| |
| |||||||
Log-Analyse und Auswertung: Win32/Small.CA-Virus entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
04.07.2013, 22:46
| #1 |
| |  Win32/Small.CA-Virus entfernen Hallo Zusammen, mein Windows Wartungscenter bringt mir folgende Fehlermeldung Win32/Small.CA-Virus entfernen. Ich habe mit Avira Free Antivirus meinen Rechner gescannt. Nach 1 oder 2 Abstürtzen hat Avira nichts gefunden. Der Rechner stürtzt regelmäßig ab. Oft erscheint die Fehlermeldung "Windows muss neu gestartet werden, weil der Dienst Stromversorgung unerwartet beendet wurde", oder "...der DCOM Server Prozessunerwartet beendet wurde". Ich habe die ersten 3 Schritte der Anleitung durchgeführt und die Files hier angefügt. Wäre klasse, wenn jemand trotz des tollen Wetters weiterhelfen kann  .Vielen Dank und guten Abend Peppone OTL logfile created on: 04.07.2013 20:54:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,54% Memory free 6,50 Gb Paging File | 5,39 Gb Available in Paging File | 83,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1300,79 Gb Free Space | 94,52% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,53% Space Free | Partition Type: NTFS Computer Name: HANS-PC | User Name: Hans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.04 20:30:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe PRC - [2013.07.04 20:18:56 | 000,050,477 | ---- | M] () -- C:\Users\Hans\Desktop\Defogger.exe PRC - [2013.07.02 21:10:12 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.02 21:09:19 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2013.07.02 21:09:13 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.07.02 21:09:05 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.07.02 21:09:05 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.01 13:00:26 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Programme\Ask.com\CallingIDSDK\CIDGlobalLight.exe PRC - [2013.04.01 12:59:32 | 001,646,216 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013.07.04 20:18:56 | 000,050,477 | ---- | M] () -- C:\Users\Hans\Desktop\Defogger.exe MOD - [2013.07.01 22:14:52 | 011,914,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ce6b7579fbb77330560e9122d1cf6526\System.Web.ni.dll MOD - [2013.07.01 22:14:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll MOD - [2013.05.14 22:46:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.14 22:45:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.01.10 08:10:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 08:09:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 08:09:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 08:09:20 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.02 11:33:39 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3660.33486__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard. dll MOD - [2010.02.02 11:33:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3660.33443__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3660.33319__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3660.33396__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3660.33397__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3660.33417__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3660.33329__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3660.33444__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3660.33395__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3660.33388__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2010.02.02 11:33:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3660.33338__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3660.33330__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2010.02.02 11:33:39 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3660.33487__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3660.33482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dash board.dll MOD - [2010.02.02 11:33:38 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3660.33379__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3660.33458__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3660.33346__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2010.02.02 11:33:38 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3660.33410__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.02.02 11:33:38 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3660.33371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3660.33378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3660.33385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2010.02.02 11:33:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3660.33457__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3660.33384__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3660.33351__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2010.02.02 11:33:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3660.33386__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3639.21544__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3639.21529__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3639.21799__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3639.21677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3639.21772__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3639.21517__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3639.21518__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3639.21922__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.02 11:33:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3639.21571__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3639.21582__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3639.21557__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3639.21776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3639.21569__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3639.21562__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3639.21599__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3639.21620__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3639.21566__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3639.21663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3639.21591__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3639.21613__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3639.21806__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3639.21789__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3639.21606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3639.21788__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.02 11:33:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.02.02 11:33:36 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3660.33325__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.02 11:33:36 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3660.33479__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll MOD - [2010.02.02 11:33:36 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3660.33428__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.02 11:33:36 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3660.33337__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.02 11:33:36 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3660.33436__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3660.33434__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3639.21679__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3660.33316__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3639.21608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3660.33315__90ba9c70f846762e\APM.Server.dll MOD - [2010.02.02 11:33:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3660.33318__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3639.21609__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3639.21670__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3639.21589__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3660.33314__90ba9c70f846762e\AEM.Server.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3660.33451__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3639.21551__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3639.21578__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3639.21577__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3639.21601__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3639.21521__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3639.21666__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3639.21623__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3639.21565__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3639.21594__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3639.21673__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3639.21539__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3639.21592__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3639.21596__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3639.21681__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3639.21611__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3639.21604__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.02.02 11:33:36 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3660.33435__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3639.21570__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.02 11:33:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3660.33313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2013.07.03 21:11:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.07.02 21:10:12 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.02 21:09:19 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.07.02 21:09:05 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.12 19:11:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2013.03.06 15:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.27 12:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.02.27 12:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.09.19 05:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.09.19 05:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2009.09.19 05:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Hans\Pictures\Marie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.org/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{4D4694B9-385C-4AA2-82E8-3B56C804C15A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{71B7257F-4F9F-4078-B632-64B3276F960D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{EAD3B8FA-F916-4B42-ABED-F253FA45906E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=4de61975-5fbb-4e3d-a009-48862bf7b4e8&apn_sauid=23239F00-747E-4ED5-869E-7722D78292EC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "about:home|hxxp://ecosia.org/" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.24.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.22 10:42:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.03 21:11:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.22 10:42:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.03 21:11:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.26 14:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Extensions [2013.04.19 19:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Firefox\Profiles\prpzkjhg.default-1351854918632\extensions [2013.04.19 19:54:45 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Hans\AppData\Roaming\mozilla\Firefox\Profiles\prpzkjhg.default-1351854918632\extensions\toolbar@ask.com [2013.04.19 19:54:46 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\firefox\profiles\prpzkjhg.default-1351854918632\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2013.07.03 22:08:52 | 000,002,413 | ---- | M] () -- C:\Users\Hans\AppData\Roaming\mozilla\firefox\profiles\prpzkjhg.default-1351854918632\searchplugins\askcom.xml [2013.07.03 21:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.03 21:11:45 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.03.15 17:46:08 | 000,000,911 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxp://stulde2.mail.intranet.mahle/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vpn1.mahle.com/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C15B7B-3473-408D-807F-5F983914D6BB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c64381a-ee90-11df-8554-40618699ebd4}\Shell - "" = AutoRun O33 - MountPoints2\{0c64381a-ee90-11df-8554-40618699ebd4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 20:30:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe [2013.07.03 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.06.22 21:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.06.09 10:31:09 | 000,000,000 | ---D | C] -- C:\Users\Hans\Documents\Krankenversicherung SDK [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.04 20:57:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.04 20:30:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe [2013.07.04 20:29:25 | 000,000,000 | ---- | M] () -- C:\Users\Hans\defogger_reenable [2013.07.04 20:20:11 | 000,000,168 | ---- | M] () -- C:\Users\Hans\Desktop\New Internet Shortcut.url [2013.07.04 20:18:56 | 000,050,477 | ---- | M] () -- C:\Users\Hans\Desktop\Defogger.exe [2013.07.04 20:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.04 20:08:57 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 20:08:57 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 20:04:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd997c7a355a48.job [2013.07.04 20:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.04 20:01:23 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2013.07.02 21:10:27 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys [2013.07.01 22:12:53 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.01 22:12:53 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.01 22:12:53 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.01 22:12:53 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.27 16:54:02 | 360,120,221 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.23 10:30:00 | 000,000,111 | -H-- | M] () -- C:\Users\Hans\Documents\.~lock.Entliehene Bücher Tina.odt# [2013.06.22 21:53:59 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.21 08:35:37 | 000,001,054 | ---- | M] () -- C:\Users\Hans\Desktop\Mobile USB Modem 1.0 - Verknüpfung.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.04 20:29:25 | 000,000,000 | ---- | C] () -- C:\Users\Hans\defogger_reenable [2013.07.04 20:20:01 | 000,000,168 | ---- | C] () -- C:\Users\Hans\Desktop\New Internet Shortcut.url [2013.07.04 20:18:54 | 000,050,477 | ---- | C] () -- C:\Users\Hans\Desktop\Defogger.exe [2013.06.23 10:30:00 | 000,000,111 | -H-- | C] () -- C:\Users\Hans\Documents\.~lock.Entliehene Bücher Tina.odt# [2013.06.22 21:53:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.22 21:53:59 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.21 08:35:37 | 000,001,054 | ---- | C] () -- C:\Users\Hans\Desktop\Mobile USB Modem 1.0 - Verknüpfung.lnk [2012.05.06 20:49:25 | 000,017,408 | ---- | C] () -- C:\Users\Hans\AppData\Local\WebpageIcons.db [2011.11.12 01:03:47 | 000,000,000 | ---- | C] () -- C:\Users\Hans\AppData\Local\{F6A931C8-C935-4E9F-828C-5E8DC016BA88} [2011.01.19 19:25:54 | 000,001,940 | ---- | C] () -- C:\Users\Hans\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.03 06:45:47 | 000,000,000 | ---- | C] () -- C:\Users\Hans\AppData\Roaming\wklnhst.dat [2010.11.20 08:08:20 | 000,016,896 | ---- | C] () -- C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.12 19:15:45 | 000,007,605 | ---- | C] () -- C:\Users\Hans\AppData\Local\Resmon.ResmonCfg [2010.06.01 21:28:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.04.07 06:59:12 | 000,000,680 | RHS- | C] () -- C:\Users\Hans\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.05.20 23:57:09 | 000,000,000 | -HSD | M] -- C:\Users\Hans\AppData\Roaming\.# [2010.05.17 19:52:26 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\ALDI_SUED_Mah_Jong [2011.10.13 21:51:23 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Amazon [2012.11.16 18:48:42 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\elsterformular [2011.06.18 12:41:50 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Mp3tag [2010.06.03 11:25:32 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\OpenOffice.org [2012.01.01 18:25:30 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\ProtectDISC [2011.01.03 06:45:52 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Template [2010.10.24 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Tific [2010.05.10 06:33:13 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL Extras logfile created on: 04.07.2013 20:54:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,54% Memory free 6,50 Gb Paging File | 5,39 Gb Available in Paging File | 83,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1300,79 Gb Free Space | 94,52% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,53% Space Free | Partition Type: NTFS Computer Name: HANS-PC | User Name: Hans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Meine CEWE FOTOWELT] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{044D6B2C-9AB3-4C41-A7C8-9263C7E38EE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0A324E80-2F6D-44B4-BC15-200E93D0F744}" = rport=137 | protocol=17 | dir=out | app=system | "{0BABD92F-23C6-4736-89A5-3D74BB5936C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{1DE7637A-9B01-44A8-82E2-74215EE6C601}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F7450A0-0BD7-467E-8566-D74BE47AD1E2}" = rport=10243 | protocol=6 | dir=out | app=system | "{35A9BFFC-CBBD-45D3-9BF2-F8F5ABF894B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{49866BFD-EDB8-401F-9BFF-B0AE685E99AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{63A88686-FC4C-4DE8-A365-2D8A8F8D1B21}" = lport=445 | protocol=6 | dir=in | app=system | "{663D9FF7-6050-4E4B-B716-A71E81A00531}" = rport=139 | protocol=6 | dir=out | app=system | "{6975EC16-BFB5-43D7-AF3F-5FC8D9A36FFF}" = rport=445 | protocol=6 | dir=out | app=system | "{8A8F8418-73A9-429C-845E-05089CE3A4F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A4B7FFE9-D6EB-4AE0-B8C3-E2DBC47B6C0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A7591091-80E9-4AF0-A1CE-43DBF23B5385}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B41978D7-EED5-4363-839F-8780A43D0C3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C50B3350-D4EA-4968-ADEC-32E694058681}" = lport=138 | protocol=17 | dir=in | app=system | "{CBE5E4E2-5799-4062-B8DA-280FAD0E6050}" = lport=139 | protocol=6 | dir=in | app=system | "{CDB78CA8-B0BF-4A1D-945A-B4BCDB55917D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7B55B5A-0C43-44A9-A14C-FBEC2B8EF386}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E9BF06EE-41A0-45DC-9CC2-89734EFF1ACA}" = rport=138 | protocol=17 | dir=out | app=system | "{EBD44A1A-99C0-4568-95BE-A27DC64E1F85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ECBCF07D-F005-42AF-B9CD-0071F4E56EE9}" = lport=2869 | protocol=6 | dir=in | app=system | "{F5FEFEFB-4F3F-4AE8-B583-0751AE4E8ADF}" = lport=137 | protocol=17 | dir=in | app=system | "{FFC45B75-3E56-4406-B849-D61FAC49E938}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C25583D-EB91-4BAF-89BC-23D6CC6EB244}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{19C4FE0E-4178-45F6-9F58-C5045FA3D2F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{1BE639D1-4DB1-462E-B678-299BCCEA07D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{28892240-7E53-47C9-A261-038DD4D4FBC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2D18F8C2-A0DF-44CD-8592-98AEA6EB7367}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{31E8DF8D-4C4C-4ACA-8D04-413F8EB9F829}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3AAC8937-A984-46C7-B7E2-8DF6CA685449}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{3ADEB1A0-AFD2-4B73-A1E4-2D3FCD66F997}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{40A29986-F288-4E47-A3F7-DE5BC4D6B9FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{455599EE-B2AB-4AE4-8AEC-2152282BCEC4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{4C344266-8816-4DF9-B164-22ABC675B3C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{55A37448-04D6-4A84-BD53-2D303B2B1344}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{5CC97F29-2363-4A25-8820-B74A73B2B45F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{6337DEDB-D042-4D4C-AC5E-ADDB088C1CFE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{64135EB3-D921-4257-82F0-6C5585726B39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{65869BE4-A580-456F-8BEE-1B554A61215F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{7002F95A-EA6C-4F63-8658-FE5061620813}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{7C1A490F-AF93-4FC4-8FF1-11FABF32B64E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{887FA4E8-FE8E-4A5A-BB4F-E7345C837F27}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{8C4F7495-E0CD-4796-858F-154D72F9083A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{8FE560DD-6B95-47BC-9D96-FFCB56755CB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{961D50ED-25AC-4329-A130-7488A48636C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{96F66570-4FB2-41EA-8B37-68DAFF2E3EFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9CE53C92-1F50-43E1-A5DB-3C3169AD1E48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A1B633E1-F05E-4B2E-BD4F-4AB4E3F9A0A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{A589F4A8-F831-4CAB-A06D-8A48973C39AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{A88D738F-3899-4098-B7F2-F8EBF802BAF8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{AB58BE99-986D-421F-800C-7B1708B6C86B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE125130-A198-42CA-929C-A550032B5190}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | "{B15F0AF0-2E75-4C7B-B14E-628F038B566C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{CE326E96-674A-4CE9-B1F1-408E0DE36DF1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{D425BBBA-BF5B-4DEE-BD1B-997F0EDB34D8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{D67A0EE2-8865-45D4-94AE-B7840BFAC2F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D8594E4D-A09D-4556-A98A-B3774AD81AD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{DE790F8E-CF9F-4031-9B2D-4A9516837802}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E0F3B78F-C9BE-4B10-A9A6-04E81C4D854B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E1B6AAB4-5711-4106-A15B-0B31AD376D92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{E43FF323-6995-4092-A16E-A1ABD89E8E0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EBAB9B18-6FD4-4672-A402-FB0AEC0C4A0C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{EF258321-1056-40F4-92A2-D520F79ED03F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F142515C-1BD5-4E75-9873-06BCE72C6EB0}" = dir=in | app=c:\program files\itunes\itunes.exe | "{F26AA263-A162-4D12-927D-8A38B41C5D99}" = protocol=6 | dir=out | app=system | "{F2B43345-09FD-4857-BAC5-309740BCB1F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F623A2D8-6362-4EE4-99F4-EB2AFCF531DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F9263217-4756-4AFD-AAAB-7F898604FEA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF3C7EFD-96D4-43D1-BCB0-54E7CB95004D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{413070A8-C741-4E78-803F-F07E2ED3B47C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3C9A6C63-3DF8-4D77-888B-94452FD088B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{1433046A-BAE7-EBC6-4CAE-9A7BD0C3A35D}" = CCC Help Finnish "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver "{54873998-9F2C-4D2F-2CC1-BEE8D9D9FC73}" = ccc-utility "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77A2EA4C-F1DD-BBA7-F816-BD76EA3C08DF}" = CCC Help French "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help "{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88A34D88-1A75-8C9D-A26E-F283436AC0A6}" = ATI Catalyst Install Manager "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1969E4-3533-3735-B5DF-82F24164203C}" = CCC Help Japanese "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C516706-B1CC-EBFC-A0CB-02E1FF5FC0FC}" = CCC Help Danish "{9D8004FF-B214-18C6-4473-4993230B11D5}" = CCC Help Norwegian "{9E3C6E9F-26C9-F771-36B5-2065515AA7C2}" = CCC Help Dutch "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A81FC45F-6431-CFD2-2FEF-B259C3B8DEB4}" = Catalyst Control Center Graphics Light "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACCC042D-A515-F15A-44DC-B8916D269A53}" = Catalyst Control Center Localization All "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA67EF42-DC5C-18EE-5DB4-7EB3987589BC}" = Catalyst Control Center Core Implementation "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BC37B94A-1C40-D769-0E53-157C3FF481C6}" = CCC Help German "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C170B7B5-9720-C191-F5FA-981C3FACAED6}" = CCC Help English "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5346D3C-C9FF-A4FD-FDDB-A36DE137A513}" = CCC Help Italian "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB5167B0-61DF-D5EA-E1C4-438D869D0B4A}" = ccc-core-static "{D443CF18-21ED-8648-CB98-B338EF0D8A51}" = CCC Help Swedish "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D8104EB7-EA8D-08D1-9A69-717E2F2E86F9}" = Catalyst Control Center Graphics Full New "{D8D76911-AA3A-62C8-8E1B-F94A518BD27D}" = Catalyst Control Center Graphics Previews Vista "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "{EC27B0C8-F3B7-95BD-96B8-A8D8C78A94B8}" = Catalyst Control Center Graphics Full Existing "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F92DBD0E-7769-3E62-3526-45ED37E0A921}" = CCC Help Spanish "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free "ALDI Süd Foto Service D" = ALDI Süd Foto Service "Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice "ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong "ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "dm-Fotowelt" = dm-Fotowelt "ElsterFormular" = ElsterFormular "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued "Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49 "OpenAL" = OpenAL "Picasa 3" = Picasa 3 "Shop for HP Supplies" = Shop for HP Supplies "VLC media player" = VLC media player 2.0.6 "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.10.2012 08:06:48 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.10.2012 08:06:48 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6794327 Error - 13.10.2012 08:06:48 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6794327 Error - 13.10.2012 09:08:27 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.10.2012 09:08:27 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15584 Error - 13.10.2012 09:08:27 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15584 Error - 14.10.2012 05:30:43 | Computer Name = Hans-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 14.10.2012 11:20:30 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.10.2012 11:20:30 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15600 Error - 14.10.2012 11:20:30 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15600 [ System Events ] Error - 04.07.2013 14:57:06 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:09 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:12 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:15 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:17 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:21 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:23 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:26 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:29 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:32 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. < End of report > GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-04 22:16:36 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000054 WDC_WD15 rev.80.0 1397,27GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Hans\AppData\Local\Temp\pwldipoc.sys ---- System - GMER 2.1 ---- SSDT 91D08286 ZwCreateSection SSDT 91D08290 ZwRequestWaitReplyPort SSDT 91D0828B ZwSetContextThread SSDT 91D08295 ZwSetSecurityObject SSDT 91D0829A ZwSystemDebugControl SSDT 91D08227 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8307F9F5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B91F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830C053C 4 Bytes [86, 82, D0, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830C0898 4 Bytes [90, 82, D0, 91] {NOP ; ADC AL, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830C08DC 4 Bytes [8B, 82, D0, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830C0958 4 Bytes [95, 82, D0, 91] {XCHG EBP, EAX; ADC AL, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 830C09AC 4 Bytes [9A, 82, D0, 91] .text ... .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x9242D000, 0x2D293E, 0xE8000020] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740324CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7401562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740156EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74032546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740285AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74024D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74025105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740251DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74026707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74028301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74028850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740290B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7402E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74024C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
|
04.07.2013, 23:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win32/Small.CA-Virus entfernen Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.07.2013, 22:55
| #3 |
| | Win32/Small.CA-Virus entfernen Hallo Cosinus,
__________________Danke für die Hilfe. Ich hatte bis vor ein paar Monaten Norten Anti Virus. Dort gab es mal funde. Allerdings habe ich Norten deinstalliert. Bei Antivirus habe ich in den Ergebnissen keine Funde. Ich hatte noch ein Programm. Ich glaube etwas mit Search and Destroy. Das habe ich aber ebenfalls deinstalliert. Das hilft wahrscheinlich nicht weiter. Sorry. |
|
06.07.2013, 13:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Small.CA-Virus entfernen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
15.07.2013, 08:02
| #5 |
| | Win32/Small.CA-Virus entfernen Hallo Cosinus, das Straßenfest hier hat mich ziehmlich beschäftigt  . Jetzt gestern hab ichs endlich geschafft. Hier die Meldungen GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-14 19:12:53
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000055 WDC_WD15 rev.80.0 1397,27GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Hans\AppData\Local\Temp\pwldipoc.sys
---- System - GMER 2.1 ----
SSDT 92053076 ZwCreateSection
SSDT 92053080 ZwRequestWaitReplyPort
SSDT 9205307B ZwSetContextThread
SSDT 92053085 ZwSetSecurityObject
SSDT 9205308A ZwSystemDebugControl
SSDT 92053017 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8304C9F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830861F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8308D53C 4 Bytes [76, 30, 05, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 8308D898 4 Bytes [80, 30, 05, 92] {XOR BYTE [EAX], 0x5; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8308D8DC 4 Bytes [7B, 30, 05, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 8308D958 4 Bytes [85, 30, 05, 92]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8308D9AC 4 Bytes [8A, 30, 05, 92]
.text ...
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x92419000, 0x2D293E, 0xE8000020]
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewCrawlNumber 15
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@ElapsedRunTime 568958
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@CrawlNumberInProgress -1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@LastCrawlSuccesses 522
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@LastCrawlNotFound 67
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@LastCrawlUncategorizedErrors 163
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@LastCrawlId 11
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\1@CrawlNumberInProgress -1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\1@LastCrawlSuccesses 30
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\1@LastCrawlId -1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress -1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@LastCrawlSuccesses 288
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@LastCrawlId -1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@CrawlNumberInProgress -1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@LastCrawlSuccesses 10625
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@LastCrawlExcluded 62421
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@LastCrawlNotFound 6
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@LastCrawlUncategorizedErrors 382
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\3@LastCrawlId -1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{08C00D72-415D-11DF-A10C-806E6F6E6963} 6924658064
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.14.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Hans :: HANS-PC [administrator] 14.07.2013 19:28:57 mbar-log-2013-07-14 (19-28-57).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 302415 Time elapsed: 17 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Jetzt noch der 2. Scan Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.14.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 Hans :: HANS-PC [administrator] 14.07.2013 20:04:41 mbar-log-2013-07-14 (20-04-41).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 301968 Time elapsed: 17 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Schonmal Danke vorab und einen schönen Tag Peppone |
|
15.07.2013, 14:32
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Small.CA-Virus entfernen aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Win32/Small.CA-Virus entfernen |
|
16.07.2013, 23:34
| #7 |
| | Win32/Small.CA-Virus entfernen Hallo cosinus, hier die Ergebnisse der beiden Scans aswMBR aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-07-16 22:42:45 ----------------------------- 22:42:45.469 OS Version: Windows 6.1.7601 Service Pack 1 22:42:45.469 Number of processors: 4 586 0x402 22:42:45.484 ComputerName: HANS-PC UserName: Hans 22:42:50.024 Initialize success 22:49:25.184 AVAST engine defs: 13071600 22:53:39.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054 22:53:39.746 Disk 0 Vendor: WDC_WD15 80.0 Size: 1430799MB BusType: 11 22:53:39.886 Disk 0 MBR read successfully 22:53:39.902 Disk 0 MBR scan 22:53:39.933 Disk 0 unknown MBR code 22:53:39.933 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:53:39.964 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1409191 MB offset 206848 22:53:40.011 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 2886230016 22:53:40.042 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 2928173056 22:53:40.073 Disk 0 scanning sectors +2930274304 22:53:40.167 Disk 0 scanning C:\Windows\system32\drivers 22:53:51.758 Service scanning 22:54:17.420 Modules scanning 22:54:21.850 Disk 0 trace - called modules: 22:54:21.866 ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys halmacpi.dll amdsata.sys 22:54:21.866 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868d7400] 22:54:21.881 3 CLASSPNP.SYS[8c18059e] -> nt!IofCallDriver -> [0x8688f8f0] 22:54:21.881 5 amdxata.sys[8bdda7b6] -> nt!IofCallDriver -> \Device\00000054[0x867605c0] 22:54:26.967 AVAST engine scan C:\Windows 22:54:32.099 AVAST engine scan C:\Windows\system32 22:58:22.402 AVAST engine scan C:\Windows\system32\drivers 22:58:40.764 AVAST engine scan C:\Users\Hans 23:09:26.231 AVAST engine scan C:\ProgramData 23:13:01.309 Scan finished successfully 23:13:34.833 Disk 0 MBR has been saved successfully to "C:\Users\Hans\Desktop\MBR.dat" 23:13:34.833 The log file has been saved successfully to "C:\Users\Hans\Desktop\aswMBR.txt" und hier noch TDSSSKiller 23:23:03.0127 2400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 23:23:03.0377 2400 ============================================================ 23:23:03.0377 2400 Current date / time: 2013/07/16 23:23:03.0377 23:23:03.0377 2400 SystemInfo: 23:23:03.0377 2400 23:23:03.0377 2400 OS Version: 6.1.7601 ServicePack: 1.0 23:23:03.0377 2400 Product type: Workstation 23:23:03.0377 2400 ComputerName: HANS-PC 23:23:03.0377 2400 UserName: Hans 23:23:03.0377 2400 Windows directory: C:\Windows 23:23:03.0377 2400 System windows directory: C:\Windows 23:23:03.0377 2400 Processor architecture: Intel x86 23:23:03.0377 2400 Number of processors: 4 23:23:03.0377 2400 Page size: 0x1000 23:23:03.0377 2400 Boot type: Normal boot 23:23:03.0377 2400 ============================================================ 23:23:05.0109 2400 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:23:05.0140 2400 ============================================================ 23:23:05.0140 2400 \Device\Harddisk0\DR0: 23:23:05.0140 2400 MBR partitions: 23:23:05.0140 2400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 23:23:05.0140 2400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAC053800 23:23:05.0140 2400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAC086000, BlocksNum 0x2800000 23:23:05.0140 2400 ============================================================ 23:23:05.0187 2400 C: <-> \Device\Harddisk0\DR0\Partition2 23:23:05.0233 2400 D: <-> \Device\Harddisk0\DR0\Partition3 23:23:05.0233 2400 ============================================================ 23:23:05.0233 2400 Initialize success 23:23:05.0233 2400 ============================================================ 23:23:15.0155 5044 ============================================================ 23:23:15.0155 5044 Scan started 23:23:15.0155 5044 Mode: Manual; SigCheck; TDLFS; 23:23:15.0155 5044 ============================================================ 23:23:16.0481 5044 ================ Scan system memory ======================== 23:23:16.0481 5044 System memory - ok 23:23:16.0497 5044 ================ Scan services ============================= 23:23:16.0684 5044 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:23:16.0762 5044 1394ohci - ok 23:23:16.0793 5044 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:23:16.0809 5044 ACPI - ok 23:23:16.0840 5044 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:23:16.0918 5044 AcpiPmi - ok 23:23:16.0980 5044 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 23:23:17.0011 5044 AdobeARMservice - ok 23:23:17.0089 5044 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 23:23:17.0121 5044 AdobeFlashPlayerUpdateSvc - ok 23:23:17.0152 5044 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:23:17.0167 5044 adp94xx - ok 23:23:17.0214 5044 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:23:17.0245 5044 adpahci - ok 23:23:17.0277 5044 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:23:17.0292 5044 adpu320 - ok 23:23:17.0370 5044 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:23:17.0620 5044 AeLookupSvc - ok 23:23:17.0791 5044 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 23:23:17.0854 5044 AFD - ok 23:23:17.0869 5044 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 23:23:17.0885 5044 agp440 - ok 23:23:17.0901 5044 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 23:23:17.0916 5044 aic78xx - ok 23:23:17.0932 5044 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 23:23:17.0994 5044 ALG - ok 23:23:18.0025 5044 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 23:23:18.0041 5044 aliide - ok 23:23:18.0088 5044 [ 446A5644046B7C59C07221742C821A16 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 23:23:18.0150 5044 AMD External Events Utility - ok 23:23:18.0181 5044 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 23:23:18.0197 5044 amdagp - ok 23:23:18.0213 5044 [ 211FCE336502911EC03FC15A91344C98 ] amdide C:\Windows\system32\DRIVERS\amdide.sys 23:23:18.0244 5044 amdide - ok 23:23:18.0275 5044 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:23:18.0322 5044 AmdK8 - ok 23:23:18.0447 5044 [ 8B37D7DBF153CF029141C8D82B3F53BA ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys 23:23:18.0618 5044 amdkmdag - ok 23:23:18.0665 5044 [ 2A20C0B5CFE4CFF706856A7B1BF14D72 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 23:23:18.0696 5044 amdkmdap - ok 23:23:18.0727 5044 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:23:18.0774 5044 AmdPPM - ok 23:23:18.0790 5044 [ 6F64C768A9A48FAB7C6D6CEE1B30F97F ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 23:23:18.0805 5044 amdsata - ok 23:23:18.0821 5044 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:23:18.0837 5044 amdsbs - ok 23:23:18.0852 5044 [ E27866684780606BCCE640A57937D88A ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 23:23:18.0852 5044 amdxata - ok 23:23:18.0915 5044 [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 23:23:18.0930 5044 AntiVirSchedulerService - ok 23:23:18.0977 5044 [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 23:23:18.0993 5044 AntiVirService - ok 23:23:19.0008 5044 [ 53DDEA96AA407C3E2BCEF68A44E31A59 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 23:23:19.0039 5044 AntiVirWebService - ok 23:23:19.0071 5044 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 23:23:19.0180 5044 AppID - ok 23:23:19.0195 5044 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:23:19.0289 5044 AppIDSvc - ok 23:23:19.0336 5044 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 23:23:19.0351 5044 Appinfo - ok 23:23:19.0429 5044 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:23:19.0461 5044 Apple Mobile Device - ok 23:23:19.0461 5044 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 23:23:19.0476 5044 arc - ok 23:23:19.0476 5044 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:23:19.0492 5044 arcsas - ok 23:23:19.0523 5044 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:23:19.0632 5044 AsyncMac - ok 23:23:19.0663 5044 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 23:23:19.0679 5044 atapi - ok 23:23:19.0710 5044 [ 430449D04B05348879244C9090D405B4 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 23:23:19.0726 5044 AtiHdmiService - ok 23:23:19.0741 5044 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 23:23:19.0757 5044 AtiPcie - ok 23:23:19.0788 5044 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:23:19.0835 5044 AudioEndpointBuilder - ok 23:23:19.0851 5044 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 23:23:19.0866 5044 Audiosrv - ok 23:23:19.0882 5044 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 23:23:19.0882 5044 avgntflt - ok 23:23:19.0897 5044 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 23:23:19.0913 5044 avipbb - ok 23:23:19.0929 5044 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 23:23:19.0944 5044 avkmgr - ok 23:23:19.0975 5044 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:23:20.0038 5044 AxInstSV - ok 23:23:20.0053 5044 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 23:23:20.0085 5044 b06bdrv - ok 23:23:20.0116 5044 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 23:23:20.0163 5044 b57nd60x - ok 23:23:20.0256 5044 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe 23:23:20.0287 5044 BBSvc - ok 23:23:20.0319 5044 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe 23:23:20.0334 5044 BBUpdate - ok 23:23:20.0350 5044 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 23:23:20.0381 5044 BDESVC - ok 23:23:20.0397 5044 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 23:23:20.0459 5044 Beep - ok 23:23:20.0490 5044 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 23:23:20.0537 5044 BFE - ok 23:23:20.0568 5044 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 23:23:20.0646 5044 BITS - ok 23:23:20.0646 5044 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:23:20.0662 5044 blbdrive - ok 23:23:20.0709 5044 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 23:23:20.0755 5044 Bonjour Service - ok 23:23:20.0787 5044 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:23:20.0818 5044 bowser - ok 23:23:20.0849 5044 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:23:20.0896 5044 BrFiltLo - ok 23:23:20.0911 5044 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:23:20.0974 5044 BrFiltUp - ok 23:23:20.0989 5044 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 23:23:21.0052 5044 Browser - ok 23:23:21.0099 5044 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:23:21.0130 5044 Brserid - ok 23:23:21.0130 5044 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:23:21.0177 5044 BrSerWdm - ok 23:23:21.0192 5044 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:23:21.0223 5044 BrUsbMdm - ok 23:23:21.0239 5044 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:23:21.0255 5044 BrUsbSer - ok 23:23:21.0255 5044 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:23:21.0270 5044 BTHMODEM - ok 23:23:21.0286 5044 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 23:23:21.0317 5044 bthserv - ok 23:23:21.0333 5044 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:23:21.0379 5044 cdfs - ok 23:23:21.0411 5044 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 23:23:21.0457 5044 cdrom - ok 23:23:21.0504 5044 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 23:23:21.0535 5044 CertPropSvc - ok 23:23:21.0567 5044 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:23:21.0582 5044 circlass - ok 23:23:21.0598 5044 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 23:23:21.0613 5044 CLFS - ok 23:23:21.0691 5044 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:23:21.0707 5044 clr_optimization_v2.0.50727_32 - ok 23:23:21.0769 5044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:23:21.0801 5044 clr_optimization_v4.0.30319_32 - ok 23:23:21.0816 5044 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:23:21.0832 5044 CmBatt - ok 23:23:21.0941 5044 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:23:21.0988 5044 cmdide - ok 23:23:22.0019 5044 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys 23:23:22.0050 5044 CNG - ok 23:23:22.0066 5044 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:23:22.0081 5044 Compbatt - ok 23:23:22.0097 5044 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 23:23:22.0113 5044 CompositeBus - ok 23:23:22.0128 5044 COMSysApp - ok 23:23:22.0159 5044 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:23:22.0159 5044 crcdisk - ok 23:23:22.0206 5044 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:23:22.0222 5044 CryptSvc - ok 23:23:22.0253 5044 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 23:23:22.0300 5044 DcomLaunch - ok 23:23:22.0331 5044 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 23:23:22.0378 5044 defragsvc - ok 23:23:22.0409 5044 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:23:22.0425 5044 DfsC - ok 23:23:22.0456 5044 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 23:23:22.0487 5044 Dhcp - ok 23:23:22.0503 5044 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 23:23:22.0549 5044 discache - ok 23:23:22.0581 5044 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 23:23:22.0612 5044 Disk - ok 23:23:22.0643 5044 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:23:22.0690 5044 Dnscache - ok 23:23:22.0721 5044 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 23:23:22.0783 5044 dot3svc - ok 23:23:22.0893 5044 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 23:23:22.0955 5044 Dot4 - ok 23:23:22.0986 5044 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 23:23:23.0033 5044 Dot4Print - ok 23:23:23.0049 5044 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 23:23:23.0080 5044 dot4usb - ok 23:23:23.0095 5044 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 23:23:23.0173 5044 DPS - ok 23:23:23.0220 5044 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:23:23.0236 5044 drmkaud - ok 23:23:23.0283 5044 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:23:23.0314 5044 DXGKrnl - ok 23:23:23.0345 5044 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 23:23:23.0392 5044 EapHost - ok 23:23:23.0485 5044 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 23:23:23.0579 5044 ebdrv - ok 23:23:23.0610 5044 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 23:23:23.0657 5044 EFS - ok 23:23:23.0704 5044 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:23:23.0751 5044 ehRecvr - ok 23:23:23.0782 5044 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 23:23:23.0797 5044 ehSched - ok 23:23:23.0829 5044 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:23:23.0860 5044 elxstor - ok 23:23:23.0875 5044 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:23:23.0891 5044 ErrDev - ok 23:23:23.0938 5044 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 23:23:23.0985 5044 EventSystem - ok 23:23:24.0000 5044 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 23:23:24.0031 5044 exfat - ok 23:23:24.0094 5044 Fabs - ok 23:23:24.0125 5044 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:23:24.0156 5044 fastfat - ok 23:23:24.0203 5044 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 23:23:24.0234 5044 Fax - ok 23:23:24.0250 5044 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:23:24.0265 5044 fdc - ok 23:23:24.0265 5044 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 23:23:24.0312 5044 fdPHost - ok 23:23:24.0328 5044 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 23:23:24.0375 5044 FDResPub - ok 23:23:24.0390 5044 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:23:24.0406 5044 FileInfo - ok 23:23:24.0406 5044 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:23:24.0437 5044 Filetrace - ok 23:23:24.0531 5044 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 23:23:24.0640 5044 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 23:23:24.0640 5044 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 23:23:24.0671 5044 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:23:24.0687 5044 flpydisk - ok 23:23:24.0718 5044 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:23:24.0718 5044 FltMgr - ok 23:23:24.0780 5044 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 23:23:24.0843 5044 FontCache - ok 23:23:24.0889 5044 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:23:24.0921 5044 FontCache3.0.0.0 - ok 23:23:24.0921 5044 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:23:24.0936 5044 FsDepends - ok 23:23:24.0967 5044 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:23:24.0983 5044 Fs_Rec - ok 23:23:25.0014 5044 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:23:25.0014 5044 fvevol - ok 23:23:25.0045 5044 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:23:25.0061 5044 gagp30kx - ok 23:23:25.0092 5044 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:23:25.0092 5044 GEARAspiWDM - ok 23:23:25.0139 5044 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 23:23:25.0170 5044 gpsvc - ok 23:23:25.0248 5044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 23:23:25.0279 5044 gupdate - ok 23:23:25.0311 5044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 23:23:25.0311 5044 gupdatem - ok 23:23:25.0357 5044 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 23:23:25.0373 5044 gusvc - ok 23:23:25.0404 5044 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:23:25.0435 5044 hcw85cir - ok 23:23:25.0498 5044 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:23:25.0545 5044 HdAudAddService - ok 23:23:25.0591 5044 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 23:23:25.0638 5044 HDAudBus - ok 23:23:25.0654 5044 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:23:25.0669 5044 HidBatt - ok 23:23:25.0701 5044 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:23:25.0716 5044 HidBth - ok 23:23:25.0747 5044 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:23:25.0779 5044 HidIr - ok 23:23:25.0794 5044 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 23:23:25.0825 5044 hidserv - ok 23:23:25.0841 5044 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 23:23:25.0857 5044 HidUsb - ok 23:23:25.0888 5044 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:23:25.0903 5044 hkmsvc - ok 23:23:25.0950 5044 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:23:25.0981 5044 HomeGroupListener - ok 23:23:26.0013 5044 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:23:26.0044 5044 HomeGroupProvider - ok 23:23:26.0137 5044 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 23:23:26.0153 5044 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 23:23:26.0153 5044 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 23:23:26.0200 5044 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 23:23:26.0215 5044 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 23:23:26.0215 5044 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 23:23:26.0247 5044 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:23:26.0262 5044 HpSAMD - ok 23:23:26.0293 5044 [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 23:23:26.0309 5044 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 23:23:26.0309 5044 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 23:23:26.0356 5044 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:23:26.0403 5044 HTTP - ok 23:23:26.0434 5044 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:23:26.0434 5044 hwpolicy - ok 23:23:26.0449 5044 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 23:23:26.0465 5044 i8042prt - ok 23:23:26.0496 5044 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:23:26.0512 5044 iaStorV - ok 23:23:26.0574 5044 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:23:26.0605 5044 idsvc - ok 23:23:26.0637 5044 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:23:26.0652 5044 iirsp - ok 23:23:26.0699 5044 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 23:23:26.0777 5044 IKEEXT - ok 23:23:26.0855 5044 [ 97FA95E4F486F37D60AD3744D86F3D7E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 23:23:26.0917 5044 IntcAzAudAddService - ok 23:23:26.0964 5044 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 23:23:27.0058 5044 intelide - ok 23:23:27.0073 5044 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:23:27.0105 5044 intelppm - ok 23:23:27.0136 5044 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:23:27.0198 5044 IPBusEnum - ok 23:23:27.0214 5044 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:23:27.0261 5044 IpFilterDriver - ok 23:23:27.0292 5044 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:23:27.0323 5044 iphlpsvc - ok 23:23:27.0339 5044 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:23:27.0354 5044 IPMIDRV - ok 23:23:27.0370 5044 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:23:27.0401 5044 IPNAT - ok 23:23:27.0479 5044 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:23:27.0510 5044 iPod Service - ok 23:23:27.0541 5044 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:23:27.0619 5044 IRENUM - ok 23:23:27.0635 5044 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:23:27.0651 5044 isapnp - ok 23:23:27.0666 5044 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:23:27.0682 5044 iScsiPrt - ok 23:23:27.0713 5044 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 23:23:27.0729 5044 kbdclass - ok 23:23:27.0760 5044 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 23:23:27.0807 5044 kbdhid - ok 23:23:27.0822 5044 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 23:23:27.0838 5044 KeyIso - ok 23:23:27.0853 5044 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:23:27.0869 5044 KSecDD - ok 23:23:27.0900 5044 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:23:27.0963 5044 KSecPkg - ok 23:23:28.0072 5044 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 23:23:28.0259 5044 KtmRm - ok 23:23:28.0275 5044 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 23:23:28.0321 5044 LanmanServer - ok 23:23:28.0337 5044 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:23:28.0368 5044 LanmanWorkstation - ok 23:23:28.0384 5044 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:23:28.0399 5044 lltdio - ok 23:23:28.0415 5044 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:23:28.0446 5044 lltdsvc - ok 23:23:28.0462 5044 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 23:23:28.0493 5044 lmhosts - ok 23:23:28.0524 5044 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:23:28.0524 5044 LSI_FC - ok 23:23:28.0555 5044 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:23:28.0571 5044 LSI_SAS - ok 23:23:28.0587 5044 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:23:28.0602 5044 LSI_SAS2 - ok 23:23:28.0618 5044 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:23:28.0618 5044 LSI_SCSI - ok 23:23:28.0633 5044 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 23:23:28.0665 5044 luafv - ok 23:23:28.0696 5044 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:23:28.0711 5044 Mcx2Svc - ok 23:23:28.0727 5044 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:23:28.0727 5044 megasas - ok 23:23:28.0758 5044 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:23:28.0774 5044 MegaSR - ok 23:23:28.0789 5044 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 23:23:28.0852 5044 MMCSS - ok 23:23:28.0883 5044 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 23:23:28.0914 5044 Modem - ok 23:23:28.0930 5044 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:23:28.0945 5044 monitor - ok 23:23:28.0945 5044 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 23:23:28.0961 5044 mouclass - ok 23:23:28.0992 5044 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:23:28.0992 5044 mouhid - ok 23:23:29.0039 5044 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:23:29.0055 5044 mountmgr - ok 23:23:29.0117 5044 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 23:23:29.0117 5044 MozillaMaintenance - ok 23:23:29.0164 5044 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 23:23:29.0179 5044 mpio - ok 23:23:29.0195 5044 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:23:29.0226 5044 mpsdrv - ok 23:23:29.0257 5044 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:23:29.0273 5044 MpsSvc - ok 23:23:29.0320 5044 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:23:29.0335 5044 MRxDAV - ok 23:23:29.0413 5044 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:23:29.0445 5044 mrxsmb - ok 23:23:29.0460 5044 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:23:29.0476 5044 mrxsmb10 - ok 23:23:29.0523 5044 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:23:29.0554 5044 mrxsmb20 - ok 23:23:29.0585 5044 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 23:23:29.0585 5044 msahci - ok 23:23:29.0616 5044 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:23:29.0616 5044 msdsm - ok 23:23:29.0632 5044 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 23:23:29.0647 5044 MSDTC - ok 23:23:29.0679 5044 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:23:29.0710 5044 Msfs - ok 23:23:29.0725 5044 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:23:29.0741 5044 mshidkmdf - ok 23:23:29.0757 5044 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:23:29.0757 5044 msisadrv - ok 23:23:29.0803 5044 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:23:29.0819 5044 MSiSCSI - ok 23:23:29.0819 5044 msiserver - ok 23:23:29.0850 5044 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:23:29.0866 5044 MSKSSRV - ok 23:23:29.0881 5044 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:23:29.0928 5044 MSPCLOCK - ok 23:23:29.0944 5044 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:23:29.0991 5044 MSPQM - ok 23:23:30.0006 5044 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:23:30.0022 5044 MsRPC - ok 23:23:30.0037 5044 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 23:23:30.0053 5044 mssmbios - ok 23:23:30.0053 5044 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:23:30.0084 5044 MSTEE - ok 23:23:30.0100 5044 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:23:30.0131 5044 MTConfig - ok 23:23:30.0131 5044 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 23:23:30.0131 5044 Mup - ok 23:23:30.0178 5044 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 23:23:30.0240 5044 napagent - ok 23:23:30.0271 5044 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:23:30.0287 5044 NativeWifiP - ok 23:23:30.0334 5044 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:23:30.0365 5044 NDIS - ok 23:23:30.0381 5044 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:23:30.0412 5044 NdisCap - ok 23:23:30.0427 5044 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:23:30.0459 5044 NdisTapi - ok 23:23:30.0490 5044 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:23:30.0537 5044 Ndisuio - ok 23:23:30.0568 5044 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:23:30.0599 5044 NdisWan - ok 23:23:30.0646 5044 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:23:30.0708 5044 NDProxy - ok 23:23:30.0755 5044 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 23:23:30.0771 5044 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 23:23:30.0771 5044 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 23:23:30.0786 5044 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:23:30.0864 5044 NetBIOS - ok 23:23:30.0880 5044 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:23:30.0911 5044 NetBT - ok 23:23:30.0927 5044 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 23:23:30.0942 5044 Netlogon - ok 23:23:30.0973 5044 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 23:23:30.0989 5044 Netman - ok 23:23:31.0020 5044 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 23:23:31.0036 5044 netprofm - ok 23:23:31.0083 5044 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:23:31.0083 5044 NetTcpPortSharing - ok 23:23:31.0114 5044 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:23:31.0129 5044 nfrd960 - ok 23:23:31.0161 5044 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 23:23:31.0192 5044 NlaSvc - ok 23:23:31.0207 5044 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:23:31.0285 5044 Npfs - ok 23:23:31.0301 5044 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 23:23:31.0332 5044 nsi - ok 23:23:31.0332 5044 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:23:31.0348 5044 nsiproxy - ok 23:23:31.0426 5044 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:23:31.0488 5044 Ntfs - ok 23:23:31.0488 5044 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 23:23:31.0504 5044 Null - ok 23:23:31.0535 5044 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:23:31.0582 5044 nvraid - ok 23:23:31.0597 5044 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:23:31.0613 5044 nvstor - ok 23:23:31.0629 5044 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:23:31.0644 5044 nv_agp - ok 23:23:31.0722 5044 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 23:23:31.0769 5044 odserv - ok 23:23:31.0800 5044 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:23:31.0816 5044 ohci1394 - ok 23:23:31.0831 5044 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:23:31.0847 5044 ose - ok 23:23:31.0863 5044 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:23:31.0909 5044 p2pimsvc - ok 23:23:31.0925 5044 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 23:23:31.0941 5044 p2psvc - ok 23:23:31.0956 5044 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:23:31.0972 5044 Parport - ok 23:23:32.0003 5044 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:23:32.0003 5044 partmgr - ok 23:23:32.0019 5044 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 23:23:32.0050 5044 Parvdm - ok 23:23:32.0065 5044 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:23:32.0159 5044 PcaSvc - ok 23:23:32.0190 5044 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 23:23:32.0190 5044 pci - ok 23:23:32.0221 5044 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 23:23:32.0237 5044 pciide - ok 23:23:32.0253 5044 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:23:32.0268 5044 pcmcia - ok 23:23:32.0284 5044 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 23:23:32.0299 5044 pcw - ok 23:23:32.0315 5044 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:23:32.0377 5044 PEAUTH - ok 23:23:32.0440 5044 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 23:23:32.0487 5044 pla - ok 23:23:32.0502 5044 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:23:32.0565 5044 PlugPlay - ok 23:23:32.0596 5044 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 23:23:32.0611 5044 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 23:23:32.0611 5044 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 23:23:32.0627 5044 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:23:32.0643 5044 PNRPAutoReg - ok 23:23:32.0658 5044 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:23:32.0674 5044 PNRPsvc - ok 23:23:32.0705 5044 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:23:32.0752 5044 PolicyAgent - ok 23:23:32.0783 5044 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 23:23:32.0861 5044 Power - ok 23:23:32.0877 5044 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:23:32.0908 5044 PptpMiniport - ok 23:23:32.0923 5044 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:23:32.0955 5044 Processor - ok 23:23:32.0986 5044 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 23:23:33.0033 5044 ProfSvc - ok 23:23:33.0064 5044 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:23:33.0079 5044 ProtectedStorage - ok 23:23:33.0095 5044 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:23:33.0142 5044 Psched - ok 23:23:33.0189 5044 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 23:23:33.0189 5044 PSI_SVC_2 - ok 23:23:33.0376 5044 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:23:33.0423 5044 ql2300 - ok 23:23:33.0438 5044 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:23:33.0454 5044 ql40xx - ok 23:23:33.0485 5044 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 23:23:33.0501 5044 QWAVE - ok 23:23:33.0516 5044 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:23:33.0532 5044 QWAVEdrv - ok 23:23:33.0547 5044 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:23:33.0563 5044 RasAcd - ok 23:23:33.0579 5044 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:23:33.0594 5044 RasAgileVpn - ok 23:23:33.0610 5044 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 23:23:33.0641 5044 RasAuto - ok 23:23:33.0657 5044 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:23:33.0672 5044 Rasl2tp - ok 23:23:33.0703 5044 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 23:23:33.0735 5044 RasMan - ok 23:23:33.0750 5044 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:23:33.0766 5044 RasPppoe - ok 23:23:33.0781 5044 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:23:33.0813 5044 RasSstp - ok 23:23:33.0828 5044 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:23:33.0859 5044 rdbss - ok 23:23:33.0875 5044 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:23:33.0891 5044 rdpbus - ok 23:23:33.0906 5044 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:23:33.0922 5044 RDPCDD - ok 23:23:33.0953 5044 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:23:33.0969 5044 RDPENCDD - ok 23:23:33.0984 5044 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:23:34.0000 5044 RDPREFMP - ok 23:23:34.0047 5044 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 23:23:34.0093 5044 RdpVideoMiniport - ok 23:23:34.0140 5044 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:23:34.0187 5044 RDPWD - ok 23:23:34.0218 5044 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:23:34.0249 5044 rdyboost - ok 23:23:34.0296 5044 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 23:23:34.0312 5044 RemoteAccess - ok 23:23:34.0343 5044 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:23:34.0437 5044 RemoteRegistry - ok 23:23:34.0452 5044 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:23:34.0499 5044 RpcEptMapper - ok 23:23:34.0515 5044 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 23:23:34.0530 5044 RpcLocator - ok 23:23:34.0546 5044 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 23:23:34.0561 5044 RpcSs - ok 23:23:34.0577 5044 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:23:34.0624 5044 rspndr - ok 23:23:34.0655 5044 [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 23:23:34.0686 5044 RTL8167 - ok 23:23:34.0717 5044 [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 23:23:34.0749 5044 RTL8192su - ok 23:23:34.0764 5044 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 23:23:34.0764 5044 SamSs - ok 23:23:34.0795 5044 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:23:34.0811 5044 sbp2port - ok 23:23:34.0811 5044 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:23:34.0858 5044 SCardSvr - ok 23:23:34.0873 5044 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:23:34.0905 5044 scfilter - ok 23:23:34.0951 5044 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 23:23:34.0998 5044 Schedule - ok 23:23:35.0014 5044 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:23:35.0029 5044 SCPolicySvc - ok 23:23:35.0076 5044 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:23:35.0107 5044 SDRSVC - ok 23:23:35.0139 5044 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:23:35.0217 5044 secdrv - ok 23:23:35.0232 5044 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 23:23:35.0248 5044 seclogon - ok 23:23:35.0263 5044 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 23:23:35.0295 5044 SENS - ok 23:23:35.0310 5044 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:23:35.0341 5044 SensrSvc - ok 23:23:35.0357 5044 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:23:35.0373 5044 Serenum - ok 23:23:35.0388 5044 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:23:35.0404 5044 Serial - ok 23:23:35.0419 5044 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:23:35.0435 5044 sermouse - ok 23:23:35.0466 5044 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 23:23:35.0513 5044 SessionEnv - ok 23:23:35.0544 5044 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:23:35.0560 5044 sffdisk - ok 23:23:35.0575 5044 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:23:35.0591 5044 sffp_mmc - ok 23:23:35.0607 5044 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:23:35.0622 5044 sffp_sd - ok 23:23:35.0653 5044 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:23:35.0653 5044 sfloppy - ok 23:23:35.0685 5044 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:23:35.0747 5044 SharedAccess - ok 23:23:35.0778 5044 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:23:35.0794 5044 ShellHWDetection - ok 23:23:35.0809 5044 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 23:23:35.0825 5044 sisagp - ok 23:23:35.0841 5044 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:23:35.0856 5044 SiSRaid2 - ok 23:23:35.0872 5044 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:23:35.0872 5044 SiSRaid4 - ok 23:23:35.0887 5044 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:23:35.0919 5044 Smb - ok 23:23:35.0919 5044 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:23:35.0950 5044 SNMPTRAP - ok 23:23:35.0950 5044 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 23:23:35.0965 5044 spldr - ok 23:23:35.0997 5044 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 23:23:36.0028 5044 Spooler - ok 23:23:36.0090 5044 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 23:23:36.0153 5044 sppsvc - ok 23:23:36.0184 5044 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:23:36.0215 5044 sppuinotify - ok 23:23:36.0246 5044 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 23:23:36.0262 5044 srv - ok 23:23:36.0293 5044 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:23:36.0309 5044 srv2 - ok 23:23:36.0340 5044 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:23:36.0355 5044 srvnet - ok 23:23:36.0371 5044 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:23:36.0387 5044 SSDPSRV - ok 23:23:36.0433 5044 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 23:23:36.0480 5044 ssmdrv - ok 23:23:36.0511 5044 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:23:36.0543 5044 SstpSvc - ok 23:23:36.0589 5044 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys 23:23:36.0605 5044 ss_bbus - ok 23:23:36.0636 5044 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys 23:23:36.0667 5044 ss_bmdfl - ok 23:23:36.0699 5044 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys 23:23:36.0730 5044 ss_bmdm - ok 23:23:36.0761 5044 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:23:36.0777 5044 stexstor - ok 23:23:36.0839 5044 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 23:23:36.0870 5044 StiSvc - ok 23:23:36.0886 5044 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 23:23:36.0901 5044 swenum - ok 23:23:36.0933 5044 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 23:23:36.0948 5044 swprv - ok 23:23:37.0011 5044 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 23:23:37.0057 5044 SysMain - ok 23:23:37.0089 5044 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:23:37.0104 5044 TabletInputService - ok 23:23:37.0135 5044 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 23:23:37.0182 5044 TapiSrv - ok 23:23:37.0198 5044 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 23:23:37.0245 5044 TBS - ok 23:23:37.0307 5044 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:23:37.0479 5044 Tcpip - ok 23:23:37.0510 5044 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:23:37.0525 5044 TCPIP6 - ok 23:23:37.0557 5044 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:23:37.0619 5044 tcpipreg - ok 23:23:37.0650 5044 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:23:37.0666 5044 TDPIPE - ok 23:23:37.0697 5044 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:23:37.0697 5044 TDTCP - ok 23:23:37.0744 5044 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:23:37.0775 5044 tdx - ok 23:23:37.0791 5044 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 23:23:37.0806 5044 TermDD - ok 23:23:37.0837 5044 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 23:23:37.0884 5044 TermService - ok 23:23:37.0900 5044 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 23:23:37.0931 5044 Themes - ok 23:23:37.0931 5044 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 23:23:37.0947 5044 THREADORDER - ok 23:23:37.0978 5044 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 23:23:38.0025 5044 TrkWks - ok 23:23:38.0087 5044 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:23:38.0165 5044 TrustedInstaller - ok 23:23:38.0196 5044 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:23:38.0243 5044 tssecsrv - ok 23:23:38.0274 5044 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:23:38.0337 5044 TsUsbFlt - ok 23:23:38.0415 5044 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:23:38.0524 5044 tunnel - ok 23:23:38.0617 5044 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:23:38.0758 5044 uagp35 - ok 23:23:38.0789 5044 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:23:38.0820 5044 udfs - ok 23:23:38.0836 5044 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:23:38.0851 5044 UI0Detect - ok 23:23:38.0883 5044 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:23:38.0898 5044 uliagpkx - ok 23:23:38.0898 5044 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 23:23:38.0929 5044 umbus - ok 23:23:38.0961 5044 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:23:38.0976 5044 UmPass - ok 23:23:39.0007 5044 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 23:23:39.0039 5044 upnphost - ok 23:23:39.0085 5044 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 23:23:39.0101 5044 USBAAPL - ok 23:23:39.0148 5044 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 23:23:39.0195 5044 usbaudio - ok 23:23:39.0210 5044 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:23:39.0226 5044 usbccgp - ok 23:23:39.0257 5044 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:23:39.0273 5044 usbcir - ok 23:23:39.0319 5044 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 23:23:39.0366 5044 usbehci - ok 23:23:39.0397 5044 [ 19999CA8E83F16D271AFC467B84718D7 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 23:23:39.0397 5044 usbfilter - ok 23:23:39.0444 5044 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:23:39.0460 5044 usbhub - ok 23:23:39.0491 5044 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 23:23:39.0507 5044 usbohci - ok 23:23:39.0522 5044 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:23:39.0553 5044 usbprint - ok 23:23:39.0585 5044 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:23:39.0600 5044 usbscan - ok 23:23:39.0616 5044 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:23:39.0631 5044 USBSTOR - ok 23:23:39.0647 5044 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 23:23:39.0663 5044 usbuhci - ok 23:23:39.0694 5044 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 23:23:39.0709 5044 usbvideo - ok 23:23:39.0725 5044 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 23:23:39.0741 5044 UxSms - ok 23:23:39.0756 5044 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 23:23:39.0756 5044 VaultSvc - ok 23:23:39.0772 5044 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:23:39.0787 5044 vdrvroot - ok 23:23:39.0819 5044 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 23:23:39.0850 5044 vds - ok 23:23:39.0865 5044 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:23:39.0897 5044 vga - ok 23:23:39.0897 5044 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 23:23:39.0928 5044 VgaSave - ok 23:23:39.0959 5044 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:23:39.0959 5044 vhdmp - ok 23:23:39.0975 5044 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 23:23:39.0990 5044 viaagp - ok 23:23:39.0990 5044 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 23:23:40.0006 5044 ViaC7 - ok 23:23:40.0021 5044 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 23:23:40.0021 5044 viaide - ok 23:23:40.0053 5044 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:23:40.0053 5044 volmgr - ok 23:23:40.0068 5044 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:23:40.0084 5044 volmgrx - ok 23:23:40.0099 5044 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:23:40.0115 5044 volsnap - ok 23:23:40.0146 5044 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:23:40.0162 5044 vsmraid - ok 23:23:40.0209 5044 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 23:23:40.0240 5044 VSS - ok 23:23:40.0240 5044 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 23:23:40.0271 5044 vwifibus - ok 23:23:40.0287 5044 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 23:23:40.0318 5044 vwififlt - ok 23:23:40.0349 5044 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 23:23:40.0380 5044 vwifimp - ok 23:23:40.0396 5044 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 23:23:40.0427 5044 W32Time - ok 23:23:40.0443 5044 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:23:40.0458 5044 WacomPen - ok 23:23:40.0474 5044 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:23:40.0521 5044 WANARP - ok 23:23:40.0521 5044 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:23:40.0536 5044 Wanarpv6 - ok 23:23:40.0567 5044 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 23:23:40.0599 5044 wbengine - ok 23:23:40.0630 5044 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:23:40.0645 5044 WbioSrvc - ok 23:23:40.0677 5044 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:23:40.0692 5044 wcncsvc - ok 23:23:40.0708 5044 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:23:40.0723 5044 WcsPlugInService - ok 23:23:40.0755 5044 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:23:40.0755 5044 Wd - ok 23:23:40.0786 5044 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:23:40.0833 5044 Wdf01000 - ok 23:23:40.0848 5044 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:23:40.0926 5044 WdiServiceHost - ok 23:23:40.0942 5044 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:23:40.0957 5044 WdiSystemHost - ok 23:23:40.0989 5044 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 23:23:41.0004 5044 WebClient - ok 23:23:41.0020 5044 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:23:41.0051 5044 Wecsvc - ok 23:23:41.0051 5044 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:23:41.0098 5044 wercplsupport - ok 23:23:41.0113 5044 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 23:23:41.0145 5044 WerSvc - ok 23:23:41.0176 5044 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:23:41.0223 5044 WfpLwf - ok 23:23:41.0238 5044 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:23:41.0254 5044 WIMMount - ok 23:23:41.0301 5044 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 23:23:41.0457 5044 WinDefend - ok 23:23:41.0503 5044 WinHttpAutoProxySvc - ok 23:23:41.0566 5044 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:23:41.0659 5044 Winmgmt - ok 23:23:41.0706 5044 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 23:23:41.0815 5044 WinRM - ok 23:23:41.0847 5044 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:23:41.0862 5044 WinUsb - ok 23:23:41.0893 5044 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 23:23:41.0925 5044 Wlansvc - ok 23:23:42.0003 5044 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:23:42.0065 5044 wlidsvc - ok 23:23:42.0081 5044 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:23:42.0096 5044 WmiAcpi - ok 23:23:42.0127 5044 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:23:42.0159 5044 wmiApSrv - ok 23:23:42.0221 5044 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 23:23:42.0268 5044 WMPNetworkSvc - ok 23:23:42.0268 5044 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:23:42.0283 5044 WPCSvc - ok 23:23:42.0315 5044 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:23:42.0346 5044 WPDBusEnum - ok 23:23:42.0346 5044 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:23:42.0377 5044 ws2ifsl - ok 23:23:42.0393 5044 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 23:23:42.0408 5044 wscsvc - ok 23:23:42.0408 5044 WSearch - ok 23:23:42.0471 5044 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 23:23:42.0533 5044 wuauserv - ok 23:23:42.0564 5044 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:23:42.0627 5044 WudfPf - ok 23:23:42.0705 5044 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:23:42.0751 5044 WUDFRd - ok 23:23:42.0783 5044 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:23:42.0798 5044 wudfsvc - ok 23:23:42.0829 5044 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 23:23:42.0861 5044 WwanSvc - ok 23:23:42.0907 5044 [ A640C90B007762939507C28A021BE3B3 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 23:23:42.0939 5044 xusb21 - ok 23:23:42.0970 5044 ================ Scan global =============================== 23:23:43.0001 5044 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 23:23:43.0032 5044 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 23:23:43.0048 5044 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 23:23:43.0063 5044 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 23:23:43.0095 5044 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 23:23:43.0095 5044 [Global] - ok 23:23:43.0095 5044 ================ Scan MBR ================================== 23:23:43.0110 5044 [ 6F053CE44510D4BA204AFC85893BC5C5 ] \Device\Harddisk0\DR0 23:23:46.0027 5044 \Device\Harddisk0\DR0 - ok 23:23:46.0027 5044 ================ Scan VBR ================================== 23:23:46.0043 5044 [ 438B8AA94C3D5738C3897D86C64CC5F2 ] \Device\Harddisk0\DR0\Partition1 23:23:46.0043 5044 \Device\Harddisk0\DR0\Partition1 - ok 23:23:46.0090 5044 [ 0B2E93EDBA7733630077AC30C39DDB1D ] \Device\Harddisk0\DR0\Partition2 23:23:46.0090 5044 \Device\Harddisk0\DR0\Partition2 - ok 23:23:46.0121 5044 [ 91206A8CAAAC29F9BBA702DA143937E9 ] \Device\Harddisk0\DR0\Partition3 23:23:46.0121 5044 \Device\Harddisk0\DR0\Partition3 - ok 23:23:46.0121 5044 ============================================================ 23:23:46.0121 5044 Scan finished 23:23:46.0121 5044 ============================================================ 23:23:46.0137 5972 Detected object count: 6 23:23:46.0137 5972 Actual detected object count: 6 23:24:23.0670 5972 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:23.0670 5972 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:24:23.0686 5972 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:23.0686 5972 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:24:23.0686 5972 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:23.0686 5972 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:24:23.0686 5972 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:23.0686 5972 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:24:23.0686 5972 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:23.0686 5972 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:24:23.0686 5972 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:23.0686 5972 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:24:45.0152 1356 Deinitialize success Gruss Peppone |
|
17.07.2013, 01:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Small.CA-Virus entfernen ok weiter mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
19.07.2013, 18:52
| #9 |
| | Win32/Small.CA-Virus entfernen Erstmal Danke für die weitere Hilfe. Mir ist nicht klar ob ich vom Desktop aus starten soll oder wie im Link beschrieben mit dem Stick und ins Bootmenü  |
|
20.07.2013, 01:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Small.CA-Virus entfernen Einfach vom Desktop starten  (Alles andere nur wenn der Rechner nicht mehr normal startet)
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
20.07.2013, 14:18
| #11 |
| | Win32/Small.CA-Virus entfernen hat gut geklappt. Hier die Ergebnisse: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-07-2013
Ran by Hans (administrator) on 20-07-2013 13:26:43
Running from C:\Users\Hans\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(CallingID Ltd.) C:\Program Files\Ask.com\CallingIDSDK\CIDGlobalLight.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {0c64381a-ee90-11df-8554-40618699ebd4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [ 2009-11-12] ()
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [ 2009-10-23] ()
HKU\Marie\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [ 2013-06-12] (Adobe Systems Incorporated)
HKU\Marie\...\Policies\system: [LogonHoursAction] 2
HKU\Marie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Niklas\...\Policies\system: [LogonHoursAction] 2
HKU\Niklas\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Susanne\...\Policies\system: [LogonHoursAction] 2
HKU\Susanne\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.org/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {4D4694B9-385C-4AA2-82E8-3B56C804C15A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {EAD3B8FA-F916-4B42-ABED-F253FA45906E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=4de61975-5fbb-4e3d-a009-48862bf7b4e8&apn_sauid=23239F00-747E-4ED5-869E-7722D78292EC
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" No File
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxp://stulde2.mail.intranet.mahle/dwa85W.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vpn1.mahle.com/+CSCOL+/csvrloader32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\prpzkjhg.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
==================== Drivers (Whitelisted) ====================
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5191168 2010-01-09] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [56448 2009-04-08] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-20 13:26 - 2013-07-20 13:26 - 00000000 ____D C:\FRST
2013-07-19 18:47 - 2013-07-20 13:25 - 01219758 _____ (Farbar) C:\Users\Hans\Desktop\FRST.exe
2013-07-16 23:18 - 2013-07-16 23:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Hans\Desktop\tdsskiller.exe
2013-07-16 23:13 - 2013-07-16 23:13 - 00002093 _____ C:\Users\Hans\Desktop\aswMBR.txt
2013-07-16 23:13 - 2013-07-16 23:13 - 00000512 _____ C:\Users\Hans\Desktop\MBR.dat
2013-07-15 19:03 - 2013-07-15 19:04 - 04745728 _____ (AVAST Software) C:\Users\Hans\Desktop\aswMBR.exe
2013-07-14 19:28 - 2013-07-14 22:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-14 19:27 - 2013-07-14 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 19:25 - 2013-07-14 19:25 - 00000000 ____D C:\Users\Hans\Desktop\mbar-1.06.0.1004
2013-07-14 19:23 - 2013-07-14 19:24 - 13399154 _____ C:\Users\Hans\Desktop\mbar-1.06.0.1004.zip
2013-07-10 13:06 - 2013-07-10 13:07 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Mozilla
2013-07-10 13:06 - 2013-07-10 13:06 - 00000000 ____D C:\Users\Marie\AppData\Local\Mozilla
2013-07-09 23:24 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-09 23:24 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-09 23:24 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-09 23:24 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-09 23:24 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-09 23:24 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-09 23:24 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-09 23:24 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-09 23:24 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-09 23:24 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-09 23:24 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-09 23:24 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-09 23:24 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-09 23:24 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-09 23:24 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-09 23:24 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-09 20:50 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 20:50 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 20:50 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-09 20:50 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-04 22:16 - 2013-07-14 19:12 - 00005706 _____ C:\Users\Hans\Desktop\Gmer.txt
2013-07-04 22:00 - 2013-07-14 14:54 - 00377856 _____ C:\Users\Hans\Desktop\gmer_2.1.19163.exe
2013-07-04 21:03 - 2013-07-04 21:03 - 00065166 _____ C:\Users\Hans\Desktop\Extras.Txt
2013-07-04 21:02 - 2013-07-04 21:02 - 00108744 _____ C:\Users\Hans\Desktop\OTL.Txt
2013-07-04 20:30 - 2013-07-04 20:30 - 00602112 _____ (OldTimer Tools) C:\Users\Hans\Desktop\OTL.exe
2013-07-04 20:29 - 2013-07-04 20:29 - 00000470 _____ C:\Users\Hans\Desktop\defogger_disable.log
2013-07-04 20:29 - 2013-07-04 20:29 - 00000000 _____ C:\Users\Hans\defogger_reenable
2013-07-04 20:20 - 2013-07-04 20:20 - 00000168 _____ C:\Users\Hans\Desktop\New Internet Shortcut.url
2013-07-04 20:19 - 2013-07-04 20:19 - 00050477 _____ C:\Users\Hans\Downloads\Defogger(1).exe
2013-07-04 20:18 - 2013-07-04 20:18 - 00050477 _____ C:\Users\Hans\Desktop\Defogger.exe
2013-07-03 21:11 - 2013-07-03 21:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-27 16:54 - 2013-06-27 16:54 - 00144160 _____ C:\Windows\Minidump\062713-23571-01.dmp
2013-06-23 10:30 - 2013-06-23 10:30 - 00000111 ____H C:\Users\Hans\Documents\.~lock.Entliehene Bücher Tina.odt#
2013-06-22 21:53 - 2013-06-22 21:53 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-22 21:53 - 2013-06-22 21:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-21 08:35 - 2013-06-21 08:35 - 00001054 _____ C:\Users\Hans\Desktop\Mobile USB Modem 1.0 - Verknüpfung.lnk
==================== One Month Modified Files and Folders =======
2013-07-20 13:27 - 2012-09-23 13:13 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd997c7a355a48.job
2013-07-20 13:26 - 2013-07-20 13:26 - 00000000 ____D C:\FRST
2013-07-20 13:25 - 2013-07-19 18:47 - 01219758 _____ (Farbar) C:\Users\Hans\Desktop\FRST.exe
2013-07-20 13:25 - 2010-04-06 11:27 - 00000000 ___RD C:\Users\Hans\Desktop
2013-07-20 13:17 - 2011-01-21 18:54 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 13:16 - 2012-05-13 10:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 10:16 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 10:16 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 10:13 - 2010-04-06 11:26 - 01446919 _____ C:\Windows\WindowsUpdate.log
2013-07-20 10:09 - 2012-05-14 13:40 - 00044091 _____ C:\Windows\setupact.log
2013-07-20 10:09 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 08:01 - 2010-05-22 15:14 - 00000000 ____D C:\Users\Hans\AppData\Local\CrashDumps
2013-07-18 22:44 - 2009-07-14 06:53 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 19:32 - 2013-02-13 17:27 - 00000000 ____D C:\Users\Niklas\AppData\Local\CrashDumps
2013-07-18 07:22 - 2010-04-07 06:59 - 00000680 __RSH C:\Users\Hans\ntuser.pol
2013-07-18 07:22 - 2010-04-06 11:27 - 00000000 ____D C:\Users\Hans
2013-07-17 15:12 - 2010-12-20 20:30 - 00000000 ____D C:\Users\Hans\Documents\Niklas
2013-07-16 23:18 - 2013-07-16 23:18 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Hans\Desktop\tdsskiller.exe
2013-07-16 23:13 - 2013-07-16 23:13 - 00002093 _____ C:\Users\Hans\Desktop\aswMBR.txt
2013-07-16 23:13 - 2013-07-16 23:13 - 00000512 _____ C:\Users\Hans\Desktop\MBR.dat
2013-07-16 17:58 - 2010-01-26 16:21 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 19:04 - 2013-07-15 19:03 - 04745728 _____ (AVAST Software) C:\Users\Hans\Desktop\aswMBR.exe
2013-07-14 22:32 - 2013-07-14 19:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-14 20:03 - 2013-06-09 10:31 - 00000000 ____D C:\Users\Hans\Documents\Krankenversicherung SDK
2013-07-14 19:27 - 2013-07-14 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 19:25 - 2013-07-14 19:25 - 00000000 ____D C:\Users\Hans\Desktop\mbar-1.06.0.1004
2013-07-14 19:24 - 2013-07-14 19:23 - 13399154 _____ C:\Users\Hans\Desktop\mbar-1.06.0.1004.zip
2013-07-14 19:12 - 2013-07-04 22:16 - 00005706 _____ C:\Users\Hans\Desktop\Gmer.txt
2013-07-14 14:54 - 2013-07-04 22:00 - 00377856 _____ C:\Users\Hans\Desktop\gmer_2.1.19163.exe
2013-07-12 17:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 07:42 - 2010-01-26 16:42 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 13:09 - 2013-06-06 18:20 - 00000000 ____D C:\Users\Marie\AppData\Local\DoNotTrackPlus
2013-07-10 13:07 - 2013-07-10 13:06 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Mozilla
2013-07-10 13:06 - 2013-07-10 13:06 - 00000000 ____D C:\Users\Marie\AppData\Local\Mozilla
2013-07-10 13:05 - 2009-07-14 06:33 - 00410400 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 13:01 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 13:01 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 23:22 - 2010-01-28 15:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-04 21:03 - 2013-07-04 21:03 - 00065166 _____ C:\Users\Hans\Desktop\Extras.Txt
2013-07-04 21:02 - 2013-07-04 21:02 - 00108744 _____ C:\Users\Hans\Desktop\OTL.Txt
2013-07-04 20:30 - 2013-07-04 20:30 - 00602112 _____ (OldTimer Tools) C:\Users\Hans\Desktop\OTL.exe
2013-07-04 20:29 - 2013-07-04 20:29 - 00000470 _____ C:\Users\Hans\Desktop\defogger_disable.log
2013-07-04 20:29 - 2013-07-04 20:29 - 00000000 _____ C:\Users\Hans\defogger_reenable
2013-07-04 20:20 - 2013-07-04 20:20 - 00000168 _____ C:\Users\Hans\Desktop\New Internet Shortcut.url
2013-07-04 20:19 - 2013-07-04 20:19 - 00050477 _____ C:\Users\Hans\Downloads\Defogger(1).exe
2013-07-04 20:18 - 2013-07-04 20:18 - 00050477 _____ C:\Users\Hans\Desktop\Defogger.exe
2013-07-04 06:50 - 2012-10-26 14:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 21:11 - 2013-07-03 21:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 20:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-02 21:10 - 2013-05-07 16:10 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-27 16:54 - 2013-06-27 16:54 - 00144160 _____ C:\Windows\Minidump\062713-23571-01.dmp
2013-06-27 16:54 - 2013-04-06 11:46 - 360120221 _____ C:\Windows\MEMORY.DMP
2013-06-27 16:54 - 2012-12-10 14:51 - 00000000 ____D C:\Windows\Minidump
2013-06-25 23:26 - 2010-04-06 11:30 - 00000000 ____D C:\Users\Hans\AppData\Local\Microsoft Games
2013-06-25 22:16 - 2010-01-26 17:30 - 00000000 ____D C:\ProgramData\Adobe
2013-06-23 10:30 - 2013-06-23 10:30 - 00000111 ____H C:\Users\Hans\Documents\.~lock.Entliehene Bücher Tina.odt#
2013-06-23 10:24 - 2012-11-14 22:37 - 00091014 _____ C:\Windows\PFRO.log
2013-06-22 21:58 - 2010-04-06 11:50 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Adobe
2013-06-22 21:53 - 2013-06-22 21:53 - 00001993 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-06-22 21:53 - 2013-06-22 21:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-22 21:53 - 2010-04-06 21:24 - 00000000 ____D C:\Users\Hans\AppData\Local\Adobe
2013-06-22 21:53 - 2010-01-26 17:30 - 00000000 ____D C:\Program Files\Adobe
2013-06-22 21:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-06-21 08:35 - 2013-06-21 08:35 - 00001054 _____ C:\Users\Hans\Desktop\Mobile USB Modem 1.0 - Verknüpfung.lnk
2013-06-21 08:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\DriverStore
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-14 21:25
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-07-2013
Ran by Hans at 2013-07-20 13:28:48
Running from C:\Users\Hans\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
5600 (Version: 130.0.365.000)
5600_Help (Version: 82.0.242.000)
5600Trb (Version: 82.0.242.000)
7-Zip 4.65
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.02) - Deutsch (Version: 11.0.02)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
ALDI Süd Foto Manager Free (Version: 6.0.1.491)
ALDI Süd Foto Service (Version: 4.5.9.140)
Aldi Süd Fotoservice
ALDI SÜD Mah Jong
ALDI Süd Online Druck Service (Version: 4.5.1.0)
Amazon MP3-Downloader 1.0.9
AMD USB Filter Driver (Version: 1.0.13.88)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.15.24.0)
ATI Catalyst Install Manager (Version: 3.0.758.0)
Avira Free Antivirus (Version: 13.0.0.3882)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.5.42066)
Bing Bar (Version: 7.1.391.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center Core Implementation (Version: 2010.0108.1837.33337)
Catalyst Control Center Graphics Full Existing (Version: 2010.0108.1837.33337)
Catalyst Control Center Graphics Full New (Version: 2010.0108.1837.33337)
Catalyst Control Center Graphics Light (Version: 2010.0108.1837.33337)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0108.1837.33337)
Catalyst Control Center InstallProxy (Version: 2010.0108.1837.33337)
Catalyst Control Center Localization All (Version: 2010.0108.1837.33337)
CCC Help Danish (Version: 2010.0108.1836.33337)
CCC Help Dutch (Version: 2010.0108.1836.33337)
CCC Help English (Version: 2010.0108.1836.33337)
CCC Help Finnish (Version: 2010.0108.1836.33337)
CCC Help French (Version: 2010.0108.1836.33337)
CCC Help German (Version: 2010.0108.1836.33337)
CCC Help Italian (Version: 2010.0108.1836.33337)
CCC Help Japanese (Version: 2010.0108.1836.33337)
CCC Help Norwegian (Version: 2010.0108.1836.33337)
CCC Help Spanish (Version: 2010.0108.1836.33337)
CCC Help Swedish (Version: 2010.0108.1836.33337)
ccc-core-static (Version: 2010.0108.1837.33337)
ccc-utility (Version: 2010.0108.1837.33337)
CCleaner (Version: 3.17)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Copy (Version: 130.0.428.000)
CorelDRAW Essentials 4 - Content (Version: 4.0)
CorelDRAW Essentials 4 - Draw (Version: 4.0)
CorelDRAW Essentials 4 - Extra Content
CorelDRAW Essentials 4 - Extra Content (Version: 4.0)
CorelDRAW Essentials 4 - Filters (Version: 4.0)
CorelDRAW Essentials 4 - ICA (Version: 4.0)
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0)
CorelDRAW Essentials 4 - Lang BR (Version: 4.0)
CorelDRAW Essentials 4 - Lang DE (Version: 4.0)
CorelDRAW Essentials 4 - Lang EN (Version: 4.0)
CorelDRAW Essentials 4 - Lang ES (Version: 4.0)
CorelDRAW Essentials 4 - Lang FR (Version: 4.0)
CorelDRAW Essentials 4 - Lang IT (Version: 4.0)
CorelDRAW Essentials 4 - Lang NL (Version: 4.0)
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0)
CorelDRAW Essentials 4 (Version: 4.0)
CyberLink LabelPrint (Version: 2.5.1916)
CyberLink Power2Go (Version: 6.1.3213)
CyberLink PowerDVD Copy (Version: 1.0.6720)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
dm-Fotowelt
DocProc (Version: 13.0.0.0)
ElsterFormular (Version: 13.4.0.10136)
Fax (Version: 130.0.418.000)
Firebird SQL Server - MAGIX Edition (Version: 2.1.23.0)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.123)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iCloud (Version: 2.1.1.3)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.1.2)
Java(TM) 6 Update 18 (Version: 6.0.180)
Junk Mail filter update (Version: 14.0.8089.726)
LEGO Star Wars II (Version: 1.00.0000)
MarketResearch (Version: 130.0.374.000)
MEDION Fotos auf CD & DVD SE Sued (Version: 8.0.3.4)
Meine CEWE FOTOWELT
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
Mp3tag v2.49 (Version: v2.49)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 130.0.572.000)
NVIDIA PhysX (Version: 9.09.0814)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
OpenOffice.org 3.4 (Version: 3.4.9590)
PDF24 Creator 5.2.0
Picasa 3 (Version: 3.9)
Pro Evolution Soccer 6 (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.5995)
Safari (Version: 5.34.57.2)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Status (Version: 130.0.469.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.6 (Version: 2.0.6)
WebReg (Version: 130.0.132.017)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live ID-Anmelde-Assistent (Version: 6.500.3146.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Yahoo! Toolbar
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:04 - 2013-03-15 17:46 - 00000911 ____R C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {078C71CF-0F8C-413A-BD44-29ED34DF794F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-04-01] ()
Task: {08109F44-F66D-46CD-BCF3-92B73C04B71A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {13A8C077-F2B4-40E1-B7C2-239E9D3A304C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-21] (Google Inc.)
Task: {3D755740-47BE-4179-87AF-EFD25799D20E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-21] (Google Inc.)
Task: {49AD8CB0-B343-4815-B320-D24CE5636AD9} - System32\Tasks\GoogleUpdateTaskMachineCore1cd997c7a355a48 => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-21] (Google Inc.)
Task: {52D2BE7B-939D-47A0-AC3C-EE46C550097D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {6F19872B-340C-4D28-9B62-3420B5B97C04} - System32\Tasks\{6483AA3D-C88F-4961-8C27-2347A7FB039A} => C:\Program Files\Norton Internet Security\Engine\17.7.0.12\uistub.exe No File
Task: {7065AACD-785D-41C4-8371-830DF68E1ED7} - System32\Tasks\WPD\SqmUpload_S-1-5-21-25124745-1231751837-4096840976-1005 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {A225576E-169B-497F-8CC3-0D8830807B40} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {F2A22F9A-21FB-4913-A704-08A3833BDF18} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd997c7a355a48.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2013 01:16:57 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Internal MSI error. Installer terminated prematurely.
Error: (07/20/2013 01:16:51 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\smiengine.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Windows Modules Installer wurde wegen dieses Fehlers geschlossen.
Programm: Windows Modules Installer
Datei: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\smiengine.dll
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000010
Datenträgertyp: 3
Error: (07/20/2013 01:16:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TrustedInstaller.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce78e33
Name des fehlerhaften Moduls: smiengine.dll, Version: 6.1.7601.17592, Zeitstempel: 0x4d9ff4a3
Ausnahmecode: 0xc0000006
Fehleroffset: 0x00078943
ID des fehlerhaften Prozesses: 0xbb0
Startzeit der fehlerhaften Anwendung: 0xTrustedInstaller.exe0
Pfad der fehlerhaften Anwendung: TrustedInstaller.exe1
Pfad des fehlerhaften Moduls: TrustedInstaller.exe2
Berichtskennung: TrustedInstaller.exe3
Error: (07/20/2013 01:16:36 PM) (Source: ESENT) (User: )
Description: taskhost (3640) WebCacheLocal: Versuch, in Datei "C:\Users\Hans\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" bei Offset 1507328 (0x0000000000170000) für 32768 (0x00008000) Bytes zu schreiben, ist nach taskhost0 Sekunden mit Systemfehler 1 (0x00000001): "Unzulässige Funktion. " fehlgeschlagen. Fehler -1022 (0xfffffc02) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error: (07/20/2013 01:16:33 PM) (Source: ESENT) (User: )
Description: taskhost (3640) WebCacheLocal: Versuch, in Datei "C:\Users\Hans\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" bei Offset 131072 (0x0000000000020000) für 32768 (0x00008000) Bytes zu schreiben, ist nach taskhost0 Sekunden mit Systemfehler 1 (0x00000001): "Unzulässige Funktion. " fehlgeschlagen. Fehler -1022 (0xfffffc02) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
Error: (07/20/2013 10:23:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15584
Error: (07/20/2013 10:23:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15584
Error: (07/20/2013 10:23:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/19/2013 07:18:20 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\dnsapi.dll" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Hostprozess für Windows-Dienste wurde wegen dieses Fehlers geschlossen.
Programm: Hostprozess für Windows-Dienste
Datei: C:\Windows\System32\dnsapi.dll
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: C0000010
Datenträgertyp: 3
Error: (07/19/2013 07:18:20 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_Dnscache, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: DNSAPI.dll, Version: 6.1.7601.17570, Zeitstempel: 0x4d6f2733
Ausnahmecode: 0xc0000006
Fehleroffset: 0x0003215b
ID des fehlerhaften Prozesses: 0x4f0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Dnscache0
Pfad der fehlerhaften Anwendung: svchost.exe_Dnscache1
Pfad des fehlerhaften Moduls: svchost.exe_Dnscache2
Berichtskennung: svchost.exe_Dnscache3
System errors:
=============
Error: (07/20/2013 01:17:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/20/2013 01:16:57 PM) (Source: amdsata) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error: (07/20/2013 01:16:54 PM) (Source: amdsata) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error: (07/20/2013 01:16:50 PM) (Source: amdsata) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error: (07/20/2013 01:16:47 PM) (Source: amdsata) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error: (07/20/2013 01:16:44 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0
Error: (07/20/2013 01:16:44 PM) (Source: amdsata) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error: (07/20/2013 01:16:41 PM) (Source: amdsata) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error: (07/20/2013 01:16:38 PM) (Source: amdsata) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error: (07/20/2013 01:16:35 PM) (Source: amdsata) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2011-11-02 16:56:29.273
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-02 16:44:53.785
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-02 16:38:31.371
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-02 16:06:25.338
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-02 15:52:03.106
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-02 15:44:36.222
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-02 15:20:57.606
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\SDHook32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2011-11-02 15:19:17.044
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 3326.3 MB
Available physical RAM: 2324.72 MB
Total Pagefile: 6650.9 MB
Available Pagefile: 5246.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.76 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:1376.16 GB) (Free:1299.95 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:19.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: DF3FB8C6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-721379393536) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
21.07.2013, 14:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Small.CA-Virus entfernen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
22.07.2013, 08:34
| #13 |
| | Win32/Small.CA-Virus entfernen Hallo cosinus Danke für die Hilfe hier die Logfiles ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.1.9 (07.20.2013:3) OS: Windows 7 Home Premium x86 Ran by Hans on 22.07.2013 at 0:08:34,08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\genericasktoolbar.dll Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthost.tool.1 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EAD3B8FA-F916-4B42-ABED-F253FA45906E} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\install.res.1031.dll ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Hans\AppData\Roaming\mozilla\firefox\profiles\prpzkjhg.default-1351854918632\searchplugins\askcom.xml Successfully deleted: [Folder] C:\Users\Hans\AppData\Roaming\mozilla\firefox\profiles\prpzkjhg.default-1351854918632\extensions\toolbar@ask.com Successfully deleted the following from C:\Users\Hans\AppData\Roaming\mozilla\firefox\profiles\prpzkjhg.default-1351854918632\prefs.js user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.order.1", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); user_pref("extensions.asktb.apn_dbr", "ff_20.0.1"); user_pref("extensions.asktb.autofill-text-highlight-enabled", true); user_pref("extensions.asktb.cbid", "^AGY"); user_pref("extensions.asktb.config-updated", false); user_pref("extensions.asktb.crumb", "2013.04.19+10.50.32-toolbar013iad-NL-QW1zdGVyZGFtLE5ldGhlcmxhbmRz"); user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}"); user_pref("extensions.asktb.domain", "avira-int.ask.com"); user_pref("extensions.asktb.domainName", "avira-int.ask.com"); user_pref("extensions.asktb.dtid", "^YYYYYY^YY^NL"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("extensions.asktb.fresh-install", false); user_pref("extensions.asktb.guid", "4de61975-5fbb-4e3d-a009-48862bf7b4e8"); user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp user_pref("extensions.asktb.if", "first"); user_pref("extensions.asktb.keyword-toggled-in-session", false); user_pref("extensions.asktb.l", "dis"); user_pref("extensions.asktb.last-config-req", "1374436362367"); user_pref("extensions.asktb.last-search-timestamp", "1373306897236"); user_pref("extensions.asktb.locale", "de_NL"); user_pref("extensions.asktb.localePref", true); user_pref("extensions.asktb.location", "Amsterdam,Netherlands"); user_pref("extensions.asktb.new-tab-opt-out", true); user_pref("extensions.asktb.o", "APN10267"); user_pref("extensions.asktb.overlay-reloaded-using-restart", true); user_pref("extensions.asktb.qsrc", "2871"); user_pref("extensions.asktb.r", "2"); user_pref("extensions.asktb.sa", "YES"); user_pref("extensions.asktb.saguid", "23239F00-747E-4ED5-869E-7722D78292EC"); user_pref("extensions.asktb.search-history-queries", "stuttgart rosensteinstraße||wetter winnenden||waiblingen live musik||songtext highway||das örtliche||wunnebad winnenden|| user_pref("extensions.asktb.search-suggestions-enabled", true); user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); user_pref("extensions.asktb.socialmini-first", true); user_pref("extensions.asktb.socialmini-interval", "1200000"); user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); user_pref("extensions.asktb.socialmini-max-items", "30"); user_pref("extensions.asktb.socialmini-native-on", true); user_pref("extensions.asktb.socialmini-speed", "5000"); user_pref("extensions.asktb.themeid", ""); user_pref("extensions.asktb.timeinstalled", "19.04.2013 19:52:40"); user_pref("extensions.asktb.to", ""); user_pref("extensions.asktb.v", "3.15.24.100015"); user_pref("extensions.asktb.version", "5.15.24.42066"); Emptied folder: C:\Users\Hans\AppData\Roaming\mozilla\firefox\profiles\prpzkjhg.default-1351854918632\minidumps [80 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22.07.2013 at 0:09:52,78 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 00:45:32 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Hans - HANS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hans\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Users\Hans\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Hans\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Marie\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Marie\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Susanne\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00F1A65D97AD1E11D8D76334268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029DEE7E67AD1E113852DB04268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03576BC0A7AD1E1188A9A434268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFD72C0A6D1E1179AC85E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B0B68797AD1E118A6A4E24268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0828D86187AD1E1129764B14268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\088A41FE97AD1E114BD41434268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090E991ED42E1E11D93A5C2F168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F968E620A6D1E11B999E6D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF1D43997AD1E11FA430034268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2010C0B997AD1E111983F034268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20414E2897AD1E116B041F24268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\241E1DAF97AD1E11CBD65434268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5CB10287AD1E112AF1CB14268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41B9E26133CD1E114A4E096D168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42B7416F0A6D1E112971B6E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\435ED11E0A6D1E1138C146E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\466B1A160A6D1E11DAFD1AD3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\600642CA97AD1E11EB30A134268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61C07F78D42E1E113849882F168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638A55350A6D1E114AE6C9D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63C6A3960A6D1E1199A78AD3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BE09BB77AD1E1129594214268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F9C62077AD1E11BA0CBC04268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6967575E4ADD1E11E9E591AF068807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A0601CF0A6D1E11EA66D6E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D34269C97AD1E11DAE42334268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DE790BA0A6D1E111B7A93E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F874FC077AD1E11FB2CCC04268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72D3312E1E95E8C4AAA81BADB30D5FC0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E6A1B4EEAA8A942B405B51643FD2FC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\800967B40A6D1E1129B8C8D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DDE340A6D1E11B833B8D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\818F60F20A6D1E1149E987D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8225E07F67AD1E1138657C04268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83011A2A97AD1E1139DD6134268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D3F53D0A6D1E112BC9F5E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860F3B99848D1E119B5569D6168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87B1CC30A7AD1E117BC59434268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8849E84D67AD1E11A8881B04268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A7FEEA8848D1E11D8ABF7D6168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B065BD72ADD1E116B25978F068807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B58DAA50A6D1E11C924D9D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B8DC47DD42E1E119948EB2F168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BCF643B0A6D1E113A80C4E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C52E23087AD1E11BB364914268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980D2637EBB4E31449BDFE2D7447AE03
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A301910E5ADD1E11CBD5C1BF068807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A51CAA4F77AD1E116923D714268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6EA75AD0A6D1E116B9506E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A81E6B410A6D1E11B98E66D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD31AEF90A6D1E112B67A2E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF79D8530A6D1E11296968D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA82713BF2918244BB38D4D3626E2F31
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A5C56BD42E1E11AA061B2F168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C61425DC0A6D1E11488AE5E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D6135E97AD1E11783A0434268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D68CEE0A6D1E1129B096E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5F24F10A6D1E118B7AD6D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBE5FFA897AD1E11CA349F24268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC46BC9AD42E1E11B93ADA2F168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0B84F7CD42E1E113A65AB2F168807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0C668D287AD1E117AAAFB14268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E318FDD30A6D1E115956A8D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E58C26300A6D1E11EBCF16D3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E81243990A6D1E117B9C52E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90A558E0A6D1E111A4356E3268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E942FF4ABC342DA42A4C40617E8ADC8C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF874E5B67AD1E113A7B2A04268807B9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\prpzkjhg.default-1351854918632\prefs.js
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Datei : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\ihv7yms5.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Datei : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\c3gwge35.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [22257 octets] - [22/07/2013 00:45:32]
########## EOF - C:\AdwCleaner[S1].txt - [22318 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 07:57:42 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Hans - HANS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hans\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\prpzkjhg.default-1351854918632\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\ihv7yms5.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\c3gwge35.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [22388 octets] - [22/07/2013 00:45:32]
AdwCleaner[S2].txt - [1043 octets] - [22/07/2013 07:57:42]
########## EOF - C:\AdwCleaner[S2].txt - [1103 octets] ##########
Hier der Abschluss OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.07.2013 08:20:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,34% Memory free
6,50 Gb Paging File | 5,49 Gb Available in Paging File | 84,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1376,16 Gb Total Space | 1300,04 Gb Free Space | 94,47% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,53% Space Free | Partition Type: NTFS
Computer Name: HANS-PC | User Name: Hans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044D6B2C-9AB3-4C41-A7C8-9263C7E38EE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0A324E80-2F6D-44B4-BC15-200E93D0F744}" = rport=137 | protocol=17 | dir=out | app=system |
"{0BABD92F-23C6-4736-89A5-3D74BB5936C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1DE7637A-9B01-44A8-82E2-74215EE6C601}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F7450A0-0BD7-467E-8566-D74BE47AD1E2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{35A9BFFC-CBBD-45D3-9BF2-F8F5ABF894B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49866BFD-EDB8-401F-9BFF-B0AE685E99AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63A88686-FC4C-4DE8-A365-2D8A8F8D1B21}" = lport=445 | protocol=6 | dir=in | app=system |
"{663D9FF7-6050-4E4B-B716-A71E81A00531}" = rport=139 | protocol=6 | dir=out | app=system |
"{6975EC16-BFB5-43D7-AF3F-5FC8D9A36FFF}" = rport=445 | protocol=6 | dir=out | app=system |
"{8A8F8418-73A9-429C-845E-05089CE3A4F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4B7FFE9-D6EB-4AE0-B8C3-E2DBC47B6C0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7591091-80E9-4AF0-A1CE-43DBF23B5385}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B41978D7-EED5-4363-839F-8780A43D0C3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C50B3350-D4EA-4968-ADEC-32E694058681}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBE5E4E2-5799-4062-B8DA-280FAD0E6050}" = lport=139 | protocol=6 | dir=in | app=system |
"{CDB78CA8-B0BF-4A1D-945A-B4BCDB55917D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7B55B5A-0C43-44A9-A14C-FBEC2B8EF386}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9BF06EE-41A0-45DC-9CC2-89734EFF1ACA}" = rport=138 | protocol=17 | dir=out | app=system |
"{EBD44A1A-99C0-4568-95BE-A27DC64E1F85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECBCF07D-F005-42AF-B9CD-0071F4E56EE9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5FEFEFB-4F3F-4AE8-B583-0751AE4E8ADF}" = lport=137 | protocol=17 | dir=in | app=system |
"{FFC45B75-3E56-4406-B849-D61FAC49E938}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C25583D-EB91-4BAF-89BC-23D6CC6EB244}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{19C4FE0E-4178-45F6-9F58-C5045FA3D2F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{1BE639D1-4DB1-462E-B678-299BCCEA07D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{28892240-7E53-47C9-A261-038DD4D4FBC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D18F8C2-A0DF-44CD-8592-98AEA6EB7367}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{31E8DF8D-4C4C-4ACA-8D04-413F8EB9F829}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3AAC8937-A984-46C7-B7E2-8DF6CA685449}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3ADEB1A0-AFD2-4B73-A1E4-2D3FCD66F997}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{40A29986-F288-4E47-A3F7-DE5BC4D6B9FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{455599EE-B2AB-4AE4-8AEC-2152282BCEC4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{4C344266-8816-4DF9-B164-22ABC675B3C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55A37448-04D6-4A84-BD53-2D303B2B1344}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{5CC97F29-2363-4A25-8820-B74A73B2B45F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{6337DEDB-D042-4D4C-AC5E-ADDB088C1CFE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{64135EB3-D921-4257-82F0-6C5585726B39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{65869BE4-A580-456F-8BEE-1B554A61215F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{7002F95A-EA6C-4F63-8658-FE5061620813}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{7C1A490F-AF93-4FC4-8FF1-11FABF32B64E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{887FA4E8-FE8E-4A5A-BB4F-E7345C837F27}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8C4F7495-E0CD-4796-858F-154D72F9083A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{8FE560DD-6B95-47BC-9D96-FFCB56755CB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{961D50ED-25AC-4329-A130-7488A48636C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{96F66570-4FB2-41EA-8B37-68DAFF2E3EFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9CE53C92-1F50-43E1-A5DB-3C3169AD1E48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A1B633E1-F05E-4B2E-BD4F-4AB4E3F9A0A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{A589F4A8-F831-4CAB-A06D-8A48973C39AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A88D738F-3899-4098-B7F2-F8EBF802BAF8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{AB58BE99-986D-421F-800C-7B1708B6C86B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE125130-A198-42CA-929C-A550032B5190}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{B15F0AF0-2E75-4C7B-B14E-628F038B566C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{CE326E96-674A-4CE9-B1F1-408E0DE36DF1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D425BBBA-BF5B-4DEE-BD1B-997F0EDB34D8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D67A0EE2-8865-45D4-94AE-B7840BFAC2F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8594E4D-A09D-4556-A98A-B3774AD81AD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{DE790F8E-CF9F-4031-9B2D-4A9516837802}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0F3B78F-C9BE-4B10-A9A6-04E81C4D854B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1B6AAB4-5711-4106-A15B-0B31AD376D92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E43FF323-6995-4092-A16E-A1ABD89E8E0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBAB9B18-6FD4-4672-A402-FB0AEC0C4A0C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EF258321-1056-40F4-92A2-D520F79ED03F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F142515C-1BD5-4E75-9873-06BCE72C6EB0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F26AA263-A162-4D12-927D-8A38B41C5D99}" = protocol=6 | dir=out | app=system |
"{F2B43345-09FD-4857-BAC5-309740BCB1F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F623A2D8-6362-4EE4-99F4-EB2AFCF531DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9263217-4756-4AFD-AAAB-7F898604FEA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF3C7EFD-96D4-43D1-BCB0-54E7CB95004D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{413070A8-C741-4E78-803F-F07E2ED3B47C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3C9A6C63-3DF8-4D77-888B-94452FD088B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1433046A-BAE7-EBC6-4CAE-9A7BD0C3A35D}" = CCC Help Finnish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{54873998-9F2C-4D2F-2CC1-BEE8D9D9FC73}" = ccc-utility
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A2EA4C-F1DD-BBA7-F816-BD76EA3C08DF}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88A34D88-1A75-8C9D-A26E-F283436AC0A6}" = ATI Catalyst Install Manager
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1969E4-3533-3735-B5DF-82F24164203C}" = CCC Help Japanese
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C516706-B1CC-EBFC-A0CB-02E1FF5FC0FC}" = CCC Help Danish
"{9D8004FF-B214-18C6-4473-4993230B11D5}" = CCC Help Norwegian
"{9E3C6E9F-26C9-F771-36B5-2065515AA7C2}" = CCC Help Dutch
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A81FC45F-6431-CFD2-2FEF-B259C3B8DEB4}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACCC042D-A515-F15A-44DC-B8916D269A53}" = Catalyst Control Center Localization All
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA67EF42-DC5C-18EE-5DB4-7EB3987589BC}" = Catalyst Control Center Core Implementation
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BC37B94A-1C40-D769-0E53-157C3FF481C6}" = CCC Help German
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C170B7B5-9720-C191-F5FA-981C3FACAED6}" = CCC Help English
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5346D3C-C9FF-A4FD-FDDB-A36DE137A513}" = CCC Help Italian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB5167B0-61DF-D5EA-E1C4-438D869D0B4A}" = ccc-core-static
"{D443CF18-21ED-8648-CB98-B338EF0D8A51}" = CCC Help Swedish
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8104EB7-EA8D-08D1-9A69-717E2F2E86F9}" = Catalyst Control Center Graphics Full New
"{D8D76911-AA3A-62C8-8E1B-F94A518BD27D}" = Catalyst Control Center Graphics Previews Vista
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EC27B0C8-F3B7-95BD-96B8-A8D8C78A94B8}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F92DBD0E-7769-3E62-3526-45ED37E0A921}" = CCC Help Spanish
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular" = ElsterFormular
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 21.07.2013 18:22:14 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 21.07.2013 18:51:08 | Computer Name = Hans-PC | Source = bowser | ID = 8003
Description =
Error - 21.07.2013 18:56:42 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 21.07.2013 18:56:45 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 22.07.2013 01:32:26 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 22.07.2013 01:32:29 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 22.07.2013 02:09:31 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 22.07.2013 02:09:34 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 22.07.2013 02:27:21 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
Error - 22.07.2013 02:27:23 | Computer Name = Hans-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.07.2013 08:20:30 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 75,34% Memory free 6,50 Gb Paging File | 5,49 Gb Available in Paging File | 84,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1300,04 Gb Free Space | 94,47% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,53% Space Free | Partition Type: NTFS Computer Name: HANS-PC | User Name: Hans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hans\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4df2e863676f312ab7aea9f2c2090d2e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3660.33486__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3660.33443__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3660.33319__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3660.33396__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3660.33397__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3660.33417__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3660.33329__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3660.33444__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3660.33395__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3660.33388__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3660.33338__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3660.33330__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3660.33487__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3660.33482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3660.33379__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3660.33458__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3660.33346__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3660.33410__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3660.33371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3660.33378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3660.33385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3660.33457__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3660.33384__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3660.33351__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3660.33386__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3639.21544__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3639.21529__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3639.21799__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3639.21677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3639.21772__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3639.21517__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3639.21518__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3639.21922__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3639.21571__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3639.21582__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3639.21557__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3639.21776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3639.21569__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3639.21562__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3639.21599__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3639.21620__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3639.21566__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3639.21663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3639.21591__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3639.21613__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3639.21806__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3639.21789__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3639.21606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3639.21788__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3660.33325__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3660.33479__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3660.33428__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3660.33337__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3660.33436__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3660.33434__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3639.21679__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3660.33316__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3639.21608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3660.33315__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3660.33318__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3639.21609__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3639.21670__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3639.21589__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3660.33314__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3660.33451__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3639.21551__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3639.21578__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3639.21577__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3639.21601__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3639.21521__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3639.21666__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3639.21623__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3639.21565__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3639.21594__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3639.21673__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3639.21539__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3639.21592__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3639.21596__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3639.21681__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3639.21611__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3639.21604__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3660.33435__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3639.21570__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3660.33313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Hans\Pictures\Marie IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.org/ IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\..\SearchScopes\{4D4694B9-385C-4AA2-82E8-3B56C804C15A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\..\SearchScopes\{71B7257F-4F9F-4078-B632-64B3276F960D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home|hxxp://ecosia.org/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.22 10:42:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.03 21:11:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.22 10:42:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.03 21:11:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.26 14:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Extensions [2013.07.22 00:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Firefox\Profiles\prpzkjhg.default-1351854918632\extensions [2013.07.03 21:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.03 21:11:45 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.03.15 17:46:08 | 000,000,911 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-25124745-1231751837-4096840976-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxp://stulde2.mail.intranet.mahle/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vpn1.mahle.com/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C15B7B-3473-408D-807F-5F983914D6BB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c64381a-ee90-11df-8554-40618699ebd4}\Shell - "" = AutoRun O33 - MountPoints2\{0c64381a-ee90-11df-8554-40618699ebd4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.22 00:08:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.22 00:07:11 | 000,559,550 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Hans\Desktop\JRT.exe [2013.07.20 17:09:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013.07.20 13:26:35 | 000,000,000 | ---D | C] -- C:\FRST [2013.07.19 18:47:47 | 001,219,758 | ---- | C] (Farbar) -- C:\Users\Hans\Desktop\FRST.exe [2013.07.16 23:18:33 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hans\Desktop\tdsskiller.exe [2013.07.15 19:03:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Hans\Desktop\aswMBR.exe [2013.07.14 19:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.07.14 19:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.14 19:25:31 | 000,000,000 | ---D | C] -- C:\Users\Hans\Desktop\mbar-1.06.0.1004 [2013.07.09 23:24:25 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.07.09 23:24:24 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.07.09 23:24:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.07.09 23:24:24 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.07.09 23:24:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.07.09 23:24:22 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.07.09 23:24:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.07.09 23:24:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.07.09 23:24:22 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.07.09 23:24:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.07.09 20:50:26 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.07.09 20:50:20 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013.07.09 20:50:16 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013.07.09 20:50:13 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.07.04 20:30:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe [2013.07.03 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.06.22 21:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.22 08:10:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd997c7a355a48.job [2013.07.22 08:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.22 08:09:06 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 08:09:06 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 08:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.22 08:01:36 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2013.07.22 07:25:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.22 00:17:38 | 000,666,633 | ---- | M] () -- C:\Users\Hans\Desktop\adwcleaner.exe [2013.07.22 00:07:14 | 000,559,550 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Hans\Desktop\JRT.exe [2013.07.20 13:25:40 | 001,219,758 | ---- | M] (Farbar) -- C:\Users\Hans\Desktop\FRST.exe [2013.07.18 07:22:23 | 000,000,680 | RHS- | M] () -- C:\Users\Hans\ntuser.pol [2013.07.16 23:18:41 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hans\Desktop\tdsskiller.exe [2013.07.16 23:13:34 | 000,000,512 | ---- | M] () -- C:\Users\Hans\Desktop\MBR.dat [2013.07.16 17:58:28 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.16 17:58:28 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.16 17:58:28 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.16 17:58:28 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.15 19:04:16 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Hans\Desktop\aswMBR.exe [2013.07.14 19:24:30 | 013,399,154 | ---- | M] () -- C:\Users\Hans\Desktop\mbar-1.06.0.1004.zip [2013.07.14 14:54:28 | 000,377,856 | ---- | M] () -- C:\Users\Hans\Desktop\gmer_2.1.19163.exe [2013.07.10 13:05:09 | 000,410,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.04 20:30:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe [2013.07.04 20:29:25 | 000,000,000 | ---- | M] () -- C:\Users\Hans\defogger_reenable [2013.07.04 20:20:11 | 000,000,168 | ---- | M] () -- C:\Users\Hans\Desktop\New Internet Shortcut.url [2013.07.04 20:18:56 | 000,050,477 | ---- | M] () -- C:\Users\Hans\Desktop\Defogger.exe [2013.07.02 21:10:27 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys [2013.06.27 16:54:02 | 360,120,221 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.23 10:30:00 | 000,000,111 | -H-- | M] () -- C:\Users\Hans\Documents\.~lock.Entliehene Bücher Tina.odt# [2013.06.22 21:53:59 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.22 00:17:37 | 000,666,633 | ---- | C] () -- C:\Users\Hans\Desktop\adwcleaner.exe [2013.07.16 23:13:34 | 000,000,512 | ---- | C] () -- C:\Users\Hans\Desktop\MBR.dat [2013.07.14 19:23:17 | 013,399,154 | ---- | C] () -- C:\Users\Hans\Desktop\mbar-1.06.0.1004.zip [2013.07.04 22:00:56 | 000,377,856 | ---- | C] () -- C:\Users\Hans\Desktop\gmer_2.1.19163.exe [2013.07.04 20:29:25 | 000,000,000 | ---- | C] () -- C:\Users\Hans\defogger_reenable [2013.07.04 20:20:01 | 000,000,168 | ---- | C] () -- C:\Users\Hans\Desktop\New Internet Shortcut.url [2013.07.04 20:18:54 | 000,050,477 | ---- | C] () -- C:\Users\Hans\Desktop\Defogger.exe [2013.06.23 10:30:00 | 000,000,111 | -H-- | C] () -- C:\Users\Hans\Documents\.~lock.Entliehene Bücher Tina.odt# [2013.06.22 21:53:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.22 21:53:59 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2012.05.06 20:49:25 | 000,017,408 | ---- | C] () -- C:\Users\Hans\AppData\Local\WebpageIcons.db [2011.11.12 01:03:47 | 000,000,000 | ---- | C] () -- C:\Users\Hans\AppData\Local\{F6A931C8-C935-4E9F-828C-5E8DC016BA88} [2011.01.19 19:25:54 | 000,001,940 | ---- | C] () -- C:\Users\Hans\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.03 06:45:47 | 000,000,000 | ---- | C] () -- C:\Users\Hans\AppData\Roaming\wklnhst.dat [2010.11.20 08:08:20 | 000,016,896 | ---- | C] () -- C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.12 19:15:45 | 000,007,605 | ---- | C] () -- C:\Users\Hans\AppData\Local\Resmon.ResmonCfg [2010.06.01 21:28:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.04.07 06:59:12 | 000,000,680 | RHS- | C] () -- C:\Users\Hans\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
22.07.2013, 23:57
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32/Small.CA-Virus entfernen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
| Themen zu Win32/Small.CA-Virus entfernen |
| 32 bit, 7-zip, antivirus, avira, avira searchfree toolbar, bho, bingbar, bonjour, ebay, entfernen, error, firefox, flash player, format, helper, home, iexplore.exe, install.exe, logfile, mozilla, mp3, officejet, realtek, registry, richtlinie, rundll, security, senden, server, software, svchost.exe, windows |
