp - ok
10:40:12.0278 3636  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:40:12.0294 3636  viaide - ok
10:40:12.0325 3636  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:40:12.0325 3636  volmgr - ok
10:40:12.0341 3636  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:40:12.0356 3636  volmgrx - ok
10:40:12.0403 3636  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:40:12.0403 3636  volsnap - ok
10:40:12.0434 3636  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:40:12.0450 3636  vsmraid - ok
10:40:12.0481 3636  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
10:40:12.0528 3636  VSS - ok
10:40:12.0543 3636  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:40:12.0559 3636  vwifibus - ok
10:40:12.0575 3636  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:40:12.0606 3636  vwififlt - ok
10:40:12.0621 3636  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
10:40:12.0653 3636  W32Time - ok
10:40:12.0668 3636  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:40:12.0668 3636  WacomPen - ok
10:40:12.0684 3636  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:40:12.0699 3636  WANARP - ok
10:40:12.0699 3636  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:40:12.0731 3636  Wanarpv6 - ok
10:40:12.0793 3636  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:40:12.0809 3636  WatAdminSvc - ok
10:40:12.0840 3636  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:40:12.0887 3636  wbengine - ok
10:40:12.0902 3636  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:40:12.0918 3636  WbioSrvc - ok
10:40:12.0949 3636  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:40:12.0949 3636  wcncsvc - ok
10:40:12.0965 3636  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:40:12.0996 3636  WcsPlugInService - ok
10:40:13.0011 3636  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
10:40:13.0027 3636  Wd - ok
10:40:13.0074 3636  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:40:13.0089 3636  Wdf01000 - ok
10:40:13.0105 3636  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:40:13.0121 3636  WdiServiceHost - ok
10:40:13.0121 3636  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:40:13.0136 3636  WdiSystemHost - ok
10:40:13.0152 3636  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
10:40:13.0167 3636  WebClient - ok
10:40:13.0183 3636  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:40:13.0214 3636  Wecsvc - ok
10:40:13.0214 3636  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:40:13.0245 3636  wercplsupport - ok
10:40:13.0277 3636  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:40:13.0292 3636  WerSvc - ok
10:40:13.0308 3636  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:40:13.0339 3636  WfpLwf - ok
10:40:13.0355 3636  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:40:13.0355 3636  WIMMount - ok
10:40:13.0386 3636  WinDefend - ok
10:40:13.0401 3636  WinHttpAutoProxySvc - ok
10:40:13.0448 3636  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:40:13.0479 3636  Winmgmt - ok
10:40:13.0526 3636  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
10:40:13.0573 3636  WinRM - ok
10:40:13.0620 3636  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:40:13.0635 3636  WinUsb - ok
10:40:13.0667 3636  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:40:13.0682 3636  Wlansvc - ok
10:40:13.0729 3636  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:40:13.0745 3636  wlcrasvc - ok
10:40:13.0791 3636  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:40:13.0823 3636  wlidsvc - ok
10:40:13.0838 3636  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:40:13.0854 3636  WmiAcpi - ok
10:40:13.0885 3636  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:40:13.0885 3636  wmiApSrv - ok
10:40:13.0901 3636  WMPNetworkSvc - ok
10:40:13.0916 3636  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:40:13.0947 3636  WPCSvc - ok
10:40:13.0963 3636  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:40:13.0963 3636  WPDBusEnum - ok
10:40:13.0979 3636  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:40:14.0025 3636  ws2ifsl - ok
10:40:14.0057 3636  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
10:40:14.0057 3636  wscsvc - ok
10:40:14.0072 3636  WSearch - ok
10:40:14.0088 3636  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
10:40:14.0103 3636  wsvd - ok
10:40:14.0150 3636  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:40:14.0197 3636  wuauserv - ok
10:40:14.0228 3636  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:40:14.0275 3636  WudfPf - ok
10:40:14.0291 3636  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:14.0306 3636  WUDFRd - ok
10:40:14.0322 3636  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:40:14.0337 3636  wudfsvc - ok
10:40:14.0369 3636  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:40:14.0400 3636  WwanSvc - ok
10:40:14.0431 3636  ================ Scan global ===============================
10:40:14.0478 3636  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:40:14.0525 3636  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:40:14.0525 3636  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:40:14.0556 3636  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:40:14.0571 3636  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:40:14.0587 3636  [Global] - ok
10:40:14.0587 3636  ================ Scan MBR ==================================
10:40:14.0587 3636  [ 5D949EEA3BEEC2DF38A2D7900AD89A60 ] \Device\Harddisk0\DR0
10:40:16.0085 3636  \Device\Harddisk0\DR0 - ok
10:40:16.0085 3636  ================ Scan VBR ==================================
10:40:16.0085 3636  [ ED705AB412008FFB3D967C026FA11FD4 ] \Device\Harddisk0\DR0\Partition1
10:40:16.0085 3636  \Device\Harddisk0\DR0\Partition1 - ok
10:40:16.0100 3636  [ 6ED874C8EA630895F8243CE81C8C8E8C ] \Device\Harddisk0\DR0\Partition2
10:40:16.0116 3636  \Device\Harddisk0\DR0\Partition2 - ok
10:40:16.0131 3636  [ 7A05E3D48A047CE8023BF882583545F6 ] \Device\Harddisk0\DR0\Partition3
10:40:16.0131 3636  \Device\Harddisk0\DR0\Partition3 - ok
10:40:16.0131 3636  ============================================================
10:40:16.0131 3636  Scan finished
10:40:16.0131 3636  ============================================================
10:40:16.0131 4300  Detected object count: 0
10:40:16.0131 4300  Actual detected object count: 0
10:40:38.0705 3908  Deinitialize success
         

Alt 30.05.2013, 11:15   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2013, 12:25   #15
jPPütz
 
Googlelinks/Links werden umgeleitet - Standard

Googlelinks/Links werden umgeleitet



JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 30.05.2013 at 12:27:34,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1749649401-1888572752-1075402513-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\wondershare"
Successfully deleted: [Folder] "C:\Users\***\appdata\local\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\software informer"
Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\Wondershare"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{05481C35-9FBD-445E-9125-269AAAAB8E60}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{05B04FB6-174C-4C4F-B58A-01C55ED2EF84}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{0BF64BBD-B97F-44D1-8462-1601E5CF4927}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{108474C7-FDD9-489B-B073-639C0F274ED7}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1474AD3B-27F7-44D5-A3D1-844FF09C9BFA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{14EBDE83-5600-4400-97AA-9715D2DF5D01}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{153973F8-75CD-4664-8227-C72AA2D9074E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{165AF29A-7AC3-4BB3-A7FD-7D9475A86920}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{18C4D6F9-1976-4649-B87A-B30D88A9ADEC}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{1C8A8FD6-8E51-446F-91EA-C1DE58ECB045}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{210F97AF-3047-4B5F-8BDD-C0D5470761CF}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{21302B2A-8E94-422B-8A35-9D66D966CB63}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{21A6D6AB-4C40-43CD-8B76-0D67FE78E6B8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{220B47AC-F4AD-41CA-8A17-46515DE1315E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2618CAF3-FDAF-4B40-8593-9821480965C8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2DA40E8F-C073-4B01-A55D-22440A342F61}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{2FAAE837-C6A3-4FA2-824F-8F44926599AA}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{30C1F8C1-2E39-4054-84A5-555772521A7D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3370D344-B311-4D75-8D3F-0D773D60EA0A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{3554DA0E-1377-4D6F-8FA4-5E4634C57205}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{41ED5852-D81F-400F-8CB1-DBA6B4A7C931}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{490E3D75-11B6-49C5-84B7-3E8B0893DCA4}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4D2A1725-0F2A-4685-84F9-EA50727B0752}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4D64E77D-659E-4855-A8E2-7648ACE5677E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{4E7222C4-86A8-4F45-9D2D-BF753335FFAE}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{5AC33951-FB1F-448D-965F-9C8A3FF0D0E5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6AC6ACEA-F4CB-4388-B3DB-9BDFC9E40DF6}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6E640453-21D5-4B5D-A22C-18128F39EA89}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{6ED4C124-82F4-45FA-B947-D245F1765802}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{722EE67B-598E-49FB-AFA2-CD2E6FEC4E91}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{75C7A1DB-92A5-46D9-B784-51749569607A}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{77A96C81-0051-41A3-9918-A2355C2BAB68}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8263FE07-DDA4-458B-9E0E-74CFF1CE9054}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{82961210-2EA8-4536-817C-B901E6FAB0C1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{86A95F8C-1F20-4906-ADF1-3E7EB4134DE0}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8B2442D1-7D82-461D-A6BB-F5043AE0E8E8}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8F20E4A7-9290-475A-A14B-76C9A1407346}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{8F845D1B-9EFB-4EE7-B2C4-1DA5A89DC67B}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{92C0BDD8-419B-4632-A1D7-C76156EAC022}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9C5AF6A1-3C98-4AB0-8838-1ADEF967FCA2}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9D0E410F-056F-4228-8D1B-FEFB520C5243}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{9D6DF67E-48D6-43EC-9210-C06AA0131188}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A1F39671-C3D1-4BD5-8E41-051162F06380}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A491C216-90AD-491E-A035-137B67B79E05}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{A761541E-3C1C-46B9-A34F-4A90989CF84D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B04A629B-6FD1-44F7-8B31-73497EFC37D5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B63C9BEA-1A67-47BA-A851-118112007E26}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{B77BB212-FE9B-4FBE-B44B-1928F2A32D3F}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BE3E6E26-F2AD-4F0F-A8A5-CF5C5807E175}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{BE8F4CD5-007E-4096-A973-AE4A825CBFD5}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{C56FEB50-07D1-4DB3-A239-D5F8BFC2AE1D}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CBC54094-1866-4848-AEC3-0F1E758204B3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{CC85E62F-2AFF-40B5-8335-D5D3790C04DF}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D0A5BD75-6024-4A3B-96DC-EBFF85F5EFB9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D176584B-4547-48F7-865B-6B161B62B18E}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D1D3A96F-CF2C-43F1-8771-C69D258E732C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D5EAAB9C-5142-49A1-8D02-08DE92805A56}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{D72B845F-56FC-4BFA-A6A3-039134F0B446}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{DC3FB0D8-0BEA-4436-8865-86CF33248BD9}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{EA6576A2-4925-48A1-AE64-728E8748FBBB}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{ED0DF6EB-6C60-4E84-9FB0-C33DA45B19F1}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{EDFEF442-9F97-47E4-82D2-3EEBD7F9597C}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{F1A6B665-D0BF-4394-A813-4459F0652BA3}
Successfully deleted: [Empty Folder] C:\Users\***\appdata\local\{FD02E3B8-0479-4558-A1F4-706096D6F75D}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2013 at 12:29:51,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
AdwCleaner

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 30/05/2013 um 12:41:05 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6r5uir6n.tarnfox\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6r5uir6n.tarnfox\searchplugins\claro.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\searchplugins\claro.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkg3fotr.FF6\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkg3fotr.FF6\searchplugins\claro.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\***\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6r5uir6n.tarnfox\jetpack
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\jetpack
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkg3fotr.FF6\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OCS

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6r5uir6n.tarnfox\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6r5uir6n.tarnfox\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "fa252e1200000000000000ff47ed28cd");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15688");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109727&tt=5012_8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.916:06:43");

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\99lhhtf4.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "fa252e1200000000000000ff47ed28cd");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15688");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109727&tt=5012_8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=120133&babsrc[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.916:06:42");
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "fa252e1200000000000000ff47ed28cd");
Gelöscht : user_pref("extensions.claro.instlDay", "15745");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro.tlbrId", "base");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gelöscht : user_pref("extensions.claro_i.excTlbr", false);
Gelöscht : user_pref("extensions.claro_i.newTab", false);
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.515:40:20");
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1304173279);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "bdsm%20servcies||neuer%20pc%20l%C3%BCfter%20summt||nokia%20x2%20dat[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1304173279");
Gelöscht : user_pref("icqtoolbar.newtab_state", "0");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "4.0.1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "130409348313040934831304173279355");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1304260154);
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 5);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkg3fotr.FF6\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkg3fotr.FF6\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2523] : homepage = "hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=fa252e1200000000000000[...]

-\\ Opera v12.14.1738.0

Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [11866 octets] - [30/05/2013 12:41:05]

########## EOF - C:\AdwCleaner[S1].txt - [11927 octets] ##########
         
OTL.txt

Code:
ATTFilter
OTL logfile created on: 5/30/2013 12:58:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 80.44% Memory free
15.95 Gb Paging File | 14.21 Gb Available in Paging File | 89.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 642.00 Gb Free Space | 35.05% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 11.93 Gb Free Space | 39.76% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.21 Mb Free Space | 71.21% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ocster_1clk_backup) -- c:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe ()
SRV:64bit: - (CGVPNCliSrvc) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (Steganos Volatile Disk) -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe (Softwareentwicklung Remus - ArchiCrypt)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (PSSDK42) -- C:\Windows\SysNative\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV:64bit: - (DigiartyVirtualCDBus) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys (Digiarty Software, Inc.)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)
DRV:64bit: - (STGMFEngine64) -- C:\Windows\SysNative\drivers\STGMFEngine64.sys (Softwareentwicklung Remus - ArchiCrypt.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (oodrvled) -- C:\Windows\SysNative\drivers\OODrvled.sys (O&O Software GmbH)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (SLEE_17_DRIVER) -- C:\Windows\SleeN1764.sys (Softwareentwicklung Remus - ArchiCrypt - )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\..\SearchScopes\{353E8332-C635-4408-B21A-8D11376775F3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_de
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\..\SearchScopes\{961737C4-F3E3-4849-B7EA-4A64EE3B9FCF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang=de&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1749649401-1888572752-1075402513-1017\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledAddons: AppTabNavBGone%40FireFox:1.0
FF - prefs.js..extensions.enabledAddons: savesession%40noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B8A6C82A1-F6C9-481a-AAE7-C96444C9A754%7D:6.2.0
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.5
FF - prefs.js..extensions.enabledAddons: SoundFrost%40helper.com:3.7.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "212.88.157.205 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox6\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files (x86)\AceBIT\Password Depot 6\Firefox\ [2012/09/21 17:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox6\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox6\plugins [2013/05/23 18:26:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/29 20:44:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SoundFrost@helper.com: C:\Program Files (x86)\SoundFrost\SoundFrost.xpi [2013/05/20 11:21:23 | 000,038,116 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox6\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox6\plugins [2013/05/23 18:26:28 | 000,000,000 | ---D | M]
 
[2011/04/29 18:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013/05/30 12:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions
[2012/04/02 11:06:18 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions\clickclean@hotcleaner.com
[2013/05/30 12:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions
[2012/10/08 18:52:02 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/11/30 20:55:24 | 000,000,000 | ---D | M] (PrefBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754}
[2013/05/29 13:55:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/05/30 12:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkg3fotr.FF6\extensions
[2012/03/30 13:05:12 | 000,035,695 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\facebook@disconnect.me.xpi
[2012/05/09 18:21:22 | 000,272,844 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012/03/30 13:05:12 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\longurlplease@darragh.curran.xpi
[2012/05/09 19:12:45 | 000,181,880 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\stealthyextension@gmail.com.xpi
[2012/03/30 13:05:12 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\trackerblock@privacychoice.org.xpi
[2012/06/03 17:54:23 | 000,524,866 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/03/30 13:05:12 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/04 15:04:18 | 000,010,219 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\AppTabNavBGone@FireFox.xpi
[2011/11/06 19:01:39 | 000,011,238 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\autohidetabbar@tiptt.blogspot.com.xpi
[2013/04/20 19:10:50 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\compatibility@addons.mozilla.org.xpi
[2012/07/06 17:51:31 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/01/08 22:06:42 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\isreaditlater@ideashower.com.xpi
[2011/04/29 18:52:04 | 000,013,039 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\savesession@noasobi.net.xpi
[2012/09/12 18:45:53 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\testpilot@labs.mozilla.com.xpi
[2011/09/12 18:18:09 | 000,972,420 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{3cd27e92-1a30-11da-94c6-00e08161165f}.xpi
[2013/05/02 18:01:40 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2013/05/25 19:19:32 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/17 21:30:17 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/12/11 20:44:51 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/08 19:59:31 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/23 18:29:46 | 000,395,933 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2011/10/29 20:48:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/05/23 21:07:33 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011/08/15 14:52:17 | 000,588,498 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkg3fotr.FF6\extensions\testpilot@labs.mozilla.com.xpi
[2011/09/18 20:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/20 11:21:23 | 000,038,116 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\SOUNDFROST\SOUNDFROST.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{8A6C82A1-F6C9-481A-AAE7-C96444C9A754}
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\APPTABNAVBGONE@FIREFOX.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\SAVESESSION@NOASOBI.NET.XPI
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: J3S cbasscfg Plugin (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\User Data\Default\Extensions\godhaonflehefmbmgmlpenkpagcplgoa\1.0.26_0\cbasscfg.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npwachk.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Voice Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.1.1_0\
CHR - Extension: Password Depot Browser Extension for Google Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkcgcjpeajeajpcpbdbgbknfaijnpdc\6.1.6_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: SoundFrost = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikglikieapkdofgcaifhkgmkclbamcm\3.7.0_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013/05/29 14:41:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn64.dll (AceBIT)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SoundFrost) - {081524f7-7ed8-43ff-b01e-915c410a9cbe} - C:\PROGRA~2\SOUNDF~1\SOUNDF~1.DLL File not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O3 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000..\Run: [Password Depot] C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O4 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1017..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1017..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1017..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1749649401-1888572752-1075402513-1017\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3670E1BA-272C-4AD6-9B24-F5090D9A727D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D49D72A-73C8-416F-AC56-5057BACB0B4C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E3C0950-82AC-4CA4-BA5C-5553F4EADEF1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBCBA93C-83CE-4B24-8FCB-CC70CDAD0B93}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/14 17:51:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/30 12:56:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OTL
[2013/05/30 12:56:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Defogger
[2013/05/30 12:55:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\gmer
[2013/05/30 12:54:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TDSSKiller
[2013/05/30 12:54:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\aswMBR
[2013/05/30 12:27:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/30 12:26:55 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/30 12:26:12 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013/05/30 10:30:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/29 17:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/05/29 17:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/29 17:06:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar-1.06.0.1003
[2013/05/29 14:43:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/29 14:30:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/29 14:30:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/29 14:30:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/29 14:29:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/29 14:29:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/29 14:26:57 | 005,073,804 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013/05/25 11:27:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013/05/24 14:07:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/23 18:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox6
[2013/05/20 12:44:32 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2013/05/20 12:44:32 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2013/05/20 12:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2013/05/20 12:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2013/05/20 12:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/05/20 12:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/05/20 12:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013/05/20 11:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundFrost
[2013/05/20 11:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundFrost
[2013/05/17 22:23:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/17 22:23:14 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/17 22:23:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/05/17 22:23:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/17 22:23:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/05/17 22:23:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/05/17 22:23:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/05/17 22:23:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/17 22:23:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/05/17 22:23:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/05/17 22:23:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/05/17 22:23:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/05/17 22:23:10 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/17 22:23:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/17 22:23:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/17 21:51:35 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/17 21:51:35 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/17 21:50:30 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/17 21:50:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/17 21:50:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/17 21:50:29 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/17 21:50:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/17 21:21:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kursfahrt London 2013
[2013/05/11 12:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ocster 1-Click Backup
[2013/05/02 19:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NSS
[2013/05/02 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NSS
[2013/05/01 11:27:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Religion
[2011/05/19 00:56:23 | 000,266,240 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\vbalTreeView6.ocx
[2011/05/19 00:56:23 | 000,122,880 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\cPopMenu6.ocx
[2011/05/19 00:56:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\SSubTmr6.dll
[2011/05/18 23:56:23 | 000,266,240 | ---- | C] (vbAccelerator) -- C:\Program Files\vbalTreeView6.ocx
[2011/05/18 23:56:23 | 000,122,880 | ---- | C] (vbAccelerator) -- C:\Program Files\cPopMenu6.ocx
[2011/05/18 23:56:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Program Files\SSubTmr6.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/30 12:59:16 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/30 12:59:16 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/30 12:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/30 12:51:11 | 2128,744,447 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/30 12:50:14 | 000,016,996 | ---- | M] () -- C:\Windows\SysNative\log.xml
[2013/05/30 12:50:14 | 000,000,008 | ---- | M] () -- C:\Windows\SysNative\log-suffix.xml
[2013/05/30 12:42:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/30 12:33:52 | 000,632,031 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013/05/30 12:26:26 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013/05/29 14:41:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/29 14:27:26 | 005,073,804 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013/05/28 13:58:02 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2013/05/27 17:36:48 | 001,800,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/27 17:36:48 | 000,763,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/27 17:36:48 | 000,718,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/27 17:36:48 | 000,173,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/27 17:36:48 | 000,146,344 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/25 11:27:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013/05/25 11:25:54 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013/05/24 14:53:18 | 075,187,200 | ---- | M] () -- C:\Users\***\backup.pst
[2013/05/20 12:49:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/05/20 12:49:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/05/20 12:44:32 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2013/05/20 12:44:32 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2013/05/20 11:21:24 | 000,000,306 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2013/05/18 21:00:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/18 21:00:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/18 20:55:53 | 000,356,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/17 21:16:40 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/17 21:16:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/11 12:00:35 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Ocster 1-Click Backup.lnk
[2013/05/02 19:38:04 | 000,000,070 | ---- | M] () -- C:\Windows\SysWow64\NSS.ini
[2013/05/01 18:46:07 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/30 12:33:27 | 000,632,031 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013/05/29 14:30:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/29 14:30:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/29 14:30:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/29 14:30:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/29 14:30:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/25 11:25:54 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013/05/20 12:49:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/05/20 12:49:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/05/20 11:21:24 | 000,000,306 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2013/05/11 12:00:35 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Ocster 1-Click Backup.lnk
[2013/05/02 19:19:05 | 000,000,070 | ---- | C] () -- C:\Windows\SysWow64\NSS.ini
[2013/04/02 16:03:17 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\CIUtils.dll
[2013/02/02 13:50:47 | 000,000,625 | ---- | C] () -- C:\Users\***\jshrink.ini
[2013/01/21 19:21:30 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini
[2012/12/14 17:05:46 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/12/14 16:39:05 | 000,000,050 | ---- | C] () -- C:\Users\***\.j2e
[2012/12/11 15:49:57 | 000,000,851 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012/12/10 18:39:30 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/12/05 18:47:18 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012/10/17 19:39:04 | 000,000,155 | ---- | C] () -- C:\Users\***\.appletviewer
[2012/09/28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/21 17:06:44 | 000,003,072 | ---- | C] () -- C:\Users\***\AppData\Local\file__0.localstorage
[2012/05/13 17:32:28 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012/03/22 16:52:45 | 000,000,725 | ---- | C] () -- C:\Users\***\*** - Verknüpfung.lnk
[2012/03/02 20:51:48 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
[2012/03/02 20:51:48 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
[2012/03/02 20:51:48 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
[2012/03/02 20:51:48 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
[2011/12/11 13:52:54 | 000,000,007 | ---- | C] () -- C:\Program Files\amsd20.dat
[2011/11/07 19:12:43 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011/09/01 17:42:19 | 000,000,849 | ---- | C] () -- C:\Users\***\SciTE.session
[2011/08/30 17:12:14 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011/08/29 17:08:59 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011/07/16 20:44:10 | 001,777,024 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/06 14:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011/06/29 20:36:37 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/06/29 20:36:37 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/06/29 20:36:37 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/06/29 20:25:52 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/06/29 20:22:55 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/06/29 20:22:55 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011/06/29 20:22:55 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011/05/13 21:18:55 | 000,000,077 | ---- | C] () -- C:\Users\***\Lizenz.omegakey
[2011/04/30 20:26:37 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011/04/30 20:06:22 | 000,000,936 | ---- | C] () -- C:\Users\***\Konten speicherung.OPS - Verknüpfung.lnk
[2011/04/30 18:39:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/30 17:19:20 | 075,187,200 | ---- | C] () -- C:\Users\***\backup.pst
[2011/04/05 18:38:08 | 002,595,740 | ---- | C] () -- C:\Users\***\Powerpoint.zip
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:EEDA5B17
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:C39AA0B1
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:1CE11B51

< End of report >
         

Antwort

Themen zu Googlelinks/Links werden umgeleitet
.com, adobe, bho, cyberghost, defender, ebanking, ebay, excel, expert pdf, explorer, firefox, flash player, format, free download, google, home, internet, malware, mozilla, mp3, nvidia, realtek, registry, secunia psi, security, software, tastatur, temp, usb, windows



Ähnliche Themen: Googlelinks/Links werden umgeleitet


  1. Googlelinks/Links werden umgeleitet
    Alles rund um Windows - 26.05.2013 (8)
  2. PUP.OfferBundler.ST googlelinks werden umgeleitet.
    Log-Analyse und Auswertung - 06.09.2012 (7)
  3. Google-Links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (22)
  4. google links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (6)
  5. Dringend! Google Links werden umgeleitet - OTL & GMER werden von Virus beendet
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (1)
  6. google links werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (18)
  7. Google Suchergebnisse und Links werden umgeleitet
    Log-Analyse und Auswertung - 24.09.2010 (16)
  8. google links werden falsch umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (7)
  9. links werden umgeleitet und werbe-links öffnen sich von allein (firefox)
    Log-Analyse und Auswertung - 08.04.2010 (18)
  10. firefox: links werden umgeleitet und werbe-links öffnen sich von allein
    Log-Analyse und Auswertung - 30.03.2010 (11)
  11. Links werden umgeleitet
    Log-Analyse und Auswertung - 10.10.2009 (11)
  12. Browser - Links werden auf Werbeseiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (9)
  13. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 14.05.2009 (0)
  14. Links in Google werden umgeleitet
    Log-Analyse und Auswertung - 26.12.2008 (1)
  15. Google und Yahoo links werden umgeleitet
    Log-Analyse und Auswertung - 13.12.2008 (1)
  16. Google Links werden umgeleitet
    Log-Analyse und Auswertung - 09.09.2008 (5)
  17. Google links werden umgeleitet
    Log-Analyse und Auswertung - 02.10.2006 (4)

Zum Thema Googlelinks/Links werden umgeleitet - Hallo, Habe ein Probleme mit Googletreffern bzw. allgemein Links. Mein Problem: Ich Suche etwas über die normale Googlesuche und es erscheinen Treffer. Darüber die normal Google Adworksanzeigen. Nur sind oftmals - Googlelinks/Links werden umgeleitet...
Archiv
Du betrachtest: Googlelinks/Links werden umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.