Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Links (nicht nur aus Google) oft umgeleitet (https://www.trojaner-board.de/126173-links-nur-google-oft-umgeleitet.html)

v2rahn 26.10.2012 23:07
Links (nicht nur aus Google) oft umgeleitet
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo,
bei der Suche nach „Links umgeleitet“ hat mich Google hierher geführt. Kein Virenscanner hat bisher geholfen. Mangels Installations-DVD (alles war vorinstalliert) und mangels Zeit habe ich auch keine große Lust, eine Neuinstallation anzugehen. Nun habe ich gelesen, dass vielen, die mein Problem hatten, hier im Forum geholfen werden konnte. Also versuche ich es ebenfalls:

Symptome:

Die Probleme begannen etwa am 3. Oktober 2012.

1. Links in Firefox werden umgeleitet, manchmal gelegentlich, manchmal derselbe Link vielfach hintereinander. Nicht nur Links aus Google heraus sind betroffen, auch solche auf anderen Websites, sogar Links hier im Forum wurden bereits umgebogen. Ziel der Umleitung sind dem Anschein nach beliebige Seiten (auch viele seriöse), die über kaskadierte Umleitungen über mehrere Zwischenadressen erreicht werden. Aufgefallen ist mir dabei eine Häufung von beinhome.com als Zwischenstation.
Aussagen zum Verhalten in IE kann ich nicht machen, da ich den nicht aktiv benutze (er ist aber installiert).

2. Der Rechner ist oft sehr langsam. Teilweise „hängt“ Firefox richtiggehend. Seit wenigen Tagen dauert auch das Starten von Windows gefühlt länger. Mir ist klar, dass das auch Ursachen haben kann, die mit einem/diesem Virus nichts zu tun haben.

3. Unten rechts erscheint ein Werbefenster. Es ist nur sehr selten aufgetaucht und seit einiger Zeit gar nicht mehr. Vielleicht hat sich dieser Teil bereits durch meine Versuche mit diversen Virenscannern erledigt? Soweit ich mich erinnere, sah das Fenster oft (oder immer) so aus, als handele es sich um ein AVG2012-Fenster mit der Bitte ein Update zu starten, das in den linken zwei Dritteln mit der fremden Werbung überschrieben war. Vielleicht war es tatsächlich ein Update-Fenster, in das sich ein Virus eingenistet hat?

Versuche der Ursachensuche / Behebung:

Ursache könnte (muss aber nicht) eine Email oder deren Anhang (*.txt) sein. Meine Tochter hat erstmalig (und nach intensiver Schulung hoffentlich auch letztmalig) die Email eines ihr unbekannten Absenders geöffnet. Den Anhang, eine txt-Datei hat sie angeblich nicht geöffnet, aber wer weiß... Leider haben wir die Email gelöscht, auch aus dem Papierkorb.

1. Scan mit AVG2013-free läuft häufig. Es ist mein Standard-Antivirus. Im ersten Screenshot (siehe unten) steht, was sich in Quarantäne befindet, wobei mir vor allem die ersten beiden Einträge (Java) Sorge machen.

2. Scan mit Ad-Aware Antivirus
Im Rahmen der Fehlersuche habe ich Ad-Aware aktualisiert. Am 13.10.2012 um 20:37 hat Ad-Aware einen Trojaner in Quarantäne geschoben, siehe zweiten Screenshot im Anhang. Auch danach ist das Problem der umgeleiteten Links aber nicht behoben.

3. Gestern: Scan mit aktualisiertem Malwarebytes Anti-Malware, ohne Befund. Hier das Logfile:

Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.25.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Rahn :: RAHN-PC [Administrator]

25.10.2012 21:30:45
mbam-log-2012-10-25 (21-30-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 576376
Laufzeit: 2 Stunde(n), 22 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Nützlich ist vielleicht noch dieser MBAM-Log vom 3.10.2012, der etwas gefunden und in Quarantäne verschoben hat. Ich habe noch weitere Logs zwischen den beiden, die aber alle keinen Befund zeigen.
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.03.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Rahn :: RAHN-PC [Administrator]

03.10.2012 23:31:57
mbam-log-2012-10-03 (23-31-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 248048
Laufzeit: 4 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$Recycle.Bin\S-1-5-21-3322448490-314981258-3538992574-1000\$RMFVMDV.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
4. Heute: Mit defogger evtl. Treiber deaktiviert.

Anschließend: OTL runtergeladen, Quickscan mit unveränderten Voreinstellungen, hier die Logfiles:

OTL.Txt
Code:
OTL logfile created on: 10/26/2012 8:47:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.41% Memory free
7.71 Gb Paging File | 6.17 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 72.59 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 113.17 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive E: | 702.82 Mb Total Space | 279.13 Mb Free Space | 39.72% Space Free | Partition Type: UDF
Drive F: | 931.28 Gb Total Space | 751.38 Gb Free Space | 80.68% Space Free | Partition Type: FAT32
 
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/26 20:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/08/29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/08/08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/14 14:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2010/08/13 12:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe
PRC - [2009/12/26 21:02:22 | 000,349,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
PRC - [2009/11/04 14:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 20:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/15 19:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/08/30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/10/28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/10/12 18:15:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 17:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/14 14:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/13 12:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe -- (QuickPDFTCPService0721)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012/06/27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/06/11 14:17:44 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/06/11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012/06/11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/06/11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/06/11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/24 19:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2010/08/24 19:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2010/02/19 23:20:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/02/19 23:20:53 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/09 11:37:38 | 001,794,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\p2usbhum.sys -- (iComp)
DRV:64bit: - [2009/11/20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/10 05:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={36A16EBE-AFF2-4590-8562-41CD939F210A}&mid=bb872b5b35763a2e304b32d37e468dee-781deff55d917d4aa273c96ed484bf73d9a24989&lang=de&ds=AVG&pr=fr&d=2011-10-03 13:49:47&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: checkplaces@andyhalford.com:2.6.2
FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledAddons: facebook@disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:3.0.0
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.5
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.5
FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:2.0.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/09/22 21:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/09/22 21:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 18:20:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/12 18:20:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 22:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
 
[2010/12/23 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions
[2010/12/23 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/23 19:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions
[2012/09/18 22:57:08 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2012/10/12 21:31:28 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/31 20:26:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/10/14 09:01:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012/09/15 17:32:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\ich@maltegoetz.de
[2012/10/03 22:09:20 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011/12/09 21:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\nostmp
[2012/03/29 21:47:34 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\checkplaces@andyhalford.com.xpi
[2012/07/24 09:16:36 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\facebook@disconnect.me.xpi
[2012/02/24 19:56:52 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2012/08/29 21:41:01 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/07/25 23:10:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/02 00:11:32 | 000,002,101 | ---- | M] () -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\searchplugins\googlede.xml
[2012/10/12 18:20:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/12 18:20:27 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/03 18:37:14 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/30 18:39:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 18:20:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2011/09/22 00:10:30 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 74.55.76.230 www.google-analytics.com.
O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net.
O1 - Hosts: 74.55.76.230 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (IqlurcIjlocn.dll) -  File not found
O29 - HKLM SecurityProviders - (IqlurcIjlocn.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/26 20:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
[2012/10/26 12:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/19 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Documents\Nokia Suite
[2012/10/19 21:24:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\NokiaAccount
[2012/10/19 21:23:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Nokia
[2012/10/19 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\PC Suite
[2012/10/19 21:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012/10/19 21:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2012/10/19 21:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/10/19 21:22:14 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2012/10/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012/10/19 21:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012/10/19 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2012/10/16 23:32:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Arensus
[2012/10/16 23:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arensus-1.1.8
[2012/10/16 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\pics
[2012/10/16 23:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\pics
[2012/10/16 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pics
[2012/10/16 22:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EclipseCrossword
[2012/10/14 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\AVG2013
[2012/10/14 11:03:44 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software
[2012/10/14 11:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/14 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\MFAData
[2012/10/14 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Avg2013
[2012/10/12 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/03 23:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/10/03 22:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/10/03 22:11:20 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/10/03 22:11:18 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/10/03 22:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/10/03 22:09:55 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Downloaded Installations
[2012/10/03 22:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/10/03 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\adawarebp
[2012/10/03 22:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/10/03 22:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/10/03 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/10/03 22:04:04 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\LavasoftStatistics
[2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/26 20:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/26 20:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
[2012/10/26 20:39:25 | 000,000,000 | ---- | M] () -- C:\Users\Rahn\defogger_reenable
[2012/10/26 20:38:37 | 000,050,477 | ---- | M] () -- C:\Users\Rahn\Desktop\Defogger.exe
[2012/10/26 18:20:37 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/26 18:20:37 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/26 18:13:23 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/26 18:12:53 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/10/26 18:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/26 18:12:41 | 3106,123,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/26 12:56:53 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/21 22:59:56 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/21 22:59:56 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/21 22:59:56 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/21 22:59:56 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/21 22:59:56 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/20 20:19:43 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 21:24:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/10/16 23:43:40 | 000,000,130 | ---- | M] () -- C:\Windows\SysWow64\user.properties
[2012/10/16 23:16:25 | 000,330,240 | ---- | M] () -- C:\Windows\PICSUninstall.exe
[2012/10/16 22:54:43 | 000,002,707 | ---- | M] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk
[2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/10/01 06:29:17 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/10/01 06:29:17 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/28 09:32:03 | 000,003,391 | ---- | M] () -- C:\Users\Rahn\.recently-used.xbel
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/26 20:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\defogger_reenable
[2012/10/26 20:38:37 | 000,050,477 | ---- | C] () -- C:\Users\Rahn\Desktop\Defogger.exe
[2012/10/20 20:19:43 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 21:24:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/10/16 23:43:40 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\user.properties
[2012/10/16 23:16:25 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2012/10/16 23:07:14 | 000,002,707 | ---- | C] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk
[2012/10/16 22:54:43 | 000,002,707 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipseCrossword.lnk
[2012/10/14 11:03:44 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/03 22:16:36 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/09/28 09:32:03 | 000,003,391 | ---- | C] () -- C:\Users\Rahn\.recently-used.xbel
[2011/12/25 23:15:09 | 000,141,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/25 00:22:04 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/06 20:20:26 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/06 20:20:26 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/29 01:20:01 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\AppData\Local\{F6DE5078-0F2D-4242-8C1E-CAE91E0F78CA}
[2011/05/11 22:14:18 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/05/11 22:03:43 | 000,000,987 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/05/01 20:27:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/28 20:48:08 | 000,000,680 | RHS- | C] () -- C:\Users\Rahn\ntuser.pol
[2011/03/13 21:00:22 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/02/27 21:03:32 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011/02/12 20:27:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011/02/12 20:27:17 | 000,000,268 | RH-- | C] () -- C:\Users\Rahn\AppData\Roaming\Common
[2011/02/12 20:27:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/02/12 20:27:17 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dance
[2011/01/15 00:18:57 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011/01/14 23:42:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/01/13 20:13:03 | 000,050,176 | ---- | C] () -- C:\Users\Rahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 23:31:06 | 000,000,159 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/10 23:27:17 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/03/10 00:56:16 | 000,021,504 | ---- | C] () -- C:\Users\Rahn\AppData\Local\WebpageIcons.db
[2010/03/04 01:44:40 | 000,007,604 | ---- | C] () -- C:\Users\Rahn\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010/06/15 23:46:06 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AAV
[2012/10/04 00:01:39 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Ad-Aware Antivirus
[2012/10/14 11:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG2013
[2011/01/08 00:46:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG9
[2012/10/21 11:12:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\BOM
[2010/02/19 22:40:23 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Bytemobile
[2012/09/22 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\CheckPoint
[2011/05/11 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\EAC
[2011/02/04 01:11:59 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\gtk-2.0
[2010/04/08 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\HCM Updater
[2011/02/02 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Leadertech
[2011/03/05 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MAGIX
[2012/10/20 18:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MusicBee
[2011/02/12 20:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Nikon
[2010/02/16 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\OpenOffice.org
[2012/10/19 21:25:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PC Suite
[2012/10/16 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\pics
[2011/02/12 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PMortara
[2012/10/18 23:01:10 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PrimoPDF
[2010/02/26 00:09:53 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TheLastRipper
[2010/12/23 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Thunderbird
[2012/09/01 13:29:31 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TIPP10
[2012/10/14 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software
[2012/09/30 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TV-Browser
[2010/02/16 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Vodafone
[2010/03/30 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\XnView
[2011/09/28 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Zylum
 
========== Purity Check ==========
 
 

< End of report >
Extras.Txt
Code:
OTL Extras logfile created on: 10/26/2012 8:47:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 59.41% Memory free
7.71 Gb Paging File | 6.17 Gb Available in Paging File | 79.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 72.59 Gb Free Space | 48.81% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 113.17 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive E: | 702.82 Mb Total Space | 279.13 Mb Free Space | 39.72% Space Free | Partition Type: UDF
Drive F: | 931.28 Gb Total Space | 751.38 Gb Free Space | 80.68% Space Free | Partition Type: FAT32
 
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E43CC6A-2E81-4FC4-9C99-BE68CFC24D2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1289EAB9-EE32-4DF1-90A0-0EE387719A61}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BA2E8F3-6FD7-42A7-B9F2-1C8551F0BC2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{323C0FCE-0453-4A1C-B380-49F0D885E947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34EC2051-072A-4905-B673-5197AFB979FD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{37979EA0-570E-4BE3-A297-8B114A209373}" = rport=138 | protocol=17 | dir=out | app=system |
"{401E2B27-DC34-4E33-85E2-3B8C111955A2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4686D8EB-B4FF-4E42-8944-B2E85692E177}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CA99C9-5C2B-4233-830A-61B409CEC986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D758013-66A9-4AE2-B763-F079E5BC260D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2CDE4-2668-49F9-8FED-8C28E4105AD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{68DAB730-12EC-494D-A199-14D4AE45900D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76F186C1-3921-414C-86D0-ED69E0B8BB0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{861B8E48-77A0-41A8-8BBC-8EBF9BB56768}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A9F948-8D9A-414D-A40D-FFFC02959C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93CC6058-EDC2-45EA-82BD-07269DB5275B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B97CDA04-F69B-4769-B3DC-17E273D67A29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B99226E7-A26E-49B9-9C36-6BC8146A0FA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C86769AF-EB28-4623-ABEA-5E7404AA09B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4FB36C3-EA3D-4CD6-8DBE-F3C66911F009}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB408C7A-2809-4F9E-AC69-E3CCA934D096}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E91F64E0-7CA5-49EC-B305-A4252A57531F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC120DC5-A31F-42C0-94F3-6A2993B88CC1}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED9BBE18-6043-47EE-9878-3860A96FE90D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEDDF6A6-7530-455C-89E6-BDBF5D7332E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE490273-839D-4E98-83FC-FDAB481A961F}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0109D715-2320-4A69-8DEB-12B5711931B0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02E8C7B7-6628-444F-A243-5AC16DA5AB12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BD7D0A1-E18D-4229-849E-343D1AFB51E1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{0DA3E4F2-BC2A-4F33-846D-B1733D064E3B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0DE907FE-1D4B-4A73-8014-9FEBA20F0B01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1576B518-5438-4569-AB57-DEC482743BFA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{19B593A7-D08E-4074-A0DB-3036A1AFB329}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1B9EA390-5B0A-49BD-AC5C-5F56C177DE68}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{2059C339-6362-4D40-80DA-5A329353431D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{209AF53E-E815-4DBA-9AA6-85CEEA847B29}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2FBF0987-C816-433A-B3C3-B6970736FDE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{36B9DC24-4D26-4AB9-8A5C-556B987AF981}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{393089AB-6BF1-4BFD-B178-101CB85EBF28}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{3DA2B1C6-2AF5-463A-AE32-E0C0FC50FD6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43317FC3-9072-48C3-82A8-A9FAE59A5773}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A5C8BE-819C-4EC5-BAC6-59457121FB46}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4979E448-4D6C-4873-A940-E42A6A69290F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8B8109-83CD-4C26-A3FC-00F382051927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50EB2442-33A1-48A3-8427-8FBBFD78744B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58069457-4960-4378-AB09-2ADA12923734}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5A61F0A5-5863-40AC-B079-51D0844E27EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5F3BA74D-15EF-491E-962E-8132FC87E78E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63E0284A-A011-4664-BEFB-76DDACB45561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB9AA37-4E94-4C58-81A9-090C1F134C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C2C1411-0805-4520-87FE-072F6DEEAA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E720DB0-1F10-4121-A0C3-8ADEF9181B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9CD14B-E5CF-41AC-8516-ECFA5ABB8044}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F86D3A-B5E4-4B44-BC5C-2A1E21D69472}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85EB56DC-91CC-4367-A271-3AE655F0143E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{88178ED1-0399-4831-8385-834A852FBA8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8CF77F5C-A12F-4CAD-A2BB-E9B028BB2BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92DE8E72-03D9-4C47-9544-CA1B4D4ED266}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98C5E9C8-EEAA-441F-BD98-A086C6510037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A967C49-E075-4125-9348-C167034413D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9AF51E8A-18EB-4351-8BB5-B15B95BF8313}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{9AF79CB2-443E-4AB4-B3E1-AE341AADE419}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D4452DF-0C76-42C3-A35D-3C64AE781339}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9D94C48E-33F1-4B8B-B7B3-D9000F1EF2EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A29BB54A-E5E4-464B-98DB-46DE28D2D9D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A849018C-FB61-4ECB-9514-75316E15F405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B23F1DDA-152D-4F2D-998F-A106B2671ADC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BBF90D7E-EBC9-4F04-BDF6-83549DC58B76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C945A7B4-B5E3-4EB2-9CD0-3E71823F109F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CDBEE2A0-C703-4AF2-B3DA-77356C7F1887}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D42507DE-7D2D-43A4-BD5D-9C7A9A2FF219}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D56A5123-25E1-41F4-A410-3EFA863CAFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D578291B-57E1-4E28-854E-7D0082428D48}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{D6B8D9C6-A461-4119-BEDF-E99295D214EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{DB4D0E9D-082E-4863-80D4-1D774649D539}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE234E1A-FFA3-42B2-8646-A9D594967AEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E0108B39-18F0-4F27-9A11-F37BD3AEC530}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{E3F1EA17-9A4D-4625-8043-558E1927F9A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8F1E4C6-B652-4DA1-87E5-9DF4564B24B4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E9B2B457-AC20-4FB1-81D9-E1F472EBE186}" = protocol=6 | dir=out | app=system |
"{EB292898-10CF-47A3-8546-0AF777B6D47D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F1090207-99A0-44C1-BBC0-C58697A3B2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FE4FE2A2-2382-4499-8039-4A75B6372426}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{18D5FAA9-D2A2-4291-AFBC-B9476A813BC1}" = AVG 2013
"{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92C0E71C-5917-4FF2-9A5E-8BB0E85E0625}" = AVG 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{257F2279-6843-433E-9060-15BAB966F20D}" = Steuer-Spar-Erklärung Plus 2011
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33013398-9228-42D7-A92A-38CA478F4D57}" = ZoneAlarm Security
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBBEDB1-14D0-4F53-8537-1EE0F39F8FF8}" = MusicBee
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65F5234F-C7FD-41B9-80D1-CB18F190490D}" = EclipseCrossword
"{67241932-507E-4DA7-9B25-2C856E2DE58C}" = DCIMImport 2.0.0.70
"{6749B472-63E5-49B4-964A-4B76A33BC768}" = ZoneAlarm Firewall
"{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Cam4you utilities" = Cam4you utilities
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FastStone Photo Resizer" = FastStone Photo Resizer 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Filme auf DVD TerraTec deluxe Edition D" = MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PaperCut Print Logger_is1" = PaperCut Print Logger 1.8
"pdfsam" = pdfsam
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Quick PDF Tools" = Quick PDF Tools 2.1.6.1
"ST6UNST #1" = SmartTrainer
"TerraTec G5" = TerraTec G5 V6.270.13.00
"TheLastRipper" = TheLastRipper 1.4
"TIPP10_is1" = TIPP10 Version 2.1.0
"tvbrowser" = TV-Browser 3.2
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/23/2012 9:09:22 AM | Computer Name = Rahn-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
Error - 4/23/2012 11:08:54 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/24/2012 12:15:35 PM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/25/2012 3:43:28 PM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/26/2012 9:28:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/27/2012 12:52:03 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/28/2012 3:35:42 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/29/2012 10:26:53 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/30/2012 3:49:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/30/2012 6:05:32 AM | Computer Name = Rahn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EasySpeedUpManager.exe, Version:
3.0.0.5, Zeitstempel: 0x4ad45055  Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000
ID
 des fehlerhaften Prozesses: 0xd7c  Startzeit der fehlerhaften Anwendung: 0x01cd26b8c616194b
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 052c7555-92ac-11e1-a00c-00245442c190
 
[ System Events ]
Error - 10/26/2012 8:30:48 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/26/2012 12:12:53 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/26/2012 12:13:01 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/26/2012 12:13:53 PM | Computer Name = Rahn-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/26/2012 12:13:53 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Ad-Aware erreicht.
 
Error - 10/26/2012 12:13:53 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ad-Aware" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1053
 
Error - 10/26/2012 12:14:56 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
Error - 10/26/2012 2:39:09 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
Error - 10/26/2012 2:42:09 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
Error - 10/26/2012 2:51:10 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
 
< End of report >
gmer.exe habe ich nicht heruntergeladen und ausgeführt, da ich ein 64-Bit-Windows habe.

Damit bin ich mit meinem Latein am Ende und bitte einen von Euch Experten um Hilfe.

Schon mal vielen, vielen Dank !!

kira 27.10.2012 07:29
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Hilfeleistung - geplante Vorgehensweise:
  • Problemsuche
  • Problembeseitigung/Systembereinigung
  • Verwendete Programme deinstallieren/entfernen
  • Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Deinstalliere:
Zitat:
"Ad-Aware Free"
jetzt läuft mit Anti-Viren-Schutz!
kann es zu einem Systemabsturz kommen!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Wichtig:
Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen.
Zitat:
►Bevor du ein anderes Antivirenprogramm installierst solltest du auf jeden Fall das vorherige vollständig deinstallieren!
2.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.

    http://image.hijackthis.eu/upload/otl_screen_neu.jpg
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira

v2rahn 27.10.2012 10:45
Danke vielmals, kira, dass Du so schnell zur Hilfe geeilt bist!

1. Ad-Aware ist jetzt deinstalliert. Ich hatte es ohnehin nur in der aktuellen Not installiert. Dann Rechner neu gestartet.

2. Mit OTL mit den angegebene Einstellungen gescannt:

OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 10/27/2012 11:09:57 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.92% Memory free
7.71 Gb Paging File | 6.25 Gb Available in Paging File | 81.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 74.80 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 113.17 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 751.38 Gb Free Space | 80.68% Space Free | Partition Type: FAT32
 
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/27 11:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/08/29 15:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/08/08 10:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/14 14:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe
PRC - [2010/08/13 12:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe
PRC - [2009/12/26 21:02:22 | 000,349,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
PRC - [2009/11/04 14:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 20:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/15 19:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/08/30 13:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/10/28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/10/26 23:16:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 17:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/14 14:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger)
SRV - [2010/08/13 12:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe -- (QuickPDFTCPService0721)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/13 03:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/30 13:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012/06/27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/06/11 14:17:44 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/06/11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012/06/11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/06/11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/06/11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/13 03:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/24 19:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2010/08/24 19:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2010/02/19 23:20:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/02/19 23:20:53 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/09 11:37:38 | 001,794,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\p2usbhum.sys -- (iComp)
DRV:64bit: - [2009/11/20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 22:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/10 05:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/08/25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={36A16EBE-AFF2-4590-8562-41CD939F210A}&mid=bb872b5b35763a2e304b32d37e468dee-781deff55d917d4aa273c96ed484bf73d9a24989&lang=de&ds=AVG&pr=fr&d=2011-10-03 13:49:47&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: checkplaces@andyhalford.com:2.6.2
FF - prefs.js..extensions.enabledAddons: facebook@disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:3.0.0
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.5
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.5
FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:2.0.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/09/22 21:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/09/22 21:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 23:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 23:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 22:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
 
[2010/12/23 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions
[2010/12/23 14:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/23 19:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions
[2012/09/18 22:57:08 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2012/10/12 21:31:28 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/31 20:26:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/10/14 09:01:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012/09/15 17:32:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\ich@maltegoetz.de
[2012/10/03 22:09:20 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011/12/09 21:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\nostmp
[2012/03/29 21:47:34 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\checkplaces@andyhalford.com.xpi
[2012/07/24 09:16:36 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\facebook@disconnect.me.xpi
[2012/02/24 19:56:52 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2012/08/29 21:41:01 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/07/25 23:10:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/02 00:11:32 | 000,002,101 | ---- | M] () -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\searchplugins\googlede.xml
[2012/10/26 23:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/26 23:16:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/03 18:37:14 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/30 18:39:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 18:20:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2011/09/22 00:10:30 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 74.55.76.230 www.google-analytics.com.
O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net.
O1 - Hosts: 74.55.76.230 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (IqlurcIjlocn.dll) -  File not found
O29 - HKLM SecurityProviders - (IqlurcIjlocn.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/26 23:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/26 20:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
[2012/10/26 12:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/19 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Documents\Nokia Suite
[2012/10/19 21:24:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\NokiaAccount
[2012/10/19 21:23:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Nokia
[2012/10/19 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\PC Suite
[2012/10/19 21:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012/10/19 21:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2012/10/19 21:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/10/19 21:22:14 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2012/10/19 21:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012/10/19 21:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012/10/19 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2012/10/16 23:32:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Arensus
[2012/10/16 23:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arensus-1.1.8
[2012/10/16 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\pics
[2012/10/16 23:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\pics
[2012/10/16 23:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pics
[2012/10/16 22:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EclipseCrossword
[2012/10/14 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\AVG2013
[2012/10/14 11:03:44 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software
[2012/10/14 11:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/14 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\MFAData
[2012/10/14 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Avg2013
[2012/10/10 22:30:44 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 22:30:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 22:30:42 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 22:30:40 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 22:30:29 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 22:30:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/03 22:09:55 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Downloaded Installations
[2012/10/03 22:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/10/03 22:09:38 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\adawarebp
[2012/10/03 22:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/10/03 22:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/10/03 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/10/03 22:04:04 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\LavasoftStatistics
[2012/10/02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/27 11:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
[2012/10/27 11:07:27 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 11:07:27 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 11:00:03 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/10/27 10:59:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/27 10:59:56 | 3106,123,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/27 10:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/26 23:40:29 | 000,067,348 | ---- | M] () -- C:\Users\Rahn\Desktop\AAW_screenshot.jpg
[2012/10/26 23:39:59 | 000,110,109 | ---- | M] () -- C:\Users\Rahn\Desktop\AVG2013_screenshot.jpg
[2012/10/26 20:39:25 | 000,000,000 | ---- | M] () -- C:\Users\Rahn\defogger_reenable
[2012/10/26 20:38:37 | 000,050,477 | ---- | M] () -- C:\Users\Rahn\Desktop\Defogger.exe
[2012/10/26 12:56:53 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/21 22:59:56 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/21 22:59:56 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/21 22:59:56 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/21 22:59:56 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/21 22:59:56 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/20 20:19:43 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 21:24:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/10/16 23:43:40 | 000,000,130 | ---- | M] () -- C:\Windows\SysWow64\user.properties
[2012/10/16 23:16:25 | 000,330,240 | ---- | M] () -- C:\Windows\PICSUninstall.exe
[2012/10/16 22:54:43 | 000,002,707 | ---- | M] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk
[2012/10/10 17:46:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/10 17:46:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/10/01 06:29:17 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/10/01 06:29:17 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/28 09:32:03 | 000,003,391 | ---- | M] () -- C:\Users\Rahn\.recently-used.xbel
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/26 23:38:05 | 000,067,348 | ---- | C] () -- C:\Users\Rahn\Desktop\AAW_screenshot.jpg
[2012/10/26 23:36:57 | 000,110,109 | ---- | C] () -- C:\Users\Rahn\Desktop\AVG2013_screenshot.jpg
[2012/10/26 20:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\defogger_reenable
[2012/10/26 20:38:37 | 000,050,477 | ---- | C] () -- C:\Users\Rahn\Desktop\Defogger.exe
[2012/10/20 20:19:43 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 21:24:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/10/16 23:43:40 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\user.properties
[2012/10/16 23:16:25 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2012/10/16 23:07:14 | 000,002,707 | ---- | C] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk
[2012/10/16 22:54:43 | 000,002,707 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipseCrossword.lnk
[2012/10/14 11:03:44 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/28 09:32:03 | 000,003,391 | ---- | C] () -- C:\Users\Rahn\.recently-used.xbel
[2011/12/25 23:15:09 | 000,141,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/25 00:22:04 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/06 20:20:26 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/06 20:20:26 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/29 01:20:01 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\AppData\Local\{F6DE5078-0F2D-4242-8C1E-CAE91E0F78CA}
[2011/05/11 22:14:18 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/05/11 22:03:43 | 000,000,987 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/05/01 20:27:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/28 20:48:08 | 000,000,680 | RHS- | C] () -- C:\Users\Rahn\ntuser.pol
[2011/03/13 21:00:22 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/02/27 21:03:32 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011/02/12 20:27:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011/02/12 20:27:17 | 000,000,268 | RH-- | C] () -- C:\Users\Rahn\AppData\Roaming\Common
[2011/02/12 20:27:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/02/12 20:27:17 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dance
[2011/01/15 00:18:57 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011/01/14 23:42:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/01/13 20:13:03 | 000,050,176 | ---- | C] () -- C:\Users\Rahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 23:31:06 | 000,000,159 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/10 23:27:17 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/03/10 00:56:16 | 000,021,504 | ---- | C] () -- C:\Users\Rahn\AppData\Local\WebpageIcons.db
[2010/03/04 01:44:40 | 000,007,604 | ---- | C] () -- C:\Users\Rahn\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010/06/15 23:46:06 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AAV
[2012/10/14 11:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG2013
[2011/01/08 00:46:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG9
[2012/10/21 11:12:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\BOM
[2010/02/19 22:40:23 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Bytemobile
[2012/09/22 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\CheckPoint
[2011/05/11 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\EAC
[2011/02/04 01:11:59 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\gtk-2.0
[2010/04/08 23:02:03 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\HCM Updater
[2011/02/02 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Leadertech
[2011/03/05 14:07:02 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MAGIX
[2012/10/20 18:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MusicBee
[2011/02/12 20:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Nikon
[2010/02/16 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\OpenOffice.org
[2012/10/19 21:25:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PC Suite
[2012/10/16 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\pics
[2011/02/12 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PMortara
[2012/10/18 23:01:10 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PrimoPDF
[2010/02/26 00:09:53 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TheLastRipper
[2010/12/23 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Thunderbird
[2012/09/01 13:29:31 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TIPP10
[2012/10/14 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software
[2012/09/30 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TV-Browser
[2010/02/16 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Vodafone
[2010/03/30 08:01:20 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\XnView
[2011/09/28 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Zylum
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 10/27/2012 11:09:57 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 68.92% Memory free
7.71 Gb Paging File | 6.25 Gb Available in Paging File | 81.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 74.80 Gb Free Space | 50.30% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 113.17 Gb Free Space | 37.48% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 751.38 Gb Free Space | 80.68% Space Free | Partition Type: FAT32
 
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E43CC6A-2E81-4FC4-9C99-BE68CFC24D2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1289EAB9-EE32-4DF1-90A0-0EE387719A61}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BA2E8F3-6FD7-42A7-B9F2-1C8551F0BC2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{323C0FCE-0453-4A1C-B380-49F0D885E947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34EC2051-072A-4905-B673-5197AFB979FD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{37979EA0-570E-4BE3-A297-8B114A209373}" = rport=138 | protocol=17 | dir=out | app=system |
"{401E2B27-DC34-4E33-85E2-3B8C111955A2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4686D8EB-B4FF-4E42-8944-B2E85692E177}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CA99C9-5C2B-4233-830A-61B409CEC986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D758013-66A9-4AE2-B763-F079E5BC260D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2CDE4-2668-49F9-8FED-8C28E4105AD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{68DAB730-12EC-494D-A199-14D4AE45900D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76F186C1-3921-414C-86D0-ED69E0B8BB0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{861B8E48-77A0-41A8-8BBC-8EBF9BB56768}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A9F948-8D9A-414D-A40D-FFFC02959C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93CC6058-EDC2-45EA-82BD-07269DB5275B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B97CDA04-F69B-4769-B3DC-17E273D67A29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B99226E7-A26E-49B9-9C36-6BC8146A0FA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C86769AF-EB28-4623-ABEA-5E7404AA09B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4FB36C3-EA3D-4CD6-8DBE-F3C66911F009}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB408C7A-2809-4F9E-AC69-E3CCA934D096}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E91F64E0-7CA5-49EC-B305-A4252A57531F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC120DC5-A31F-42C0-94F3-6A2993B88CC1}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED9BBE18-6043-47EE-9878-3860A96FE90D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEDDF6A6-7530-455C-89E6-BDBF5D7332E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE490273-839D-4E98-83FC-FDAB481A961F}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0109D715-2320-4A69-8DEB-12B5711931B0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02E8C7B7-6628-444F-A243-5AC16DA5AB12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BD7D0A1-E18D-4229-849E-343D1AFB51E1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{0DA3E4F2-BC2A-4F33-846D-B1733D064E3B}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0DE907FE-1D4B-4A73-8014-9FEBA20F0B01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1576B518-5438-4569-AB57-DEC482743BFA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{19B593A7-D08E-4074-A0DB-3036A1AFB329}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1B9EA390-5B0A-49BD-AC5C-5F56C177DE68}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{2059C339-6362-4D40-80DA-5A329353431D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{209AF53E-E815-4DBA-9AA6-85CEEA847B29}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2FBF0987-C816-433A-B3C3-B6970736FDE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{36B9DC24-4D26-4AB9-8A5C-556B987AF981}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{393089AB-6BF1-4BFD-B178-101CB85EBF28}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{3DA2B1C6-2AF5-463A-AE32-E0C0FC50FD6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43317FC3-9072-48C3-82A8-A9FAE59A5773}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A5C8BE-819C-4EC5-BAC6-59457121FB46}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4979E448-4D6C-4873-A940-E42A6A69290F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8B8109-83CD-4C26-A3FC-00F382051927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50EB2442-33A1-48A3-8427-8FBBFD78744B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58069457-4960-4378-AB09-2ADA12923734}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5A61F0A5-5863-40AC-B079-51D0844E27EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5F3BA74D-15EF-491E-962E-8132FC87E78E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63E0284A-A011-4664-BEFB-76DDACB45561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB9AA37-4E94-4C58-81A9-090C1F134C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C2C1411-0805-4520-87FE-072F6DEEAA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E720DB0-1F10-4121-A0C3-8ADEF9181B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9CD14B-E5CF-41AC-8516-ECFA5ABB8044}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F86D3A-B5E4-4B44-BC5C-2A1E21D69472}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85EB56DC-91CC-4367-A271-3AE655F0143E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{88178ED1-0399-4831-8385-834A852FBA8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8CF77F5C-A12F-4CAD-A2BB-E9B028BB2BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92DE8E72-03D9-4C47-9544-CA1B4D4ED266}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98C5E9C8-EEAA-441F-BD98-A086C6510037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A967C49-E075-4125-9348-C167034413D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9AF51E8A-18EB-4351-8BB5-B15B95BF8313}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{9AF79CB2-443E-4AB4-B3E1-AE341AADE419}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D4452DF-0C76-42C3-A35D-3C64AE781339}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{9D94C48E-33F1-4B8B-B7B3-D9000F1EF2EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A29BB54A-E5E4-464B-98DB-46DE28D2D9D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A849018C-FB61-4ECB-9514-75316E15F405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B23F1DDA-152D-4F2D-998F-A106B2671ADC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BBF90D7E-EBC9-4F04-BDF6-83549DC58B76}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C945A7B4-B5E3-4EB2-9CD0-3E71823F109F}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{CDBEE2A0-C703-4AF2-B3DA-77356C7F1887}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D42507DE-7D2D-43A4-BD5D-9C7A9A2FF219}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D56A5123-25E1-41F4-A410-3EFA863CAFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D578291B-57E1-4E28-854E-7D0082428D48}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{D6B8D9C6-A461-4119-BEDF-E99295D214EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{DB4D0E9D-082E-4863-80D4-1D774649D539}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE234E1A-FFA3-42B2-8646-A9D594967AEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E0108B39-18F0-4F27-9A11-F37BD3AEC530}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{E3F1EA17-9A4D-4625-8043-558E1927F9A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8F1E4C6-B652-4DA1-87E5-9DF4564B24B4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E9B2B457-AC20-4FB1-81D9-E1F472EBE186}" = protocol=6 | dir=out | app=system |
"{EB292898-10CF-47A3-8546-0AF777B6D47D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F1090207-99A0-44C1-BBC0-C58697A3B2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FE4FE2A2-2382-4499-8039-4A75B6372426}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{18D5FAA9-D2A2-4291-AFBC-B9476A813BC1}" = AVG 2013
"{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92C0E71C-5917-4FF2-9A5E-8BB0E85E0625}" = AVG 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{257F2279-6843-433E-9060-15BAB966F20D}" = Steuer-Spar-Erklärung Plus 2011
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33013398-9228-42D7-A92A-38CA478F4D57}" = ZoneAlarm Security
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBBEDB1-14D0-4F53-8537-1EE0F39F8FF8}" = MusicBee
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65F5234F-C7FD-41B9-80D1-CB18F190490D}" = EclipseCrossword
"{67241932-507E-4DA7-9B25-2C856E2DE58C}" = DCIMImport 2.0.0.70
"{6749B472-63E5-49B4-964A-4B76A33BC768}" = ZoneAlarm Firewall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Cam4you utilities" = Cam4you utilities
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FastStone Photo Resizer" = FastStone Photo Resizer 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Filme auf DVD TerraTec deluxe Edition D" = MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PaperCut Print Logger_is1" = PaperCut Print Logger 1.8
"pdfsam" = pdfsam
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Quick PDF Tools" = Quick PDF Tools 2.1.6.1
"ST6UNST #1" = SmartTrainer
"TerraTec G5" = TerraTec G5 V6.270.13.00
"TheLastRipper" = TheLastRipper 1.4
"TIPP10_is1" = TIPP10 Version 2.1.0
"tvbrowser" = TV-Browser 3.2
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/26/2012 9:28:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/27/2012 12:52:03 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/28/2012 3:35:42 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/29/2012 10:26:53 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/30/2012 3:49:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/30/2012 6:05:32 AM | Computer Name = Rahn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EasySpeedUpManager.exe, Version:
3.0.0.5, Zeitstempel: 0x4ad45055  Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000
ID
 des fehlerhaften Prozesses: 0xd7c  Startzeit der fehlerhaften Anwendung: 0x01cd26b8c616194b
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 052c7555-92ac-11e1-a00c-00245442c190
 
Error - 4/30/2012 12:24:40 PM | Computer Name = Rahn-PC | Source = MsiInstaller | ID = 11719
Description =
 
Error - 5/1/2012 4:00:45 AM | Computer Name = Rahn-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12e8    Startzeit:
 01cd2770308885a6    Endzeit: 47    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ad428aba-9363-11e1-a07f-00245442c190 
 
Error - 5/1/2012 4:57:12 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 5/2/2012 12:52:51 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 10/26/2012 5:42:26 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
Error - 10/26/2012 5:48:27 PM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
Error - 10/26/2012 6:17:40 PM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/27/2012 3:03:02 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/27/2012 3:04:20 AM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
Error - 10/27/2012 4:58:38 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/27/2012 5:00:17 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 10/27/2012 5:01:30 AM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
Error - 10/27/2012 5:10:31 AM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
Error - 10/27/2012 5:16:32 AM | Computer Name = Rahn-PC | Source = bowser | ID = 8003
Description =
 
 
< End of report >
--- --- ---


3. Liste aller installierten Programme, erstellt mit CCleaner:
Code:
7-Zip 9.20 (x64 edition)        Igor Pavlov        07.01.2011        4,53MB        9.20.00.0
AAVUpdateManager        Wolters Kluwer Deutschland GmbH        17.06.2012        32,0MB        18.00.0000
Ad-Aware Browsing Protection        Lavasoft        03.10.2012                1.0.1.41
Adobe AIR        Adobe Systems Incorporated        09.12.2011                3.1.0.4880
Adobe Download Manager        NOS Microsystems Ltd.        09.12.2011                1.6.2.63
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        09.10.2012        6,00MB        11.4.402.287
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        10.10.2012        6,00MB        11.4.402.287
Adobe Reader X (10.1.1)        Adobe Systems Incorporated        09.12.2011        114MB        10.1.1
Adobe Reader X (10.1.4) - Deutsch        Adobe Systems Incorporated        08.10.2012        121MB        10.1.4
Apple Application Support        Apple Inc.        11.03.2012        61,0MB        2.1.7
Apple Mobile Device Support        Apple Inc.        11.03.2012        24,9MB        5.1.1.4
Apple Software Update        Apple Inc.        25.12.2011        2,38MB        2.1.3.127
Atheros Client Installation Program        Atheros        15.12.2009                1.0.1.0805
AVG 2013        AVG Technologies        26.10.2012                2013.0.2742
BatteryLifeExtender        Samsung        15.12.2009        14,2MB        1.0.1
Biet-O-Matic v2.14.8        BOM Development Team        27.02.2011                Biet-O-Matic v2.14.8
Bonjour        Apple Inc.        25.12.2011        2,04MB        3.0.0.10
Cam4you utilities                24.12.2010               
Canon iP2700 series Benutzerregistrierung                18.03.2012               
Canon iP2700 series Printer Driver                18.03.2012               
Canon Utilities Easy-PhotoPrint EX                18.03.2012               
Canon Utilities My Printer                18.03.2012               
CCleaner        Piriform        24.10.2012                3.24
ChargeableUSB        SAMSUNG        15.12.2009                1.0.0.0
Compatibility Pack für 2007 Office System        Microsoft Corporation        10.10.2012        176MB        12.0.6612.1000
CyberLink DVD Suite        CyberLink Corp.        15.12.2009        15,1MB        6.0.2806
CyberLink LabelPrint        CyberLink Corp.        15.12.2009        163MB        2.5.1916
CyberLink Power2Go        CyberLink Corp.        15.12.2009        120MB        6.0.3108a
CyberLink PowerDirector        CyberLink Corp.        15.12.2009        367MB        7.0.3213
CyberLink PowerDVD 8        CyberLink Corp.        15.12.2009        91,3MB        8.0.2815b
CyberLink PowerProducer        CyberLink Corp.        15.12.2009        297MB        5.0.1.1812
CyberLink YouCam        CyberLink Corp.        04.02.2010        77,1MB        2.0.3304
DCIMImport 2.0.0.70        Lennart Jansson        12.02.2011        2,14MB        2.0.0.70
Debugging Tools for Windows (x64)        Microsoft Corporation        03.02.2011        39,8MB        6.12.2.633
Die*Sims*Mittelalter        Electronic Arts        24.12.2011                2.0.113
Easy Display Manager        Samsung Electronics Co., Ltd.        03.02.2011                3.0
Easy Network Manager        Samsung        15.12.2009        19,0MB        4.2.4
Easy SpeedUp Manager        Samsung Electronics Co.,Ltd.        04.02.2011                3.0.0.5
EasyBatteryManager        Samsung        15.12.2009                4.0.0.3
EclipseCrossword        Green Eclipse        16.10.2012        706KB        1.2.59
Exact Audio Copy 1.0beta1        Andre Wiethoff        11.05.2011                1.0beta1
FastStone Image Viewer 4.0        FastStone Soft        16.02.2010                4.0
FastStone Photo Resizer 2.9        FastStone Soft.        16.02.2010                2.9
File Uploader        Nikon        12.02.2011        1,65MB        1.2.5
Firebird SQL Server - MAGIX Edition        MAGIX AG        05.03.2011        10,1MB        2.1.27.0
Geheimakte Tunguska        Deep Silver        18.02.2010                1.03.02
GIMP 2.6.8                04.03.2010               
InfoBibliothek 2        Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH        17.06.2012        25,6MB        1.08.03.01
Intel(R) Rapid Storage Technology        Intel Corporation        27.10.2012                9.5.4.1001
Intel(R) Turbo Boost Technology Driver        Intel Corporation        07.02.2011                01.00.01.1002
iTunes        Apple Inc.        16.04.2012        156MB        10.6.1.7
Java 7 Update 7        Oracle        31.08.2012        128MB        7.0.70
Logitech SetPoint 6.20        Logitech        02.02.2011        39,0MB        6.20.64
MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D)        MAGIX AG        05.03.2011                7.0.3.8
MAGIX Online Druck Service        MAGIX AG        05.03.2011                3.4.3.0
MAGIX Screenshare        MAGIX AG        05.03.2011                4.3.6.1987
Malwarebytes Anti-Malware Version 1.65.1.1000        Malwarebytes Corporation        20.10.2012        19,4MB        1.65.1.1000
Marvell Miniport Driver        Marvell        15.12.2009                11.22.3.3
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.12.2011        38,8MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        25.12.2011        51,9MB        4.0.30319
Microsoft Office File Validation Add-In        Microsoft Corporation        12.03.2012        7,95MB        14.0.5130.5003
Microsoft Office Home and Student 2007        Microsoft Corporation        11.03.2012                12.0.6612.1000
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        16.08.2012        140MB        12.0.6612.1000
Microsoft Silverlight        Microsoft Corporation        24.05.2012        100MB        5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        04.02.2010        1,72MB        3.1.0000
Microsoft SQL Server Compact 3.5 SP1 English        Microsoft Corporation        19.09.2011        2,59MB        3.5.5692.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        25.01.2012        252KB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        09.12.2011        300KB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        23.12.2010        2,01MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        14.02.2010        788KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        09.12.2011        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218        Microsoft Corporation        23.12.2010        600KB        9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        24.12.2011        232KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        19.09.2011        596KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        09.12.2011        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        11.03.2012        13,7MB        10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        15.10.2012        12,2MB        10.0.40219
Microsoft Windows Performance Toolkit        Microsoft Corporation        03.02.2011        26,1MB        4.8.0
Microsoft Windows SDK for Windows 7 (7.1)        Microsoft Corporation        03.02.2011                7.1.7600.0.30514
Microsoft WSE 3.0 Runtime        Microsoft Corp.        24.12.2011        942KB        3.0.5305.0
MozBackup 1.4.10        Pavel Cvrcek        23.12.2010               
Mozilla Firefox 16.0.2 (x86 en-US)        Mozilla        27.10.2012        39,4MB        16.0.2
Mozilla Maintenance Service        Mozilla        27.10.2012        329KB        16.0.2
Mozilla Thunderbird 16.0.1 (x86 de)        Mozilla        12.10.2012        40,8MB        16.0.1
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        17.01.2011        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        17.01.2011        1,33MB        4.20.9876.0
MusicBee        Steven Mayall        06.01.2012        50,6MB        1.3.4334
MySQL Connector/ODBC 5.1        Oracle Corporation        05.02.2011        40,9MB        5.1.8
Nikon Message Center        Nikon        12.02.2011        204KB        0.92.000
Nikon Transfer        Nikon        12.02.2011        47,4MB        1.5.3
Nokia Connectivity Cable Driver        Nokia        19.10.2012        3,95MB        7.1.92.0
NVIDIA Drivers        NVIDIA Corporation        05.02.2011                1.10
OpenOffice.org 3.2        OpenOffice.org        26.12.2010        337MB        3.2.9502
PaperCut Print Logger 1.8        PaperCut Software Int. Pty. Ltd.        09.06.2012        1,29MB       
PC Connectivity Solution        Nokia        19.10.2012        21,2MB        12.0.48.0
pdfsam                29.05.2012                2.2.1
PrimoPDF -- brought to you by Nitro PDF Software        Nitro PDF Software        03.01.2011                5
Quick PDF Tools 2.1.6.1        Debenu        23.06.2012                2.1.6.1
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        17.03.2010                6.0.1.6003
REALTEK Wireless LAN Software        REALTEK Semiconductor Corp.        15.12.2009                1.01.0088
Samsung R-Series        Samsung        15.12.2009        24,2MB        1.0
Samsung Recovery Solution 4        Samsung        15.12.2009                4.0.0.41
Samsung Support Center        Samsung        15.12.2009        40,8MB        1.0.21
Samsung Update Plus        Samsung Electronics Co., Ltd.        15.12.2009                2.0
SimCity 4 Deluxe                13.03.2011               
Skype™ 5.10        Skype Technologies S.A.        05.09.2012        19,4MB        5.10.116
SmartTrainer                07.05.2011               
Steuer-Spar-Erklärung Plus 2011        Akademische Arbeitsgemeinschaft Verlag        01.09.2011        320MB        16.14
Steuer-Spar-Erklärung Plus 2012        Wolters Kluwer Deutschland GmbH        17.06.2012        309MB        17.11
StreamTransport version: 1.0.2.2171                02.04.2012               
Synaptics Pointing Device Driver        Synaptics Incorporated        15.12.2009                14.0.10.0
TerraTec G5 V6.270.13.00                05.03.2011                6.270.13.00
TheLastRipper 1.4        TheLastRipper developer team        26.02.2010                1.4
TIPP10 Version 2.1.0        (c) 2006-2011, Tom Thielicke IT Solutions        09.12.2011               
TV-Browser 3.2        TV-Browser Team        22.09.2012                3.2
User Guide                15.12.2009                1.0
VideoCam Suite 3.0        Panasonic Corporation        19.09.2011                3.00.031.1031
Visual C++ 8.0 Runtime Setup Package (x64)        AVG Technologies CZ, s.r.o.        14.02.2010        2,23MB        9.0.0.623
Visual Studio 2008 x64 Redistributables        AVG Technologies        03.10.2011        11,7MB        10.0.0.2
Visual Studio 2010 x64 Redistributables        AVG Technologies        14.10.2012        12,4MB        13.0.0.1
VLC media player 2.0.1        VideoLAN        02.04.2012                2.0.1
Windows Live Anmelde-Assistent        Microsoft Corporation        04.02.2010        1,93MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        05.02.2010                14.0.8089.0726
Windows Live Sync        Microsoft Corporation        04.02.2010        2,79MB        14.0.8089.726
Windows Live-Uploadtool        Microsoft Corporation        04.02.2010        224KB        14.0.8014.1029
Windows Movie Maker 2.6        Microsoft Corporation        27.01.2011        8,81MB        2.6.4037.0
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)        Nokia        19.10.2012                05/31/2012 7.1.2.0
WinMerge 2.12.4        Thingamahoochie Software        02.01.2012                2.12.4
ZoneAlarm Free Firewall        Check Point        22.09.2012        307MB        10.2.078.000

kira 27.10.2012 21:15
Systemreinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Soll (auch) deinstalliert werden!:
Zitat:
Ad-Aware Browsing Protection
2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={36A16EBE-AFF2-4590-8562-41CD939F210A}&mid=bb872b5b35763a2e304b32d37e468dee-781deff55d917d4aa273c96ed484bf73d9a24989&lang=de&ds=AVG&pr=fr&d=2011-10-03 13:49:47&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ]
O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell - "" = AutoRun
O33 - MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\Shell\AutoRun\command - "" = F:\AutoRun.exe

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

3.
Java prüfen ggf aktualisieren:-> klick hier!
Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

4.
Alle Programme/Fenster schließen
Java-Cache leeren - sollte man öfters tun!

Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
-> Wie leere ich den Java-Cache?
-> Java-Cache leeren
-> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

5.
Aktualisieren:
Code:
OpenOffice.org
6.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.

  • http://image.hijackthis.eu/upload/activex1.jpg
    .

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
  • Eset Online Scanner (NOD32)
    • Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
    • Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button "ESET Online Scanner" drücken.
    • IE-User müssen das Installieren eines ActiveX Elements erlauben.
    • Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
    • Einen Haken bei "Remove found threads" und "Scan archives" machen.
    • Start drücken.
    • Signaturen werden heruntergeladen.
    • Der Scan beginnt automatisch.
    • Wenn fertig, das Protokoll speichern und mir posten.
      -> List of found threats
      -> Export to text file
      -> Back
      -> Delete quarantäne files
    • Finish drücken.
    • Browser schließen.
    • Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
    • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

v2rahn 29.10.2012 22:59
Hallo kira,

Ich habe alle Schritte durchgearbeitet, mit den nachfolgenden Abweichungen und Beobachtungen.

Das Wichtigste vorab: Die Umleitung der Links ist immer noch nicht ganz weg. Mir kommt es vor, als sei es weniger geworden, aber das kann auch eine Täuschung sein.

zu Schritt 2 (Fixen mit OTL): Du schreibst, es sollen dabei alle Programme geschlossen sein. Ich hatte versehentlich, während OTL den Fix ausführte, für etwa die erste Minute Firefox mit diesem Thread geöffnet, alle anderen Programme waren geschlossen. Dann habe ich auch Firefox geschlossen. Ist das ein Problem für die Reparatur? Der Rest lief wie beschrieben, inkl. Reboot. Hier der Log vom OTL-Fix:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ee18eee-432d-11df-aca2-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee18eee-432d-11df-aca2-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ee18eee-432d-11df-aca2-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ee18ef1-432d-11df-aca2-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ee18ef1-432d-11df-aca2-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ee18ef1-432d-11df-aca2-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7719fd37-1b36-11df-83bd-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7719fd37-1b36-11df-83bd-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7719fd37-1b36-11df-83bd-806e6f6e6963}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90476f2c-1e69-11df-8691-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90476f2c-1e69-11df-8691-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90476f2c-1e69-11df-8691-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90476f2f-1e69-11df-8691-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90476f2f-1e69-11df-8691-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90476f2f-1e69-11df-8691-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df661aa5-1d94-11df-be36-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df661aa5-1d94-11df-be36-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df661aa5-1d94-11df-be36-00245442c190}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df661aa9-1d94-11df-be36-00245442c190}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df661aa9-1d94-11df-be36-00245442c190}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df661aa9-1d94-11df-be36-00245442c190}\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Rahn\Desktop\cmd.bat deleted successfully.
C:\Users\Rahn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kids
->Temp folder emptied: 10252603 bytes
->Temporary Internet Files folder emptied: 9291529 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 206651591 bytes
->Flash cache emptied: 5864 bytes
 
User: Public
 
User: Rahn
->Temp folder emptied: 2039746229 bytes
->Temporary Internet Files folder emptied: 214241728 bytes
->Java cache emptied: 2192294 bytes
->FireFox cache emptied: 384356325 bytes
->Flash cache emptied: 198831 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 432666048 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46425962 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 4039631882 bytes
 
Total Files Cleaned = 7,044.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10282012_121000

Files\Folders moved on Reboot...
C:\Users\Rahn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Rahn\AppData\Local\Temp\~DF7D5AECA222AC67BB.TMP moved successfully.
File\Folder C:\Windows\temp\ZLT058b8.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
5. OpenOffice.org Update: Ich habe OpenOffice deinstalliert, statt es zu aktualisieren. Ich verwende es nicht mehr.

8. ESET online Scan: "No threads found", auch kein Logfile.

9. OTL-Scan:

OTL.txt:
OTL Logfile:
Code:
OTL logfile created on: 10/28/2012 6:07:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 47.95% Memory free
7.71 Gb Paging File | 6.06 Gb Available in Paging File | 78.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 77.72 Gb Free Space | 52.26% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 114.14 Gb Free Space | 37.80% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 764.41 Gb Free Space | 82.08% Space Free | Partition Type: FAT32
Drive U: | 67.09 Gb Total Space | 45.09 Gb Free Space | 67.21% Space Free | Partition Type: NTFS
 
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/27 10:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
PRC - [2012/10/26 22:16:01 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/10 13:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 02:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/08/29 15:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/08/29 14:45:24 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/14 13:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe
PRC - [2010/08/13 11:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe
PRC - [2009/12/26 20:02:22 | 000,349,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
PRC - [2009/11/04 13:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/13 19:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 02:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/10/24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/10/26 22:16:01 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/08/30 12:05:28 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/10/28 11:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/10/26 22:16:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 16:46:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/03 14:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/10/02 02:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 02:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/29 15:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/14 13:08:16 | 000,544,768 | ---- | M] (PaperCut Software International Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger)
SRV - [2010/08/13 11:04:58 | 001,918,464 | ---- | M] (Debenu Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe -- (QuickPDFTCPService0721)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)
SRV - [2008/10/24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/05 02:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/21 02:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/13 02:11:18 | 000,151,904 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/30 12:05:42 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012/06/27 14:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/06/11 13:17:44 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/06/11 13:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012/06/11 13:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/06/11 13:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/06/11 13:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/13 02:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/07 16:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/24 18:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 18:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/08/24 18:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2010/08/24 18:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2010/02/19 22:20:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/02/19 22:20:53 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/09 10:37:38 | 001,794,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\p2usbhum.sys -- (iComp)
DRV:64bit: - [2009/11/20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/10 04:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/27 15:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/08/25 13:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: checkplaces@andyhalford.com:2.6.2
FF - prefs.js..extensions.enabledAddons: facebook@disconnect.me:2.1.3
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:3.0.0
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.5
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.6.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.5
FF - prefs.js..extensions.enabledItems: {394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}:2.0.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&sourceid=navclient&gfns=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/09/22 20:11:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/09/22 20:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 22:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 22:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 21:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
 
[2010/12/23 13:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions
[2010/12/23 13:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/23 18:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions
[2012/09/18 21:57:08 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2012/10/12 20:31:28 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011/10/31 19:26:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/10/14 08:01:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012/09/15 16:32:11 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\ich@maltegoetz.de
[2012/10/03 21:09:20 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011/12/09 20:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\Firefox\Profiles\7llixhm3.default\extensions\nostmp
[2012/03/29 20:47:34 | 000,129,271 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\checkplaces@andyhalford.com.xpi
[2012/07/24 08:16:36 | 000,035,735 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\facebook@disconnect.me.xpi
[2012/02/24 18:56:52 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2012/08/29 20:41:01 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/07/25 22:10:18 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/01 23:11:32 | 000,002,101 | ---- | M] () -- C:\Users\Rahn\AppData\Roaming\mozilla\firefox\profiles\7llixhm3.default\searchplugins\googlede.xml
[2012/10/26 22:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/26 22:16:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/03 17:37:14 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/30 17:39:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/12 17:20:26 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2011/09/21 23:10:30 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 74.55.76.230 www.google-analytics.com.
O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net.
O1 - Hosts: 74.55.76.230 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3EDA5FB-2992-4B99-9B89-788630AD6D22}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (IqlurcIjlocn.dll) -  File not found
O29 - HKLM SecurityProviders - (IqlurcIjlocn.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | RH-D | M] - F:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/28 13:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/28 13:01:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/28 13:01:45 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/28 13:01:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/28 13:01:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/28 13:01:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/28 13:01:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/28 13:01:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/28 13:01:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/28 13:01:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/28 13:01:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/28 13:01:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/28 13:01:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/28 13:01:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/28 13:01:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/28 13:01:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/28 13:01:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/28 13:01:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/28 13:01:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/28 13:01:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/28 13:01:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/28 13:01:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/28 13:01:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/28 13:01:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/28 13:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/28 13:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/28 13:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/28 13:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/28 13:01:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/28 13:01:35 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/10/28 13:01:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/10/28 13:01:33 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/10/28 13:01:32 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/10/28 13:01:32 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/10/28 13:01:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/10/28 12:46:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/28 12:46:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/28 12:46:07 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/28 12:10:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/27 10:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/10/27 10:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/26 22:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/26 19:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
[2012/10/26 11:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/19 20:31:45 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Documents\Nokia Suite
[2012/10/19 20:24:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\NokiaAccount
[2012/10/19 20:23:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Nokia
[2012/10/19 20:23:31 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\PC Suite
[2012/10/19 20:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012/10/19 20:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2012/10/19 20:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/10/19 20:22:14 | 000,026,112 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2012/10/19 20:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012/10/19 20:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012/10/19 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2012/10/16 22:32:34 | 000,000,000 | ---D | C] -- C:\Users\Rahn\Arensus
[2012/10/16 22:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arensus-1.1.8
[2012/10/16 22:17:13 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\pics
[2012/10/16 22:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\pics
[2012/10/16 22:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pics
[2012/10/16 21:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EclipseCrossword
[2012/10/14 10:12:17 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\AVG2013
[2012/10/14 10:03:44 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software
[2012/10/14 10:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/14 08:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\MFAData
[2012/10/14 08:01:08 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Avg2013
[2012/10/10 21:30:44 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 21:30:42 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 21:30:42 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 21:30:40 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 21:30:29 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 21:30:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/05 02:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/03 21:09:55 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Local\Downloaded Installations
[2012/10/03 21:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/10/03 21:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012/10/03 21:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012/10/03 21:04:04 | 000,000,000 | ---D | C] -- C:\Users\Rahn\AppData\Roaming\LavasoftStatistics
[2012/10/02 02:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/28 17:46:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/28 15:54:15 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/28 15:54:15 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/10/28 15:54:15 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/28 15:54:15 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/10/28 15:54:15 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/28 13:45:26 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 13:45:26 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 13:37:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/10/28 13:37:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/28 13:37:42 | 3106,123,776 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/28 13:06:42 | 000,396,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/27 16:46:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/10/27 10:07:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rahn\Desktop\OTL.exe
[2012/10/26 22:40:29 | 000,067,348 | ---- | M] () -- C:\Users\Rahn\Desktop\AAW_screenshot.jpg
[2012/10/26 22:39:59 | 000,110,109 | ---- | M] () -- C:\Users\Rahn\Desktop\AVG2013_screenshot.jpg
[2012/10/26 19:39:25 | 000,000,000 | ---- | M] () -- C:\Users\Rahn\defogger_reenable
[2012/10/26 19:38:37 | 000,050,477 | ---- | M] () -- C:\Users\Rahn\Desktop\Defogger.exe
[2012/10/26 11:56:53 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/20 19:19:43 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 20:24:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/10/16 22:43:40 | 000,000,130 | ---- | M] () -- C:\Windows\SysWow64\user.properties
[2012/10/16 22:16:25 | 000,330,240 | ---- | M] () -- C:\Windows\PICSUninstall.exe
[2012/10/16 21:54:43 | 000,002,707 | ---- | M] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk
[2012/10/10 16:46:12 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/10 16:46:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/05 02:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/10/01 05:29:17 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/10/01 05:29:17 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/26 22:38:05 | 000,067,348 | ---- | C] () -- C:\Users\Rahn\Desktop\AAW_screenshot.jpg
[2012/10/26 22:36:57 | 000,110,109 | ---- | C] () -- C:\Users\Rahn\Desktop\AVG2013_screenshot.jpg
[2012/10/26 19:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\defogger_reenable
[2012/10/26 19:38:37 | 000,050,477 | ---- | C] () -- C:\Users\Rahn\Desktop\Defogger.exe
[2012/10/20 19:19:43 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/19 20:24:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012/10/16 22:43:40 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\user.properties
[2012/10/16 22:16:25 | 000,330,240 | ---- | C] () -- C:\Windows\PICSUninstall.exe
[2012/10/16 22:07:14 | 000,002,707 | ---- | C] () -- C:\Users\Rahn\Desktop\EclipseCrossword.lnk
[2012/10/16 21:54:43 | 000,002,707 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EclipseCrossword.lnk
[2012/10/14 10:03:44 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/28 08:32:03 | 000,003,391 | ---- | C] () -- C:\Users\Rahn\.recently-used.xbel
[2011/12/25 22:15:09 | 000,141,868 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/24 23:22:04 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/06 19:20:26 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/06 19:20:26 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/29 00:20:01 | 000,000,000 | ---- | C] () -- C:\Users\Rahn\AppData\Local\{F6DE5078-0F2D-4242-8C1E-CAE91E0F78CA}
[2011/05/11 21:14:18 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/05/11 21:03:43 | 000,000,987 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/05/01 19:27:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/03/28 19:48:08 | 000,000,680 | RHS- | C] () -- C:\Users\Rahn\ntuser.pol
[2011/03/13 20:00:22 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/02/27 20:03:32 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011/02/12 19:27:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011/02/12 19:27:17 | 000,000,268 | RH-- | C] () -- C:\Users\Rahn\AppData\Roaming\Common
[2011/02/12 19:27:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/02/12 19:27:17 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dance
[2011/01/14 23:18:57 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011/01/14 22:42:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011/01/13 19:13:03 | 000,050,176 | ---- | C] () -- C:\Users\Rahn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/10 22:31:06 | 000,000,159 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/10 22:27:17 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/03/09 23:56:16 | 000,021,504 | ---- | C] () -- C:\Users\Rahn\AppData\Local\WebpageIcons.db
[2010/03/04 00:44:40 | 000,007,604 | ---- | C] () -- C:\Users\Rahn\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010/06/15 22:46:06 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AAV
[2012/10/14 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG2013
[2011/01/07 23:46:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\AVG9
[2012/10/21 10:12:36 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\BOM
[2010/02/19 21:40:23 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Bytemobile
[2012/09/22 20:11:50 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\CheckPoint
[2011/05/11 21:30:27 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\EAC
[2011/02/04 00:11:59 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\gtk-2.0
[2010/04/08 22:02:03 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\HCM Updater
[2011/02/02 19:59:33 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Leadertech
[2011/03/05 13:07:02 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MAGIX
[2012/10/20 17:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\MusicBee
[2011/02/12 19:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Nikon
[2010/02/16 22:21:43 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\OpenOffice.org
[2012/10/19 20:25:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PC Suite
[2012/10/16 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\pics
[2011/02/12 21:31:39 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PMortara
[2012/10/18 22:01:10 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\PrimoPDF
[2010/02/25 23:09:53 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TheLastRipper
[2010/12/23 13:46:57 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Thunderbird
[2012/09/01 12:29:31 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TIPP10
[2012/10/14 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TuneUp Software
[2012/09/30 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\TV-Browser
[2010/02/16 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Vodafone
[2010/03/30 07:01:20 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\XnView
[2011/09/28 22:53:26 | 000,000,000 | ---D | M] -- C:\Users\Rahn\AppData\Roaming\Zylum
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Extras.txt:
OTL Logfile:
Code:
OTL Extras logfile created on: 10/28/2012 6:07:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Rahn\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 47.95% Memory free
7.71 Gb Paging File | 6.06 Gb Available in Paging File | 78.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.72 Gb Total Space | 77.72 Gb Free Space | 52.26% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 114.14 Gb Free Space | 37.80% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 764.41 Gb Free Space | 82.08% Space Free | Partition Type: FAT32
Drive U: | 67.09 Gb Total Space | 45.09 Gb Free Space | 67.21% Space Free | Partition Type: NTFS
 
Computer Name: RAHN-PC | User Name: Rahn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E43CC6A-2E81-4FC4-9C99-BE68CFC24D2A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1289EAB9-EE32-4DF1-90A0-0EE387719A61}" = rport=137 | protocol=17 | dir=out | app=system |
"{1BA2E8F3-6FD7-42A7-B9F2-1C8551F0BC2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{323C0FCE-0453-4A1C-B380-49F0D885E947}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34EC2051-072A-4905-B673-5197AFB979FD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{37979EA0-570E-4BE3-A297-8B114A209373}" = rport=138 | protocol=17 | dir=out | app=system |
"{401E2B27-DC34-4E33-85E2-3B8C111955A2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4686D8EB-B4FF-4E42-8944-B2E85692E177}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59CA99C9-5C2B-4233-830A-61B409CEC986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D758013-66A9-4AE2-B763-F079E5BC260D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DA2CDE4-2668-49F9-8FED-8C28E4105AD5}" = rport=445 | protocol=6 | dir=out | app=system |
"{68DAB730-12EC-494D-A199-14D4AE45900D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76F186C1-3921-414C-86D0-ED69E0B8BB0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{861B8E48-77A0-41A8-8BBC-8EBF9BB56768}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A9F948-8D9A-414D-A40D-FFFC02959C02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93CC6058-EDC2-45EA-82BD-07269DB5275B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B97CDA04-F69B-4769-B3DC-17E273D67A29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B99226E7-A26E-49B9-9C36-6BC8146A0FA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C86769AF-EB28-4623-ABEA-5E7404AA09B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{D4FB36C3-EA3D-4CD6-8DBE-F3C66911F009}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB408C7A-2809-4F9E-AC69-E3CCA934D096}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E91F64E0-7CA5-49EC-B305-A4252A57531F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC120DC5-A31F-42C0-94F3-6A2993B88CC1}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED9BBE18-6043-47EE-9878-3860A96FE90D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEDDF6A6-7530-455C-89E6-BDBF5D7332E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE490273-839D-4E98-83FC-FDAB481A961F}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0109D715-2320-4A69-8DEB-12B5711931B0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02E8C7B7-6628-444F-A243-5AC16DA5AB12}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0BD7D0A1-E18D-4229-849E-343D1AFB51E1}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{0DE907FE-1D4B-4A73-8014-9FEBA20F0B01}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{1576B518-5438-4569-AB57-DEC482743BFA}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{19B593A7-D08E-4074-A0DB-3036A1AFB329}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1B9EA390-5B0A-49BD-AC5C-5F56C177DE68}" = protocol=6 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{209AF53E-E815-4DBA-9AA6-85CEEA847B29}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2FBF0987-C816-433A-B3C3-B6970736FDE4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{36B9DC24-4D26-4AB9-8A5C-556B987AF981}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{393089AB-6BF1-4BFD-B178-101CB85EBF28}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{3DA2B1C6-2AF5-463A-AE32-E0C0FC50FD6D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{43317FC3-9072-48C3-82A8-A9FAE59A5773}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A5C8BE-819C-4EC5-BAC6-59457121FB46}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{4979E448-4D6C-4873-A940-E42A6A69290F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8B8109-83CD-4C26-A3FC-00F382051927}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{50EB2442-33A1-48A3-8427-8FBBFD78744B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58069457-4960-4378-AB09-2ADA12923734}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5F3BA74D-15EF-491E-962E-8132FC87E78E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63E0284A-A011-4664-BEFB-76DDACB45561}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB9AA37-4E94-4C58-81A9-090C1F134C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C2C1411-0805-4520-87FE-072F6DEEAA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E720DB0-1F10-4121-A0C3-8ADEF9181B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F9CD14B-E5CF-41AC-8516-ECFA5ABB8044}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{81F86D3A-B5E4-4B44-BC5C-2A1E21D69472}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{88178ED1-0399-4831-8385-834A852FBA8D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8CF77F5C-A12F-4CAD-A2BB-E9B028BB2BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{92DE8E72-03D9-4C47-9544-CA1B4D4ED266}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98C5E9C8-EEAA-441F-BD98-A086C6510037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A967C49-E075-4125-9348-C167034413D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9AF51E8A-18EB-4351-8BB5-B15B95BF8313}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{9AF79CB2-443E-4AB4-B3E1-AE341AADE419}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D94C48E-33F1-4B8B-B7B3-D9000F1EF2EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A849018C-FB61-4ECB-9514-75316E15F405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B23F1DDA-152D-4F2D-998F-A106B2671ADC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CDBEE2A0-C703-4AF2-B3DA-77356C7F1887}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D42507DE-7D2D-43A4-BD5D-9C7A9A2FF219}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D578291B-57E1-4E28-854E-7D0082428D48}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser.exe |
"{D6B8D9C6-A461-4119-BEDF-E99295D214EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{DB4D0E9D-082E-4863-80D4-1D774649D539}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DE234E1A-FFA3-42B2-8646-A9D594967AEE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E0108B39-18F0-4F27-9A11-F37BD3AEC530}" = protocol=17 | dir=in | app=c:\program files (x86)\tv-browser\tvbrowser_nodd.exe |
"{E3F1EA17-9A4D-4625-8043-558E1927F9A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8F1E4C6-B652-4DA1-87E5-9DF4564B24B4}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{E9B2B457-AC20-4FB1-81D9-E1F472EBE186}" = protocol=6 | dir=out | app=system |
"{F1090207-99A0-44C1-BBC0-C58697A3B2BA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{FE4FE2A2-2382-4499-8039-4A75B6372426}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{18D5FAA9-D2A2-4291-AFBC-B9476A813BC1}" = AVG 2013
"{1FB1AA7C-9ECD-4350-AE3D-3CB3698C5CEB}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E04DB4D-CBE9-40C3-9906-723308D48EB0}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92C0E71C-5917-4FF2-9A5E-8BB0E85E0625}" = AVG 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}" = MySQL Connector/ODBC 5.1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}" = VideoCam Suite 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{257F2279-6843-433E-9060-15BAB966F20D}" = Steuer-Spar-Erklärung Plus 2011
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{33013398-9228-42D7-A92A-38CA478F4D57}" = ZoneAlarm Security
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBBEDB1-14D0-4F53-8537-1EE0F39F8FF8}" = MusicBee
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65F5234F-C7FD-41B9-80D1-CB18F190490D}" = EclipseCrossword
"{67241932-507E-4DA7-9B25-2C856E2DE58C}" = DCIMImport 2.0.0.70
"{6749B472-63E5-49B4-964A-4B76A33BC768}" = ZoneAlarm Firewall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Cam4you utilities" = Cam4you utilities
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FastStone Photo Resizer" = FastStone Photo Resizer 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX Filme auf DVD TerraTec deluxe Edition D" = MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PaperCut Print Logger_is1" = PaperCut Print Logger 1.8
"pdfsam" = pdfsam
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Quick PDF Tools" = Quick PDF Tools 2.1.6.1
"ST6UNST #1" = SmartTrainer
"TerraTec G5" = TerraTec G5 V6.270.13.00
"TheLastRipper" = TheLastRipper 1.4
"TIPP10_is1" = TIPP10 Version 2.1.0
"tvbrowser" = TV-Browser 3.2
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/25/2012 3:43:28 PM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/26/2012 9:28:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/27/2012 12:52:03 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/28/2012 3:35:42 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/29/2012 10:26:53 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/30/2012 3:49:13 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 4/30/2012 6:05:32 AM | Computer Name = Rahn-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EasySpeedUpManager.exe, Version:
3.0.0.5, Zeitstempel: 0x4ad45055  Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000
ID
 des fehlerhaften Prozesses: 0xd7c  Startzeit der fehlerhaften Anwendung: 0x01cd26b8c616194b
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 052c7555-92ac-11e1-a00c-00245442c190
 
Error - 4/30/2012 12:24:40 PM | Computer Name = Rahn-PC | Source = MsiInstaller | ID = 11719
Description =
 
Error - 5/1/2012 4:00:45 AM | Computer Name = Rahn-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12e8    Startzeit:
 01cd2770308885a6    Endzeit: 47    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 ad428aba-9363-11e1-a07f-00245442c190 
 
Error - 5/1/2012 4:57:12 AM | Computer Name = Rahn-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 10/28/2012 7:18:46 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 10/28/2012 8:05:11 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/28/2012 8:07:57 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/28/2012 8:08:05 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/28/2012 8:08:11 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 10/28/2012 8:36:28 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/28/2012 8:37:56 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:  %%5
 
Error - 10/28/2012 8:37:56 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 10/28/2012 8:40:28 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 10/28/2012 8:40:28 AM | Computer Name = Rahn-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
--- --- ---


Was kann ich noch tun?
Auf jeden Fall Danke für die Hilfe!

kira 30.10.2012 06:34
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

v2rahn 30.10.2012 22:32
Hier der Log von adwcleaner/Search:

Code:
# AdwCleaner v2.006 - Datei am 30/10/2012 um 22:28:03 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Rahn - RAHN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rahn\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\blekko toolbars
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Kids\AppData\LocalLow\AVG Secure Search

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\Software\Software
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profilname : default
Datei : C:\Users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Profilname : default
Datei : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\3wcmn3nh.default\prefs.js

Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R1].txt - [3674 octets] - [30/10/2012 22:28:03]

########## EOF - C:\AdwCleaner[R1].txt - [3734 octets] ##########
In der Zwischenzeit habe ich auch wieder zwei Mal das Werbe-Popup unten rechts gehabt.

Danke für jeden weiteren Hinweis!

kira 30.10.2012 22:56
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

wie sieht jetzt aus?
► nur mit dem Firefox hast Du probleme, oder besteht das Problem mit Internet Explorer auch?

v2rahn 31.10.2012 18:48
Liste der Anhänge anzeigen (Anzahl: 1)
adwcleaner ist gelaufen, hier das Logfile:

Code:
# AdwCleaner v2.006 - Datei am 30/10/2012 um 23:00:49 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Rahn - RAHN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rahn\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Kids\AppData\LocalLow\AVG Secure Search

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profilname : default
Datei : C:\Users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\prefs.js

C:\Users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Profilname : default
Datei : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\3wcmn3nh.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[S1].txt - [3774 octets] - [30/10/2012 23:00:49]

########## EOF - C:\AdwCleaner[S1].txt - [3834 octets] ##########
Sowohl die Umleitungen als auch die Werbefenster rechts oder links unten sind immer noch da. Beides passiert auch im Internet Explorer, nicht nur in Firefox.

Ich füge einen Screenshot des Werbefensters an, denn trotz des sehr unterschiedlichen Inhalts ist die Größe des Fensters und das Layout des "X" rechts oben immer gleich. Vielleicht hilft das bei der Einordnung der Ursache.

kira 01.11.2012 06:20
TDSSKiller von Kaspersky

Wichtig:
  • Deinstalliere über Systemsteuerung => Software/Programme vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche, da sie bei der Rootkit-Suche das Ergebnis verfälschen können.

  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.

  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).

  • Starte die TDSSKiller.exe durch Doppelklick.
  • Vista- und Windows7-User mit Rechtsklick und als Administrator starten.

    http://forum.botfrei.de/petra/tdss1.jpg

  • Klicke auf Start Scan, um den Suchlauf zu starten.

  • In den Settings die Additional options nicht anhaken und mit Ok bestätigen.

    http://forum.botfrei.de/petra/tdss3.jpg


  • Klicke erneut auf Start Scan, um den Suchlauf zu starten.

  • Sollte TDSSKiller Funde machen, wird das Tool fragen, was damit zu tun ist.
    In diesem Fall wähle cure, was soviel wie desinfizieren bedeutet.

  • Bei Funden nach Beendigung des Scans das System neu starten.
    Beim Hochfahren des Systems werden die Funde dann bereinigt und/oder gelöscht.

  • Den Bericht erhälst Du durch Klick auf Report rechts oben. Bitte hier in den Thread posten.
    Da nur der letzte Report unter C:\TDSSKiller<random>.txt gespeichert wird, ggfs. ältere Berichte unter einem anderen Namen speichern.
Hier findest Du eine ausführlichere Anleitung

v2rahn 03.11.2012 15:47
TDSSKiller hat nichts gefunden. Hier das Logfile.
Ich habe in einem zweiten Scan außerdem den Haken bei "Loaded modules" gesezt, aber auch der Scan hat nichts ergeben.

Code:
15:28:30.0580 4456  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:28:30.0767 4456  ============================================================
15:28:30.0767 4456  Current date / time: 2012/11/03 15:28:30.0767
15:28:30.0767 4456  SystemInfo:
15:28:30.0767 4456 
15:28:30.0767 4456  OS Version: 6.1.7600 ServicePack: 0.0
15:28:30.0767 4456  Product type: Workstation
15:28:30.0767 4456  ComputerName: RAHN-PC
15:28:30.0783 4456  UserName: Rahn
15:28:30.0783 4456  Windows directory: C:\Windows
15:28:30.0783 4456  System windows directory: C:\Windows
15:28:30.0783 4456  Running under WOW64
15:28:30.0783 4456  Processor architecture: Intel x64
15:28:30.0783 4456  Number of processors: 4
15:28:30.0783 4456  Page size: 0x1000
15:28:30.0783 4456  Boot type: Normal boot
15:28:30.0783 4456  ============================================================
15:28:31.0344 4456  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:31.0360 4456  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:28:31.0859 4456  ============================================================
15:28:31.0859 4456  \Device\Harddisk0\DR0:
15:28:31.0859 4456  MBR partitions:
15:28:31.0859 4456  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:28:31.0859 4456  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x1296F000
15:28:31.0859 4456  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x147A1800, BlocksNum 0x25BE4000
15:28:31.0859 4456  \Device\Harddisk1\DR1:
15:28:31.0859 4456  MBR partitions:
15:28:31.0859 4456  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
15:28:31.0859 4456  ============================================================
15:28:31.0906 4456  C: <-> \Device\Harddisk0\DR0\Partition2
15:28:31.0937 4456  D: <-> \Device\Harddisk0\DR0\Partition3
15:28:31.0937 4456  F: <-> \Device\Harddisk1\DR1\Partition1
15:28:31.0937 4456  ============================================================
15:28:31.0937 4456  Initialize success
15:28:31.0937 4456  ============================================================
15:28:55.0899 4184  ============================================================
15:28:55.0899 4184  Scan started
15:28:55.0899 4184  Mode: Manual;
15:28:55.0899 4184  ============================================================
15:28:56.0507 4184  ================ Scan system memory ========================
15:28:56.0507 4184  System memory - ok
15:28:56.0507 4184  ================ Scan services =============================
15:28:56.0757 4184  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:28:56.0757 4184  1394ohci - ok
15:28:56.0913 4184  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
15:28:56.0913 4184  AAV UpdateService - ok
15:28:56.0959 4184  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:28:56.0975 4184  ACPI - ok
15:28:57.0006 4184  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
15:28:57.0006 4184  AcpiPmi - ok
15:28:57.0131 4184  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:28:57.0131 4184  AdobeARMservice - ok
15:28:57.0318 4184  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:28:57.0318 4184  AdobeFlashPlayerUpdateSvc - ok
15:28:57.0381 4184  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
15:28:57.0396 4184  adp94xx - ok
15:28:57.0459 4184  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
15:28:57.0459 4184  adpahci - ok
15:28:57.0505 4184  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
15:28:57.0505 4184  adpu320 - ok
15:28:57.0552 4184  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:28:57.0552 4184  AeLookupSvc - ok
15:28:57.0615 4184  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD            C:\Windows\system32\drivers\afd.sys
15:28:57.0630 4184  AFD - ok
15:28:57.0677 4184  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:28:57.0677 4184  agp440 - ok
15:28:57.0708 4184  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
15:28:57.0708 4184  ALG - ok
15:28:57.0739 4184  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:28:57.0739 4184  aliide - ok
15:28:57.0771 4184  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:28:57.0771 4184  amdide - ok
15:28:57.0802 4184  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
15:28:57.0802 4184  AmdK8 - ok
15:28:57.0833 4184  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:28:57.0833 4184  AmdPPM - ok
15:28:57.0880 4184  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:28:57.0880 4184  amdsata - ok
15:28:57.0911 4184  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:28:57.0911 4184  amdsbs - ok
15:28:57.0942 4184  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:28:57.0942 4184  amdxata - ok
15:28:57.0973 4184  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID          C:\Windows\system32\drivers\appid.sys
15:28:57.0989 4184  AppID - ok
15:28:58.0005 4184  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:28:58.0020 4184  AppIDSvc - ok
15:28:58.0036 4184  [ D065BE66822847B7F127D1F90158376E ] Appinfo        C:\Windows\System32\appinfo.dll
15:28:58.0051 4184  Appinfo - ok
15:28:58.0129 4184  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:28:58.0129 4184  Apple Mobile Device - ok
15:28:58.0176 4184  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
15:28:58.0176 4184  arc - ok
15:28:58.0192 4184  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:28:58.0192 4184  arcsas - ok
15:28:58.0348 4184  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:28:58.0348 4184  aspnet_state - ok
15:28:58.0395 4184  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:58.0395 4184  AsyncMac - ok
15:28:58.0426 4184  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
15:28:58.0426 4184  atapi - ok
15:28:58.0535 4184  [ 3D68A1EEF77307142636AF5127990BCB ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:28:58.0613 4184  athr - ok
15:28:58.0675 4184  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
15:28:58.0691 4184  atksgt - ok
15:28:58.0738 4184  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:58.0753 4184  AudioEndpointBuilder - ok
15:28:58.0769 4184  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:28:58.0769 4184  AudioSrv - ok
15:28:59.0003 4184  [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:28:59.0143 4184  AVGIDSAgent - ok
15:28:59.0206 4184  [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:28:59.0221 4184  AVGIDSDriver - ok
15:28:59.0299 4184  [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
15:28:59.0299 4184  AVGIDSHA - ok
15:28:59.0362 4184  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
15:28:59.0377 4184  Avgldx64 - ok
15:28:59.0424 4184  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga        C:\Windows\system32\DRIVERS\avgloga.sys
15:28:59.0424 4184  Avgloga - ok
15:28:59.0487 4184  [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
15:28:59.0487 4184  Avgmfx64 - ok
15:28:59.0549 4184  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
15:28:59.0549 4184  Avgrkx64 - ok
15:28:59.0627 4184  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia        C:\Windows\system32\DRIVERS\avgtdia.sys
15:28:59.0627 4184  Avgtdia - ok
15:28:59.0721 4184  [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd          C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:28:59.0721 4184  avgwd - ok
15:28:59.0845 4184  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:28:59.0845 4184  AxInstSV - ok
15:28:59.0908 4184  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
15:28:59.0923 4184  b06bdrv - ok
15:28:59.0955 4184  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:28:59.0955 4184  b57nd60a - ok
15:29:00.0001 4184  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:29:00.0001 4184  BDESVC - ok
15:29:00.0017 4184  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:29:00.0017 4184  Beep - ok
15:29:00.0095 4184  [ 4992C609A6315671463E30F6512BC022 ] BFE            C:\Windows\System32\bfe.dll
15:29:00.0095 4184  BFE - ok
15:29:00.0126 4184  [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen        C:\Windows\SysWOW64\bgsvcgen.exe
15:29:00.0126 4184  bgsvcgen - ok
15:29:00.0189 4184  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
15:29:00.0204 4184  BITS - ok
15:29:00.0251 4184  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:29:00.0251 4184  blbdrive - ok
15:29:00.0345 4184  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:29:00.0360 4184  Bonjour Service - ok
15:29:00.0423 4184  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:29:00.0423 4184  bowser - ok
15:29:00.0438 4184  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:29:00.0438 4184  BrFiltLo - ok
15:29:00.0469 4184  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:29:00.0469 4184  BrFiltUp - ok
15:29:00.0516 4184  [ 6B054C67AAA87843504E8E3C09102009 ] Browser        C:\Windows\System32\browser.dll
15:29:00.0532 4184  Browser - ok
15:29:00.0579 4184  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:29:00.0579 4184  Brserid - ok
15:29:00.0610 4184  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:29:00.0610 4184  BrSerWdm - ok
15:29:00.0625 4184  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:29:00.0625 4184  BrUsbMdm - ok
15:29:00.0641 4184  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:29:00.0641 4184  BrUsbSer - ok
15:29:00.0688 4184  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
15:29:00.0688 4184  BthEnum - ok
15:29:00.0719 4184  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:29:00.0735 4184  BTHMODEM - ok
15:29:00.0766 4184  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:29:00.0766 4184  BthPan - ok
15:29:00.0813 4184  [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
15:29:00.0828 4184  BTHPORT - ok
15:29:00.0859 4184  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
15:29:00.0859 4184  bthserv - ok
15:29:00.0891 4184  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:29:00.0891 4184  BTHUSB - ok
15:29:00.0906 4184  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:29:00.0922 4184  cdfs - ok
15:29:00.0984 4184  [ 9EDD76D0800A022AE10B9243D0224E72 ] cdrbsdrv        C:\Windows\system32\drivers\cdrbsdrv.sys
15:29:01.0000 4184  cdrbsdrv - ok
15:29:01.0031 4184  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:29:01.0047 4184  cdrom - ok
15:29:01.0078 4184  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc    C:\Windows\System32\certprop.dll
15:29:01.0078 4184  CertPropSvc - ok
15:29:01.0109 4184  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:29:01.0109 4184  circlass - ok
15:29:01.0140 4184  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:29:01.0156 4184  CLFS - ok
15:29:01.0234 4184  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:29:01.0234 4184  clr_optimization_v2.0.50727_32 - ok
15:29:01.0281 4184  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:29:01.0281 4184  clr_optimization_v2.0.50727_64 - ok
15:29:01.0374 4184  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:29:01.0390 4184  clr_optimization_v4.0.30319_32 - ok
15:29:01.0437 4184  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:29:01.0437 4184  clr_optimization_v4.0.30319_64 - ok
15:29:01.0468 4184  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:29:01.0483 4184  CmBatt - ok
15:29:01.0515 4184  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:29:01.0515 4184  cmdide - ok
15:29:01.0561 4184  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG            C:\Windows\system32\Drivers\cng.sys
15:29:01.0577 4184  CNG - ok
15:29:01.0608 4184  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:29:01.0608 4184  Compbatt - ok
15:29:01.0655 4184  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:29:01.0655 4184  CompositeBus - ok
15:29:01.0671 4184  COMSysApp - ok
15:29:01.0702 4184  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
15:29:01.0702 4184  crcdisk - ok
15:29:01.0733 4184  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:29:01.0733 4184  CryptSvc - ok
15:29:01.0780 4184  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:29:01.0795 4184  DcomLaunch - ok
15:29:01.0827 4184  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
15:29:01.0842 4184  defragsvc - ok
15:29:01.0858 4184  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:29:01.0858 4184  DfsC - ok
15:29:01.0920 4184  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:29:01.0920 4184  Dhcp - ok
15:29:01.0967 4184  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:29:01.0967 4184  discache - ok
15:29:01.0998 4184  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:29:01.0998 4184  Disk - ok
15:29:02.0014 4184  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:29:02.0014 4184  Dnscache - ok
15:29:02.0045 4184  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc        C:\Windows\System32\dot3svc.dll
15:29:02.0045 4184  dot3svc - ok
15:29:02.0076 4184  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS            C:\Windows\system32\dps.dll
15:29:02.0076 4184  DPS - ok
15:29:02.0107 4184  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:29:02.0107 4184  drmkaud - ok
15:29:02.0170 4184  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:29:02.0185 4184  DXGKrnl - ok
15:29:02.0217 4184  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
15:29:02.0217 4184  EapHost - ok
15:29:02.0341 4184  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
15:29:02.0373 4184  ebdrv - ok
15:29:02.0435 4184  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS            C:\Windows\System32\lsass.exe
15:29:02.0435 4184  EFS - ok
15:29:02.0513 4184  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
15:29:02.0529 4184  ehRecvr - ok
15:29:02.0560 4184  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
15:29:02.0560 4184  ehSched - ok
15:29:02.0607 4184  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
15:29:02.0622 4184  elxstor - ok
15:29:02.0653 4184  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:29:02.0653 4184  ErrDev - ok
15:29:02.0700 4184  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
15:29:02.0716 4184  EventSystem - ok
15:29:02.0747 4184  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
15:29:02.0763 4184  exfat - ok
15:29:02.0841 4184  Fabs - ok
15:29:02.0872 4184  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:29:02.0887 4184  fastfat - ok
15:29:02.0934 4184  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax            C:\Windows\system32\fxssvc.exe
15:29:02.0950 4184  Fax - ok
15:29:02.0965 4184  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
15:29:02.0965 4184  fdc - ok
15:29:03.0012 4184  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
15:29:03.0012 4184  fdPHost - ok
15:29:03.0028 4184  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:29:03.0028 4184  FDResPub - ok
15:29:03.0059 4184  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:29:03.0059 4184  FileInfo - ok
15:29:03.0075 4184  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:29:03.0075 4184  Filetrace - ok
15:29:03.0199 4184  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:29:03.0246 4184  FirebirdServerMAGIXInstance - ok
15:29:03.0262 4184  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:29:03.0262 4184  flpydisk - ok
15:29:03.0293 4184  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:29:03.0309 4184  FltMgr - ok
15:29:03.0355 4184  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache      C:\Windows\system32\FntCache.dll
15:29:03.0371 4184  FontCache - ok
15:29:03.0402 4184  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:29:03.0418 4184  FontCache3.0.0.0 - ok
15:29:03.0433 4184  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:29:03.0433 4184  FsDepends - ok
15:29:03.0465 4184  [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr        C:\Windows\system32\DRIVERS\fssfltr.sys
15:29:03.0465 4184  fssfltr - ok
15:29:03.0496 4184  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:29:03.0511 4184  fsssvc - ok
15:29:03.0543 4184  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:29:03.0543 4184  Fs_Rec - ok
15:29:03.0574 4184  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:29:03.0589 4184  fvevol - ok
15:29:03.0605 4184  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:29:03.0605 4184  gagp30kx - ok
15:29:03.0636 4184  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:29:03.0636 4184  GEARAspiWDM - ok
15:29:03.0745 4184  [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper  C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
15:29:03.0745 4184  getPlusHelper - ok
15:29:03.0792 4184  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc          C:\Windows\System32\gpsvc.dll
15:29:03.0808 4184  gpsvc - ok
15:29:03.0823 4184  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:29:03.0823 4184  hcw85cir - ok
15:29:03.0855 4184  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:29:03.0870 4184  HdAudAddService - ok
15:29:03.0886 4184  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:29:03.0886 4184  HDAudBus - ok
15:29:03.0917 4184  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
15:29:03.0917 4184  HidBatt - ok
15:29:03.0948 4184  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:29:03.0948 4184  HidBth - ok
15:29:03.0964 4184  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
15:29:03.0964 4184  HidIr - ok
15:29:03.0995 4184  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
15:29:03.0995 4184  hidserv - ok
15:29:04.0026 4184  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:29:04.0026 4184  HidUsb - ok
15:29:04.0057 4184  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:29:04.0057 4184  hkmsvc - ok
15:29:04.0089 4184  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:29:04.0089 4184  HomeGroupListener - ok
15:29:04.0120 4184  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:29:04.0120 4184  HomeGroupProvider - ok
15:29:04.0151 4184  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:29:04.0151 4184  HpSAMD - ok
15:29:04.0182 4184  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:29:04.0198 4184  HTTP - ok
15:29:04.0213 4184  hwdatacard - ok
15:29:04.0229 4184  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:29:04.0229 4184  hwpolicy - ok
15:29:04.0260 4184  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:29:04.0260 4184  i8042prt - ok
15:29:04.0291 4184  [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:29:04.0307 4184  iaStor - ok
15:29:04.0354 4184  [ B75E45C564E944A2657167D197AB29DA ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
15:29:04.0369 4184  iaStorV - ok
15:29:04.0463 4184  [ 22573D87B7D4F524E9097D43F6C08426 ] iComp          C:\Windows\system32\DRIVERS\p2usbhum.sys
15:29:04.0494 4184  iComp - ok
15:29:04.0572 4184  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:29:04.0588 4184  IDriverT - ok
15:29:04.0650 4184  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:29:04.0666 4184  idsvc - ok
15:29:04.0822 4184  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:29:04.0947 4184  igfx - ok
15:29:04.0962 4184  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
15:29:04.0978 4184  iirsp - ok
15:29:05.0009 4184  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:29:05.0025 4184  IKEEXT - ok
15:29:05.0087 4184  [ 36FDF367A1DABFF903E2214023D71368 ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
15:29:05.0087 4184  Impcd - ok
15:29:05.0181 4184  [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:29:05.0227 4184  IntcAzAudAddService - ok
15:29:05.0243 4184  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:29:05.0243 4184  intelide - ok
15:29:05.0290 4184  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:29:05.0290 4184  intelppm - ok
15:29:05.0321 4184  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:29:05.0321 4184  IPBusEnum - ok
15:29:05.0368 4184  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:29:05.0383 4184  IpFilterDriver - ok
15:29:05.0430 4184  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:29:05.0446 4184  iphlpsvc - ok
15:29:05.0446 4184  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:29:05.0461 4184  IPMIDRV - ok
15:29:05.0493 4184  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:29:05.0493 4184  IPNAT - ok
15:29:05.0571 4184  [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:29:05.0586 4184  iPod Service - ok
15:29:05.0617 4184  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:29:05.0617 4184  IRENUM - ok
15:29:05.0633 4184  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:29:05.0633 4184  isapnp - ok
15:29:05.0664 4184  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:29:05.0664 4184  iScsiPrt - ok
15:29:05.0742 4184  [ BA8C6135E6E632139DAC5B34861FCB03 ] ISWKL          C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
15:29:05.0742 4184  ISWKL - ok
15:29:05.0805 4184  [ EEF0D7308C247294389B566A7830B211 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
15:29:05.0820 4184  IswSvc - ok
15:29:05.0836 4184  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:29:05.0836 4184  kbdclass - ok
15:29:05.0883 4184  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:29:05.0883 4184  kbdhid - ok
15:29:05.0898 4184  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
15:29:05.0898 4184  KeyIso - ok
15:29:05.0929 4184  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:29:05.0929 4184  KSecDD - ok
15:29:05.0961 4184  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:29:05.0961 4184  KSecPkg - ok
15:29:05.0992 4184  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
15:29:05.0992 4184  ksthunk - ok
15:29:06.0023 4184  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:29:06.0039 4184  KtmRm - ok
15:29:06.0070 4184  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:29:06.0085 4184  LanmanServer - ok
15:29:06.0117 4184  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:29:06.0117 4184  LanmanWorkstation - ok
15:29:06.0210 4184  [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ        C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:29:06.0226 4184  LBTServ - ok
15:29:06.0257 4184  [ 00BA093A3F316D43A4C3E098A96AE912 ] LEqdUsb        C:\Windows\system32\DRIVERS\LEqdUsb.Sys
15:29:06.0257 4184  LEqdUsb - ok
15:29:06.0304 4184  [ 3067CFAD2BAA4A208130CD0AFB130BC9 ] LHidEqd        C:\Windows\system32\DRIVERS\LHidEqd.Sys
15:29:06.0304 4184  LHidEqd - ok
15:29:06.0335 4184  [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:29:06.0335 4184  LHidFilt - ok
15:29:06.0382 4184  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
15:29:06.0382 4184  lirsgt - ok
15:29:06.0413 4184  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:29:06.0413 4184  lltdio - ok
15:29:06.0460 4184  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:29:06.0460 4184  lltdsvc - ok
15:29:06.0491 4184  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:29:06.0491 4184  lmhosts - ok
15:29:06.0522 4184  [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:29:06.0538 4184  LMouFilt - ok
15:29:06.0569 4184  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:29:06.0569 4184  LSI_FC - ok
15:29:06.0585 4184  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
15:29:06.0585 4184  LSI_SAS - ok
15:29:06.0600 4184  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:29:06.0600 4184  LSI_SAS2 - ok
15:29:06.0616 4184  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:29:06.0631 4184  LSI_SCSI - ok
15:29:06.0647 4184  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
15:29:06.0647 4184  luafv - ok
15:29:06.0678 4184  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
15:29:06.0678 4184  Mcx2Svc - ok
15:29:06.0694 4184  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
15:29:06.0709 4184  megasas - ok
15:29:06.0725 4184  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:29:06.0725 4184  MegaSR - ok
15:29:06.0772 4184  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
15:29:06.0772 4184  MMCSS - ok
15:29:06.0772 4184  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
15:29:06.0772 4184  Modem - ok
15:29:06.0803 4184  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:29:06.0819 4184  monitor - ok
15:29:06.0865 4184  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:29:06.0865 4184  mouclass - ok
15:29:06.0912 4184  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:29:06.0912 4184  mouhid - ok
15:29:06.0943 4184  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:29:06.0943 4184  mountmgr - ok
15:29:07.0021 4184  [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:29:07.0021 4184  MozillaMaintenance - ok
15:29:07.0053 4184  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:29:07.0053 4184  mpio - ok
15:29:07.0084 4184  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:29:07.0084 4184  mpsdrv - ok
15:29:07.0131 4184  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:29:07.0146 4184  MpsSvc - ok
15:29:07.0177 4184  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:29:07.0177 4184  MRxDAV - ok
15:29:07.0209 4184  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:29:07.0209 4184  mrxsmb - ok
15:29:07.0240 4184  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:29:07.0240 4184  mrxsmb10 - ok
15:29:07.0255 4184  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:29:07.0255 4184  mrxsmb20 - ok
15:29:07.0287 4184  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:29:07.0287 4184  msahci - ok
15:29:07.0302 4184  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
15:29:07.0302 4184  msdsm - ok
15:29:07.0318 4184  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
15:29:07.0333 4184  MSDTC - ok
15:29:07.0349 4184  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:29:07.0365 4184  Msfs - ok
15:29:07.0380 4184  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
15:29:07.0380 4184  mshidkmdf - ok
15:29:07.0396 4184  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:29:07.0396 4184  msisadrv - ok
15:29:07.0443 4184  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:29:07.0443 4184  MSiSCSI - ok
15:29:07.0458 4184  msiserver - ok
15:29:07.0474 4184  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:29:07.0489 4184  MSKSSRV - ok
15:29:07.0489 4184  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:29:07.0489 4184  MSPCLOCK - ok
15:29:07.0505 4184  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:29:07.0521 4184  MSPQM - ok
15:29:07.0552 4184  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:29:07.0552 4184  MsRPC - ok
15:29:07.0567 4184  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:29:07.0567 4184  mssmbios - ok
15:29:07.0583 4184  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:29:07.0583 4184  MSTEE - ok
15:29:07.0599 4184  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:29:07.0599 4184  MTConfig - ok
15:29:07.0630 4184  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
15:29:07.0630 4184  Mup - ok
15:29:07.0661 4184  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
15:29:07.0677 4184  napagent - ok
15:29:07.0723 4184  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:29:07.0739 4184  NativeWifiP - ok
15:29:07.0801 4184  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:29:07.0817 4184  NDIS - ok
15:29:07.0848 4184  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
15:29:07.0848 4184  NdisCap - ok
15:29:07.0848 4184  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:29:07.0864 4184  NdisTapi - ok
15:29:07.0879 4184  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:29:07.0895 4184  Ndisuio - ok
15:29:07.0911 4184  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:29:07.0911 4184  NdisWan - ok
15:29:07.0942 4184  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:29:07.0942 4184  NDProxy - ok
15:29:07.0973 4184  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:29:07.0973 4184  NetBIOS - ok
15:29:08.0020 4184  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
15:29:08.0020 4184  NetBT - ok
15:29:08.0035 4184  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
15:29:08.0051 4184  Netlogon - ok
15:29:08.0098 4184  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:29:08.0113 4184  Netman - ok
15:29:08.0160 4184  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:29:08.0160 4184  NetMsmqActivator - ok
15:29:08.0176 4184  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:29:08.0176 4184  NetPipeActivator - ok
15:29:08.0207 4184  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:29:08.0223 4184  netprofm - ok
15:29:08.0223 4184  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:29:08.0223 4184  NetTcpActivator - ok
15:29:08.0238 4184  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:29:08.0238 4184  NetTcpPortSharing - ok
15:29:08.0254 4184  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
15:29:08.0254 4184  nfrd960 - ok
15:29:08.0301 4184  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:29:08.0301 4184  NlaSvc - ok
15:29:08.0347 4184  [ 4903177FC90E77ABEB19021451E9475E ] nmwcd          C:\Windows\system32\drivers\ccdcmbx64.sys
15:29:08.0347 4184  nmwcd - ok
15:29:08.0379 4184  [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
15:29:08.0379 4184  nmwcdc - ok
15:29:08.0410 4184  [ A0E7F80157AF77B1CEAA8ADD3A3E7D85 ] nmwcdnsux64    C:\Windows\system32\drivers\nmwcdnsux64.sys
15:29:08.0425 4184  nmwcdnsux64 - ok
15:29:08.0441 4184  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:29:08.0441 4184  Npfs - ok
15:29:08.0472 4184  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
15:29:08.0488 4184  nsi - ok
15:29:08.0503 4184  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:29:08.0503 4184  nsiproxy - ok
15:29:08.0581 4184  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:29:08.0597 4184  Ntfs - ok
15:29:08.0628 4184  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:29:08.0628 4184  Null - ok
15:29:08.0675 4184  [ CB599955CE2CE9694721562F9481CD84 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
15:29:08.0675 4184  NVHDA - ok
15:29:08.0925 4184  [ 20B30D2EA755699E7420C3F7D10D479A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:29:09.0143 4184  nvlddmkm - ok
15:29:09.0174 4184  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:29:09.0174 4184  nvraid - ok
15:29:09.0205 4184  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:29:09.0205 4184  nvstor - ok
15:29:09.0252 4184  [ 72637C67DE5482B51964508666C764FF ] nvsvc          C:\Windows\system32\nvvsvc.exe
15:29:09.0268 4184  nvsvc - ok
15:29:09.0299 4184  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:29:09.0315 4184  nv_agp - ok
15:29:09.0393 4184  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:29:09.0408 4184  odserv - ok
15:29:09.0424 4184  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:29:09.0439 4184  ohci1394 - ok
15:29:09.0486 4184  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:29:09.0486 4184  ose - ok
15:29:09.0517 4184  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:29:09.0533 4184  p2pimsvc - ok
15:29:09.0549 4184  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:29:09.0564 4184  p2psvc - ok
15:29:09.0595 4184  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
15:29:09.0595 4184  Parport - ok
15:29:09.0627 4184  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:29:09.0642 4184  partmgr - ok
15:29:09.0658 4184  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:29:09.0658 4184  PcaSvc - ok
15:29:09.0720 4184  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:29:09.0736 4184  pccsmcfd - ok
15:29:09.0767 4184  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci            C:\Windows\system32\DRIVERS\pci.sys
15:29:09.0767 4184  pci - ok
15:29:09.0783 4184  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:29:09.0798 4184  pciide - ok
15:29:09.0829 4184  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:29:09.0829 4184  pcmcia - ok
15:29:09.0923 4184  [ B760F68C55B75106372DCA8C141A3510 ] PCPrintLogger  C:\Program Files (x86)\PaperCut Print Logger\pcpl.exe
15:29:09.0923 4184  PCPrintLogger - ok
15:29:09.0939 4184  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
15:29:09.0939 4184  pcw - ok
15:29:09.0970 4184  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:29:09.0985 4184  PEAUTH - ok
15:29:10.0079 4184  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:29:10.0079 4184  PerfHost - ok
15:29:10.0141 4184  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla            C:\Windows\system32\pla.dll
15:29:10.0157 4184  pla - ok
15:29:10.0204 4184  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:29:10.0219 4184  PlugPlay - ok
15:29:10.0251 4184  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
15:29:10.0251 4184  PNRPAutoReg - ok
15:29:10.0282 4184  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
15:29:10.0282 4184  PNRPsvc - ok
15:29:10.0313 4184  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:29:10.0329 4184  PolicyAgent - ok
15:29:10.0360 4184  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
15:29:10.0360 4184  Power - ok
15:29:10.0391 4184  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:29:10.0391 4184  PptpMiniport - ok
15:29:10.0438 4184  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
15:29:10.0438 4184  Processor - ok
15:29:10.0485 4184  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc        C:\Windows\system32\profsvc.dll
15:29:10.0485 4184  ProfSvc - ok
15:29:10.0516 4184  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:29:10.0516 4184  ProtectedStorage - ok
15:29:10.0563 4184  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:29:10.0563 4184  Psched - ok
15:29:10.0609 4184  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:29:10.0641 4184  ql2300 - ok
15:29:10.0672 4184  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:29:10.0672 4184  ql40xx - ok
15:29:10.0781 4184  [ 8422999865E74FAF9C51B684DA405F6A ] QuickPDFTCPService0721 C:\Program Files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe
15:29:10.0812 4184  QuickPDFTCPService0721 - ok
15:29:10.0828 4184  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
15:29:10.0828 4184  QWAVE - ok
15:29:10.0859 4184  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:29:10.0859 4184  QWAVEdrv - ok
15:29:10.0875 4184  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:29:10.0875 4184  RasAcd - ok
15:29:10.0906 4184  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
15:29:10.0906 4184  RasAgileVpn - ok
15:29:10.0921 4184  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
15:29:10.0937 4184  RasAuto - ok
15:29:10.0953 4184  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:29:10.0953 4184  Rasl2tp - ok
15:29:10.0984 4184  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
15:29:10.0999 4184  RasMan - ok
15:29:11.0046 4184  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:29:11.0046 4184  RasPppoe - ok
15:29:11.0046 4184  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:29:11.0062 4184  RasSstp - ok
15:29:11.0077 4184  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:29:11.0077 4184  rdbss - ok
15:29:11.0109 4184  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:29:11.0109 4184  rdpbus - ok
15:29:11.0124 4184  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:29:11.0124 4184  RDPCDD - ok
15:29:11.0155 4184  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:29:11.0155 4184  RDPENCDD - ok
15:29:11.0171 4184  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:29:11.0187 4184  RDPREFMP - ok
15:29:11.0202 4184  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:29:11.0218 4184  RDPWD - ok
15:29:11.0265 4184  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:29:11.0265 4184  rdyboost - ok
15:29:11.0296 4184  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:29:11.0311 4184  RemoteAccess - ok
15:29:11.0343 4184  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:29:11.0343 4184  RemoteRegistry - ok
15:29:11.0389 4184  [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip          C:\Windows\SysWOW64\Rezip.exe
15:29:11.0436 4184  Rezip - ok
15:29:11.0483 4184  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:29:11.0483 4184  RFCOMM - ok
15:29:11.0577 4184  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:29:11.0592 4184  RichVideo - ok
15:29:11.0608 4184  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:29:11.0608 4184  RpcEptMapper - ok
15:29:11.0623 4184  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:29:11.0623 4184  RpcLocator - ok
15:29:11.0670 4184  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs          C:\Windows\system32\rpcss.dll
15:29:11.0670 4184  RpcSs - ok
15:29:11.0701 4184  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:29:11.0701 4184  rspndr - ok
15:29:11.0717 4184  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
15:29:11.0733 4184  RTL8167 - ok
15:29:11.0764 4184  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\Windows\system32\Drivers\SABI.sys
15:29:11.0764 4184  SABI - ok
15:29:11.0779 4184  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs          C:\Windows\system32\lsass.exe
15:29:11.0779 4184  SamSs - ok
15:29:11.0795 4184  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:29:11.0795 4184  sbp2port - ok
15:29:11.0826 4184  SBRE - ok
15:29:11.0873 4184  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:29:11.0873 4184  SCardSvr - ok
15:29:11.0904 4184  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:29:11.0904 4184  scfilter - ok
15:29:11.0951 4184  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
15:29:11.0982 4184  Schedule - ok
15:29:12.0013 4184  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:29:12.0013 4184  SCPolicySvc - ok
15:29:12.0029 4184  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:29:12.0045 4184  SDRSVC - ok
15:29:12.0076 4184  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:29:12.0076 4184  secdrv - ok
15:29:12.0091 4184  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
15:29:12.0107 4184  seclogon - ok
15:29:12.0123 4184  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:29:12.0138 4184  SENS - ok
15:29:12.0154 4184  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:29:12.0154 4184  SensrSvc - ok
15:29:12.0185 4184  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
15:29:12.0185 4184  Serenum - ok
15:29:12.0216 4184  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:29:12.0216 4184  Serial - ok
15:29:12.0247 4184  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:29:12.0247 4184  sermouse - ok
15:29:12.0341 4184  [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:29:12.0357 4184  ServiceLayer - ok
15:29:12.0403 4184  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
15:29:12.0403 4184  SessionEnv - ok
15:29:12.0403 4184  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
15:29:12.0403 4184  sffdisk - ok
15:29:12.0419 4184  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:29:12.0419 4184  sffp_mmc - ok
15:29:12.0435 4184  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
15:29:12.0435 4184  sffp_sd - ok
15:29:12.0466 4184  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
15:29:12.0466 4184  sfloppy - ok
15:29:12.0497 4184  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:29:12.0497 4184  SharedAccess - ok
15:29:12.0513 4184  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:29:12.0528 4184  ShellHWDetection - ok
15:29:12.0544 4184  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:29:12.0544 4184  SiSRaid2 - ok
15:29:12.0559 4184  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:29:12.0559 4184  SiSRaid4 - ok
15:29:12.0606 4184  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
15:29:12.0606 4184  SkypeUpdate - ok
15:29:12.0653 4184  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:29:12.0653 4184  Smb - ok
15:29:12.0715 4184  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:29:12.0731 4184  SNMPTRAP - ok
15:29:12.0747 4184  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
15:29:12.0747 4184  spldr - ok
15:29:12.0809 4184  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler        C:\Windows\System32\spoolsv.exe
15:29:12.0809 4184  Spooler - ok
15:29:12.0934 4184  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:29:12.0965 4184  sppsvc - ok
15:29:12.0996 4184  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
15:29:12.0996 4184  sppuinotify - ok
15:29:13.0027 4184  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:29:13.0043 4184  srv - ok
15:29:13.0074 4184  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:29:13.0074 4184  srv2 - ok
15:29:13.0105 4184  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:29:13.0105 4184  srvnet - ok
15:29:13.0121 4184  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:29:13.0137 4184  SSDPSRV - ok
15:29:13.0152 4184  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:29:13.0152 4184  SstpSvc - ok
15:29:13.0168 4184  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:29:13.0168 4184  stexstor - ok
15:29:13.0215 4184  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
15:29:13.0230 4184  stisvc - ok
15:29:13.0261 4184  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:29:13.0261 4184  swenum - ok
15:29:13.0293 4184  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
15:29:13.0308 4184  swprv - ok
15:29:13.0355 4184  [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
15:29:13.0355 4184  SynTP - ok
15:29:13.0433 4184  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain        C:\Windows\system32\sysmain.dll
15:29:13.0449 4184  SysMain - ok
15:29:13.0464 4184  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:13.0464 4184  TabletInputService - ok
15:29:13.0495 4184  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:29:13.0495 4184  TapiSrv - ok
15:29:13.0527 4184  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
15:29:13.0527 4184  TBS - ok
15:29:13.0605 4184  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:29:13.0636 4184  Tcpip - ok
15:29:13.0667 4184  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:29:13.0683 4184  TCPIP6 - ok
15:29:13.0714 4184  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:29:13.0714 4184  tcpipreg - ok
15:29:13.0745 4184  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:29:13.0745 4184  TDPIPE - ok
15:29:13.0776 4184  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:29:13.0792 4184  TDTCP - ok
15:29:13.0823 4184  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:29:13.0823 4184  tdx - ok
15:29:13.0839 4184  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:29:13.0839 4184  TermDD - ok
15:29:13.0885 4184  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService    C:\Windows\System32\termsrv.dll
15:29:13.0901 4184  TermService - ok
15:29:13.0932 4184  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:29:13.0932 4184  Themes - ok
15:29:13.0963 4184  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
15:29:13.0963 4184  THREADORDER - ok
15:29:13.0979 4184  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:29:13.0995 4184  TrkWks - ok
15:29:14.0041 4184  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:14.0057 4184  TrustedInstaller - ok
15:29:14.0088 4184  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:14.0104 4184  tssecsrv - ok
15:29:14.0135 4184  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:29:14.0135 4184  tunnel - ok
15:29:14.0166 4184  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:29:14.0182 4184  uagp35 - ok
15:29:14.0197 4184  [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:29:14.0197 4184  udfs - ok
15:29:14.0244 4184  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:29:14.0244 4184  UI0Detect - ok
15:29:14.0291 4184  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:29:14.0291 4184  uliagpkx - ok
15:29:14.0322 4184  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
15:29:14.0322 4184  umbus - ok
15:29:14.0353 4184  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:29:14.0353 4184  UmPass - ok
15:29:14.0385 4184  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:29:14.0385 4184  upnphost - ok
15:29:14.0416 4184  [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
15:29:14.0431 4184  upperdev - ok
15:29:14.0463 4184  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
15:29:14.0463 4184  USBAAPL64 - ok
15:29:14.0509 4184  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:14.0509 4184  usbccgp - ok
15:29:14.0541 4184  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:29:14.0541 4184  usbcir - ok
15:29:14.0556 4184  [ 92969BA5AC44E229C55A332864F79677 ] usbehci        C:\Windows\system32\drivers\usbehci.sys
15:29:14.0572 4184  usbehci - ok
15:29:14.0603 4184  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:29:14.0619 4184  usbhub - ok
15:29:14.0634 4184  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci        C:\Windows\system32\drivers\usbohci.sys
15:29:14.0634 4184  usbohci - ok
15:29:14.0681 4184  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:29:14.0681 4184  usbprint - ok
15:29:14.0728 4184  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
15:29:14.0728 4184  usbscan - ok
15:29:14.0775 4184  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\drivers\usbser.sys
15:29:14.0775 4184  usbser - ok
15:29:14.0821 4184  [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
15:29:14.0821 4184  UsbserFilt - ok
15:29:14.0853 4184  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:14.0853 4184  USBSTOR - ok
15:29:14.0884 4184  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
15:29:14.0884 4184  usbuhci - ok
15:29:14.0931 4184  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:29:14.0931 4184  usbvideo - ok
15:29:14.0946 4184  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
15:29:14.0962 4184  UxSms - ok
15:29:14.0977 4184  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
15:29:14.0977 4184  VaultSvc - ok
15:29:15.0009 4184  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:29:15.0009 4184  vdrvroot - ok
15:29:15.0040 4184  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds            C:\Windows\System32\vds.exe
15:29:15.0055 4184  vds - ok
15:29:15.0071 4184  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:15.0087 4184  vga - ok
15:29:15.0102 4184  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:29:15.0102 4184  VgaSave - ok
15:29:15.0118 4184  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
15:29:15.0118 4184  vhdmp - ok
15:29:15.0149 4184  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:29:15.0149 4184  viaide - ok
15:29:15.0180 4184  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:29:15.0180 4184  volmgr - ok
15:29:15.0211 4184  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:29:15.0211 4184  volmgrx - ok
15:29:15.0227 4184  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap        C:\Windows\system32\DRIVERS\volsnap.sys
15:29:15.0243 4184  volsnap - ok
15:29:15.0289 4184  [ 239D8D72730226CD460BDC8CA0A23D43 ] Vsdatant        C:\Windows\system32\DRIVERS\vsdatant.sys
15:29:15.0305 4184  Vsdatant - ok
15:29:15.0367 4184  vsmon - ok
15:29:15.0399 4184  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
15:29:15.0399 4184  vsmraid - ok
15:29:15.0477 4184  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS            C:\Windows\system32\vssvc.exe
15:29:15.0492 4184  VSS - ok
15:29:15.0508 4184  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:29:15.0508 4184  vwifibus - ok
15:29:15.0523 4184  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:29:15.0539 4184  vwififlt - ok
15:29:15.0570 4184  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
15:29:15.0570 4184  vwifimp - ok
15:29:15.0617 4184  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
15:29:15.0633 4184  W32Time - ok
15:29:15.0664 4184  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:29:15.0664 4184  WacomPen - ok
15:29:15.0711 4184  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:29:15.0711 4184  WANARP - ok
15:29:15.0711 4184  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:29:15.0726 4184  Wanarpv6 - ok
15:29:15.0804 4184  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
15:29:15.0820 4184  WatAdminSvc - ok
15:29:15.0898 4184  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
15:29:15.0913 4184  wbengine - ok
15:29:15.0945 4184  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:29:15.0945 4184  WbioSrvc - ok
15:29:15.0976 4184  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:29:15.0991 4184  wcncsvc - ok
15:29:16.0007 4184  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:16.0007 4184  WcsPlugInService - ok
15:29:16.0038 4184  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:29:16.0038 4184  Wd - ok
15:29:16.0085 4184  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:29:16.0085 4184  Wdf01000 - ok
15:29:16.0101 4184  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:29:16.0101 4184  WdiServiceHost - ok
15:29:16.0101 4184  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:29:16.0116 4184  WdiSystemHost - ok
15:29:16.0132 4184  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient      C:\Windows\System32\webclnt.dll
15:29:16.0132 4184  WebClient - ok
15:29:16.0147 4184  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:29:16.0147 4184  Wecsvc - ok
15:29:16.0194 4184  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:29:16.0194 4184  wercplsupport - ok
15:29:16.0225 4184  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:29:16.0241 4184  WerSvc - ok
15:29:16.0257 4184  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:16.0257 4184  WfpLwf - ok
15:29:16.0272 4184  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:29:16.0272 4184  WIMMount - ok
15:29:16.0303 4184  WinDefend - ok
15:29:16.0303 4184  WinHttpAutoProxySvc - ok
15:29:16.0366 4184  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:29:16.0381 4184  Winmgmt - ok
15:29:16.0459 4184  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM          C:\Windows\system32\WsmSvc.dll
15:29:16.0491 4184  WinRM - ok
15:29:16.0506 4184  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:29:16.0522 4184  WinUsb - ok
15:29:16.0553 4184  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:29:16.0569 4184  Wlansvc - ok
15:29:16.0600 4184  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:29:16.0600 4184  WmiAcpi - ok
15:29:16.0631 4184  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:29:16.0647 4184  wmiApSrv - ok
15:29:16.0678 4184  WMPNetworkSvc - ok
15:29:16.0709 4184  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:29:16.0709 4184  WPCSvc - ok
15:29:16.0756 4184  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:29:16.0756 4184  WPDBusEnum - ok
15:29:16.0771 4184  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:29:16.0787 4184  ws2ifsl - ok
15:29:16.0818 4184  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:29:16.0818 4184  wscsvc - ok
15:29:16.0818 4184  WSearch - ok
15:29:16.0912 4184  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:29:16.0943 4184  wuauserv - ok
15:29:16.0959 4184  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:29:16.0959 4184  WudfPf - ok
15:29:17.0005 4184  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:17.0005 4184  WUDFRd - ok
15:29:17.0037 4184  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:29:17.0052 4184  wudfsvc - ok
15:29:17.0083 4184  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:29:17.0099 4184  WwanSvc - ok
15:29:17.0146 4184  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7        C:\Windows\system32\DRIVERS\yk62x64.sys
15:29:17.0146 4184  yukonw7 - ok
15:29:17.0177 4184  ================ Scan global ===============================
15:29:17.0208 4184  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:29:17.0239 4184  [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
15:29:17.0255 4184  [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
15:29:17.0286 4184  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:29:17.0317 4184  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:29:17.0333 4184  [Global] - ok
15:29:17.0333 4184  ================ Scan MBR ==================================
15:29:17.0333 4184  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
15:29:17.0723 4184  \Device\Harddisk0\DR0 - ok
15:29:18.0222 4184  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
15:29:18.0238 4184  \Device\Harddisk1\DR1 - ok
15:29:18.0238 4184  ================ Scan VBR ==================================
15:29:18.0238 4184  [ B1E885D209E9A70792A97237D500216C ] \Device\Harddisk0\DR0\Partition1
15:29:18.0238 4184  \Device\Harddisk0\DR0\Partition1 - ok
15:29:18.0269 4184  [ E303A152C36609040DB4EC2867FCC51F ] \Device\Harddisk0\DR0\Partition2
15:29:18.0269 4184  \Device\Harddisk0\DR0\Partition2 - ok
15:29:18.0285 4184  [ BD458F90EAD9440BA08D40C7D2730B18 ] \Device\Harddisk0\DR0\Partition3
15:29:18.0300 4184  \Device\Harddisk0\DR0\Partition3 - ok
15:29:18.0300 4184  [ E1FED948054EFF06949C1C40487FA33D ] \Device\Harddisk1\DR1\Partition1
15:29:18.0316 4184  \Device\Harddisk1\DR1\Partition1 - ok
15:29:18.0316 4184  ============================================================
15:29:18.0316 4184  Scan finished
15:29:18.0316 4184  ============================================================
15:29:18.0331 2636  Detected object count: 0
15:29:18.0331 2636  Actual detected object count: 0
15:32:00.0760 3196  Deinitialize success

kira 03.11.2012 22:04
1.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!

2.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows 2000 (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise
  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte vorher fragen.
  • Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
    Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

v2rahn 10.11.2012 16:23
Hallo kira,

ich habe dieses Wochenende Zeit, meine Backups zu überprüfen und den nächsten Schritt durchzuführen. Dazu eine kurze Frage:

Ich habe auf Laufwerk C: nur das Betriebssystem und installierte Software, auf D: nur Dateien, Musik, Bilder sowie einen Ordner mit heruntergeladener Software, die ich aber nie dort installiere. C und D sind Partitionen derselben Festplatte im Laptop. Die externe USB-Festplatte F: dient als Backup für D:. Ich kann sie für die nachfolgenden Tests abtrennen.

Ist es OK, nur Daten auf C: sichern, z.B. Mailordner, Profile, Spielstände u.ä.? Oder besteht bei der Nutzung von Combofix auch eine Gefahr für D: ?

kira 11.11.2012 08:55
alle Wichtige Daten sichern! unabhängig davon, ob auf C oder D liegen

v2rahn 16.11.2012 00:04
Hier nun endlich die beiden ComboFix-Logs:

log.txt:
Combofix Logfile:
Code:
ComboFix 12-11-15.01 - Rahn 15.11.2012  23:23:26.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3950.2372 [GMT 1:00]
ausgeführt von:: c:\users\Rahn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-15 bis 2012-11-15  ))))))))))))))))))))))))))))))
.
.
2012-11-15 22:34 . 2012-11-15 22:34        --------        d-----w-        c:\users\Kids\AppData\Local\temp
2012-11-15 22:34 . 2012-11-15 22:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-11 15:28 . 2012-11-11 15:47        --------        d-----w-        c:\users\Rahn\AppData\Roaming\GameSave Manager 3
2012-11-04 15:30 . 2012-11-04 15:30        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-04 15:29 . 2012-11-04 15:29        --------        d-----w-        c:\users\Kids\AppData\Roaming\Logishrd
2012-11-04 15:28 . 2012-11-04 15:28        --------        d-----w-        c:\users\Kids\AppData\Local\Apple Computer
2012-11-04 15:28 . 2012-11-04 15:28        --------        d-----w-        c:\users\Kids\AppData\Roaming\AVG2013
2012-11-04 15:28 . 2012-11-04 15:28        --------        d-----w-        c:\users\Kids\AppData\Local\Avg2013
2012-11-04 12:48 . 2012-08-21 12:01        33240        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-04 12:47 . 2012-11-04 12:48        --------        d-----w-        c:\program files\iTunes
2012-11-04 12:47 . 2012-11-04 12:48        --------        d-----w-        c:\program files (x86)\iTunes
2012-11-04 12:47 . 2012-11-04 12:47        --------        d-----w-        c:\program files\iPod
2012-10-29 18:59 . 2012-10-29 18:59        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2012-10-28 11:46 . 2012-09-24 22:16        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-28 11:10 . 2012-10-28 11:10        --------        d-----w-        C:\_OTL
2012-10-27 09:32 . 2012-10-27 09:32        --------        d-----w-        c:\program files\CCleaner
2012-10-22 12:02 . 2012-10-22 12:02        154464        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-19 19:23 . 2012-10-19 19:23        --------        d-----w-        c:\users\Rahn\AppData\Local\Nokia
2012-10-19 19:23 . 2012-10-19 19:25        --------        d-----w-        c:\users\Rahn\AppData\Roaming\PC Suite
2012-10-19 19:23 . 2012-10-19 19:24        --------        d-----w-        c:\programdata\PC Suite
2012-10-19 19:22 . 2012-10-25 18:48        --------        d-----w-        c:\programdata\Nokia
2012-10-19 19:22 . 2012-10-19 19:22        --------        d-----w-        c:\program files\DIFX
2012-10-19 19:22 . 2012-06-27 13:18        26112        ----a-w-        c:\windows\system32\drivers\pccsmcfdx64.sys
2012-10-19 19:21 . 2012-10-19 19:21        --------        d-----w-        c:\program files (x86)\PC Connectivity Solution
2012-10-19 19:19 . 2012-10-25 18:48        --------        d-----w-        c:\program files (x86)\Nokia
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 21:16 . 2012-10-16 21:16        330240        ----a-w-        c:\windows\PICSUninstall.exe
2012-10-15 02:48 . 2012-10-15 02:48        63328        ----a-w-        c:\windows\system32\drivers\avgidsha.sys
2012-10-10 21:43 . 2010-02-16 20:12        65309168        ----a-w-        c:\windows\system32\MRT.exe
2012-10-10 15:46 . 2012-04-02 18:44        696760        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 15:46 . 2011-05-31 19:58        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-05 02:32 . 2012-10-05 02:32        111456        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 01:30 . 2012-10-02 01:30        185696        ----a-w-        c:\windows\system32\drivers\avgldx64.sys
2012-09-29 17:54 . 2011-10-03 10:19        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-21 01:46 . 2012-09-21 01:46        200032        ----a-w-        c:\windows\system32\drivers\avgtdia.sys
2012-09-21 01:46 . 2012-09-21 01:46        225120        ----a-w-        c:\windows\system32\drivers\avgloga.sys
2012-09-20 15:02 . 2012-09-20 15:02        1832760        ----a-w-        c:\windows\system32\LogiLDA.DLL
2012-09-14 19:23 . 2012-10-10 20:30        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 20:30        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-09-14 01:05 . 2012-09-14 01:05        40800        ----a-w-        c:\windows\system32\drivers\avgrkx64.sys
2012-08-31 20:03 . 2012-04-30 16:24        821736        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-08-31 20:03 . 2010-07-23 06:21        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-08-30 18:11 . 2012-10-10 20:30        5505904        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-08-30 17:18 . 2012-10-10 20:30        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18 . 2012-10-10 20:30        3902832        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 20:30        220160        ----a-w-        c:\windows\system32\wintrust.dll
2012-08-24 17:10 . 2012-10-10 20:30        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 13:19        17810944        ----a-w-        c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 13:19        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 13:20        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 13:20        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 13:20        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 13:20        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 13:20        237056        ----a-w-        c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 13:19        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 13:20        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 13:19        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 13:19        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 13:19        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 13:20        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 13:20        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 13:20        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 13:20        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 13:19        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 13:20        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 13:20        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 13:20        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 13:20        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 13:20        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-08-21 12:01 . 2011-12-25 12:00        125872        ----a-w-        c:\windows\system32\GEARAspi64.dll
2012-08-21 12:01 . 2011-12-25 12:00        106928        ----a-w-        c:\windows\SysWow64\GEARAspi.dll
2012-08-18 11:19 . 2012-10-28 12:01        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANQAxADkAOQAyADQANAAzADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA&prod=90&ver=9.0.872" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VideoCam Suite.lnk - c:\program files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-9-19 349600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders        credssp.dll, IqlurcIjlocn.dll
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 iComp;TerraTec G5 service;c:\windows\system32\DRIVERS\p2usbhum.sys [2009-12-09 1794112]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-06-11 171008]
R3 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-08-30 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-08-30 827560]
S2 PCPrintLogger;PaperCut Print Logger;c:\program files (x86)\PaperCut Print Logger\pcpl.exe PCPrintLogger [x]
S2 QuickPDFTCPService0721;Quick PDF Tools Background Service;c:\program files (x86)\Quick PDF Tools\QuickPDFTCP0721.exe [2010-08-13 1918464]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-14 9644576]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-05 16407656]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2012-09-22 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2012-10-03 22:09; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2012-10-12 21:31; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\Rahn\AppData\Roaming\Mozilla\Firefox\Profiles\7llixhm3.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-31915867.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ISW - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-15  23:46:38
ComboFix-quarantined-files.txt  2012-11-15 22:46
.
Vor Suchlauf: 13 Verzeichnis(se), 75.315.605.504 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 74.691.170.304 Bytes frei
.
- - End Of File - - 593427FC8E4B77CC8185590A0B640E30
--- --- ---


Add-Remove Programs.txt:
Code:
Update for Microsoft Office 2007 (KB2508958)
AAVUpdateManager
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Reader X (10.1.4) - Deutsch
Apple Application Support
Apple Software Update
Atheros Client Installation Program
BatteryLifeExtender
Biet-O-Matic v2.14.8
Cam4you utilities
Canon iP2700 series Benutzerregistrierung
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
ChargeableUSB
Compatibility Pack für 2007 Office System
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
DCIMImport 2.0.0.70
Die*Sims*Mittelalter
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EclipseCrossword
eReg
Exact Audio Copy 1.0beta1
FastStone Image Viewer 4.0
FastStone Photo Resizer 2.9
File Uploader
Firebird SQL Server - MAGIX Edition
Geheimakte Tunguska
GIMP 2.6.8
InfoBibliothek 2
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
MAGIX Filme auf DVD TerraTec deluxe Edition 7.0.3.8 (D)
MAGIX Online Druck Service
MAGIX Screenshare
Malwarebytes Anti-Malware Version 1.65.1.1000
Marvell Miniport Driver
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC100_CRT_SP1_x86
MozBackup 1.4.10
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.2 (x86 de)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBee
Nikon Message Center
Nikon Transfer
Nokia Connectivity Cable Driver
PaperCut Print Logger 1.8
PC Connectivity Solution
pdfsam
PrimoPDF -- brought to you by Nitro PDF Software
Quick PDF Tools 2.1.6.1
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung R-Series
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SimCity 4 Deluxe
Skype™ 5.10
SmartTrainer
Steuer-Spar-Erklärung Plus 2011
Steuer-Spar-Erklärung Plus 2012
StreamTransport version: 1.0.2.2171
TerraTec G5 V6.270.13.00
TheLastRipper 1.4
TIPP10 Version 2.1.0
TV-Browser 3.2
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
User Guide
VideoCam Suite 3.0
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Movie Maker 2.6
WinMerge 2.12.4
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
Ob sich am Problem etwas geändert hat, kann ich so kurz nach dem ComboFix-Lauf noch nicht sagen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:59 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132