Trojaner-Board - trjoan:win32/reveton!ink

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - trjoan:win32/reveton!ink (https://www.trojaner-board.de/128340-trjoan-win32-reveton-ink.html)

trjoan:win32/reveton!ink

Hallo liebe Leute,

um es schnell zu machen, ich habe mir vor ca. 1 Stunde den im Betreff genannten Virus eingefangen. Ich habe das bemerkt als mein Windows Essential laut aufgeheult hatte. Bisher hatte ich keine Virenprobleme und hoffte das diese Meldung auch schnell Geschichte sein könnte-Fehlanzeige.
Ich google schon die ganze Zeit und komm genau auf zwei Seiten. Einmal bei Avira und einmal bei euch.Bei der ersten Seite sollte ich eine Live-CD erstellen und meinen Laptop neu booten. CD ist erstellt aber das Booten trau ich mich noch nicht, da ich im Moment Datensicherung betreibe. Ich stecke grad noch mitten in den Abgaben stecke und all meine bisherigen Arbeiten noch auf dem Laptop sind...... lange Rede und so.
Folgendes ist nach der Erkennung passiert. Essential hat die Sache bereiningt und wollte einen Neustart. Dies habe ich mich nicht getraut. Irgendwie sagt mir mein Gefühl dass es das dann gewesen sein könnte mit meinem Laptop.

trjoan:win32/reveton!ink nennt sich das Teil was ich bisher gefunden habe. Nun habe ich mir wie in euerer Anlietung das Programm Malwarebytes runtergeladen und lass diese grad durchlaufen. Ich hab das auch schon mit den Protokollen verstanden. Nun hoffe ich das ihr mir weiterhelfen könnt?!

Betriebssystem: Win7 64bit

MfG, Thekenputzer.

Hi
öffne MSE und poste die Fundmeldung.
Malwarebytes erst mal abbrechen, außer der Scan ist durch, dann Log posten.
außerdem:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

C:\Windows\system32\*.tsp

/md5start

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

explorer.exe

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\*.dll /lockedfiles

%USERPROFILE%\*.*

%USERPROFILE%\Local Settings\Temp\*.exe

%USERPROFILE%\Local Settings\Temp\*.dll

%USERPROFILE%\Application Data\*.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

MSE Meldung:

Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente:
containerfile:C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
file:C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
file:C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk->[CMDEmbedded]
startup:C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

Ok, dann weiter mit OTL bitte

OTL Logfile:

Code:

OTL logfile created on: 19.12.2012 20:07:02 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thekenputzer\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,86 Gb Total Physical Memory | 3,73 Gb Available Physical Memory | 47,48% Memory free

15,71 Gb Paging File | 11,19 Gb Available in Paging File | 71,22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450,66 Gb Total Space | 234,92 Gb Free Space | 52,13% Space Free | Partition Type: NTFS

Drive E: | 3,69 Gb Total Space | 0,02 Gb Free Space | 0,47% Space Free | Partition Type: FAT32

Drive F: | 931,28 Gb Total Space | 83,30 Gb Free Space | 8,94% Space Free | Partition Type: FAT32

 

Computer Name: THEKENPUTZER-PC | User Name: Thekenputzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.12.19 20:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thekenputzer\Desktop\OTL.exe

PRC - [2012.12.12 02:38:27 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

PRC - [2012.12.06 12:35:24 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

PRC - [2012.11.29 09:27:34 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2012.09.20 14:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

PRC - [2012.08.08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thekenputzer\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.01.18 14:31:24 | 025,624,576 | ---- | M] (Schomäcker GmbH) -- C:\Program Files (x86)\Q Pilot - Client\Service\QPilot-Client-Service.exe

PRC - [2012.01.18 14:28:56 | 029,445,120 | ---- | M] (Schomäcker GmbH) -- C:\Program Files (x86)\Q Pilot - Client\GUI\QPilot-Client-GUI.exe

PRC - [2011.11.27 05:57:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.02.24 05:54:40 | 001,078,352 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2011.02.24 05:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2011.02.24 05:54:40 | 000,332,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010.12.29 13:56:22 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

PRC - [2010.12.29 13:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

PRC - [2010.12.09 21:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

PRC - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

PRC - [2010.11.12 02:21:36 | 000,296,768 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

PRC - [2010.10.25 14:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

PRC - [2010.09.28 04:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

PRC - [2010.09.18 01:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2010.09.18 01:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.09.14 03:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010.03.27 04:01:26 | 014,090,688 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe

PRC - [2010.03.26 20:05:34 | 003,342,784 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exe

PRC - [2010.02.22 03:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.12.12 02:38:26 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

MOD - [2012.12.06 12:35:25 | 002,240,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

MOD - [2012.12.06 12:35:25 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

MOD - [2012.12.06 12:35:25 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

MOD - [2012.11.29 09:27:37 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012.11.16 20:22:19 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\54d19fac3bfc693f87db68571844895a\IAStorCommon.ni.dll

MOD - [2012.11.16 20:22:18 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d1a34ee93168657925ce2cfc68d8b63c\IAStorUtil.ni.dll

MOD - [2012.11.16 15:15:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll

MOD - [2012.11.16 15:14:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012.11.16 15:13:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012.11.16 15:13:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll

MOD - [2012.11.16 15:13:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll

MOD - [2012.11.16 15:12:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll

MOD - [2012.11.16 15:12:51 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012.11.16 15:12:32 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

MOD - [2012.10.03 18:39:00 | 000,355,328 | ---- | M] () -- c:\progra~2\wxdown~1\sprote~1.dll

MOD - [2012.05.07 10:46:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2011.09.16 02:29:34 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\zip.dll

MOD - [2011.09.16 02:27:26 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\java.dll

MOD - [2011.09.16 02:27:20 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Q Pilot - Client\Common\Java\bin\jetvm\jvm.dll

MOD - [2011.09.16 02:26:50 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\Q Pilot - Client\Common\Java\jetrt\baseline760.dll

MOD - [2010.12.29 13:56:18 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

MOD - [2010.12.29 13:56:16 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.11.12 02:22:22 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

MOD - [2010.10.25 14:15:46 | 000,123,904 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_de\AcroIEFavClient.DEU

MOD - [2010.10.25 14:15:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu

MOD - [2010.03.27 04:01:30 | 000,058,816 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\SPBasic.dll

MOD - [2010.03.27 04:00:08 | 000,070,592 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Alcid.dll

MOD - [2010.03.26 20:09:12 | 000,095,680 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\unihan.dll

MOD - [2010.03.26 20:07:30 | 000,121,792 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\PMFileReader.dll

MOD - [2010.03.26 20:04:14 | 000,040,896 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\boost_threads.dll

MOD - [2010.03.26 20:04:06 | 000,018,368 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\boost_system.dll

MOD - [2010.03.26 20:03:58 | 000,654,784 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\boost_regex.dll

MOD - [2010.03.26 20:03:52 | 000,072,128 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\boost_filesystem.dll

MOD - [2010.03.26 20:02:46 | 000,061,888 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\ASLSupport.dll

MOD - [2010.03.26 20:02:10 | 000,046,016 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\ALDVM32CJK.dll

MOD - [2010.03.26 20:02:04 | 000,051,136 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\ALDFS32CJK.dll

MOD - [2010.02.22 03:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll

MOD - [2010.02.04 02:00:18 | 000,378,848 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\Plug-ins\Filters\Sangam Readers\Reader For PageMaker.smrd

MOD - [2008.12.13 08:47:26 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe InDesign CS5\tbbmalloc.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2012.11.29 16:06:08 | 000,037,216 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)

SRV:64bit: - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2012.05.07 21:44:35 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2011.02.22 20:52:54 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)

SRV:64bit: - [2011.01.06 14:32:14 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2010.10.08 01:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009.10.09 13:25:24 | 000,713,488 | ---- | M] (CANON INC) [Auto | Running] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor)

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2008.12.08 07:29:24 | 000,210,944 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Windows\SysNative\cnwiols6.exe -- (iPFDeviceAgentService)

SRV - [2012.12.12 02:38:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.12.05 15:02:29 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012.11.29 16:06:08 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)

SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012.09.20 14:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)

SRV - [2012.05.07 01:20:42 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.12.19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)

SRV - [2011.11.27 05:57:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.02.24 05:54:40 | 000,347,216 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2011.02.02 13:08:16 | 000,018,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)

SRV - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2011.01.20 17:23:22 | 000,076,448 | ---- | M] (Atheros Commnucations) [Disabled | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)

SRV - [2010.11.12 02:21:52 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2010.09.28 03:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010.09.14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.12.19 19:17:45 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vdzxkyfz.sys -- (vdzxkyfz)

DRV:64bit: - [2012.12.19 19:17:26 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\gqnzvnoh.sys -- (gqnzvnoh)

DRV:64bit: - [2012.12.19 18:15:49 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\rcpcjwxv.sys -- (rcpcjwxv)

DRV:64bit: - [2012.12.19 18:15:23 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\gocwqspf.sys -- (gocwqspf)

DRV:64bit: - [2012.12.19 17:57:09 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fxkgnyci.sys -- (fxkgnyci)

DRV:64bit: - [2012.12.19 17:56:53 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\glrmycqo.sys -- (glrmycqo)

DRV:64bit: - [2012.12.19 17:55:55 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\emxjpqhq.sys -- (emxjpqhq)

DRV:64bit: - [2012.12.19 17:55:45 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\yixjicbi.sys -- (yixjicbi)

DRV:64bit: - [2012.12.19 17:51:55 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\qglvyrbb.sys -- (qglvyrbb)

DRV:64bit: - [2012.12.19 17:51:39 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\jfxxtkdr.sys -- (jfxxtkdr)

DRV:64bit: - [2012.12.19 17:51:07 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\nxfdbfth.sys -- (nxfdbfth)

DRV:64bit: - [2012.12.19 17:50:49 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wbrmnyts.sys -- (wbrmnyts)

DRV:64bit: - [2012.12.19 16:57:45 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\frzgezkd.sys -- (frzgezkd)

DRV:64bit: - [2012.12.19 16:57:22 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\gijdesuw.sys -- (gijdesuw)

DRV:64bit: - [2012.12.19 16:56:38 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hahdheiq.sys -- (hahdheiq)

DRV:64bit: - [2012.12.19 16:56:14 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uwhbwwpg.sys -- (uwhbwwpg)

DRV:64bit: - [2012.12.19 16:55:33 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wpcbdkxi.sys -- (wpcbdkxi)

DRV:64bit: - [2012.12.19 16:55:08 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tslghqlz.sys -- (tslghqlz)

DRV:64bit: - [2012.12.19 16:54:35 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\chhlykpf.sys -- (chhlykpf)

DRV:64bit: - [2012.12.19 16:54:12 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\lqgbbwap.sys -- (lqgbbwap)

DRV:64bit: - [2012.12.19 16:53:19 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ghclvpvd.sys -- (ghclvpvd)

DRV:64bit: - [2012.12.19 16:53:07 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\zepzkghl.sys -- (zepzkghl)

DRV:64bit: - [2012.12.19 16:52:23 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ancfcpnc.sys -- (ancfcpnc)

DRV:64bit: - [2012.12.19 16:52:08 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\qxqfjazw.sys -- (qxqfjazw)

DRV:64bit: - [2012.12.19 16:51:56 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\copfklkc.sys -- (copfklkc)

DRV:64bit: - [2012.12.19 16:51:48 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bkjqolip.sys -- (bkjqolip)

DRV:64bit: - [2012.12.19 16:51:36 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ajdkoffx.sys -- (ajdkoffx)

DRV:64bit: - [2012.12.19 16:51:26 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hopiytqi.sys -- (hopiytqi)

DRV:64bit: - [2012.12.19 16:51:04 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mbmterxp.sys -- (mbmterxp)

DRV:64bit: - [2012.12.19 16:50:55 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wqcesqrn.sys -- (wqcesqrn)

DRV:64bit: - [2012.12.19 16:50:38 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\oeugmqcs.sys -- (oeugmqcs)

DRV:64bit: - [2012.12.19 16:50:25 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fvenempu.sys -- (fvenempu)

DRV:64bit: - [2012.12.19 16:50:14 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ujzrngzc.sys -- (ujzrngzc)

DRV:64bit: - [2012.12.19 16:50:01 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\phzrxlue.sys -- (phzrxlue)

DRV:64bit: - [2012.12.19 16:49:51 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mvatfxtx.sys -- (mvatfxtx)

DRV:64bit: - [2012.12.19 16:49:42 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kzjslsqz.sys -- (kzjslsqz)

DRV:64bit: - [2012.12.19 16:48:36 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hsphsdak.sys -- (hsphsdak)

DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.19 11:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011.11.29 05:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2011.11.27 05:57:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011.10.26 13:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)

DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011.06.02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)

DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2011.02.22 14:32:05 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011.02.22 14:32:05 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011.02.22 14:32:05 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011.01.27 17:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.01.20 17:23:52 | 000,279,200 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011.01.20 17:23:52 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011.01.20 17:23:52 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011.01.20 17:23:50 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011.01.20 17:23:50 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011.01.20 17:23:50 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011.01.20 17:23:50 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011.01.20 17:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)

DRV:64bit: - [2011.01.20 17:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)

DRV:64bit: - [2011.01.19 19:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)

DRV:64bit: - [2011.01.17 14:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2011.01.13 17:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)

DRV:64bit: - [2010.12.21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2010.12.21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2010.12.21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.09 11:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010.10.08 01:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010.09.14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.07.29 14:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.07.09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2010.04.20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)

DRV - [2011.10.26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4dcbf78d-0f41-49e2-a2ba-d4a9f94857cb&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4dcbf78d-0f41-49e2-a2ba-d4a9f94857cb&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IEAUTOTB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4dcbf78d-0f41-49e2-a2ba-d4a9f94857cb&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4dcbf78d-0f41-49e2-a2ba-d4a9f94857cb&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4dcbf78d-0f41-49e2-a2ba-d4a9f94857cb&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE - HKCU\..\SearchScopes\{230F2068-35E8-44BF-A41F-EA3D19B25EF4}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937

IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=ABEAEF63B4866E31AB3D2D508656B915&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaultenginename,S: S", ""

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.order.1,S: S", ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.selectedEngine,S: S", ""

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

FF - prefs.js..keyword.URL: ""

FF - prefs.js..browser.startup.homepage: ""

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.05.07 01:17:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.05.07 10:47:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.05.07 11:03:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.19 10:47:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 15:01:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 12:35:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.06 12:35:09 | 000,000,000 | ---D | M]

 

[2012.12.19 10:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thekenputzer\AppData\Roaming\mozilla\Extensions

[2012.12.19 17:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thekenputzer\AppData\Roaming\mozilla\Firefox\Profiles\rnvs4wkq.default\extensions

[2012.12.19 17:10:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Thekenputzer\AppData\Roaming\mozilla\firefox\profiles\rnvs4wkq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.12.19 10:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.12.05 15:01:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.11.29 09:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.10.23 09:35:44 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

[2012.11.29 09:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.11.29 09:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 

O1 HOSTS File: ([2012.05.07 10:37:16 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)

O4:64bit: - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe (GFI Software)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [QPilotClientGUI] C:\Program Files (x86)\Q Pilot - Client\GUI\QPilot-Client-GUI.exe (Schomäcker GmbH)

O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)

O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)

O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thekenputzer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk =  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thekenputzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thekenputzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A9F1101-C8F4-4614-ADA8-351B78D7E4C2}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF128861-08F4-4EB0-9F20-528CB43E6765}: DhcpNameServer = 10.12.74.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (c:\progra~2\wxdown~1\sprote~1.dll) - c:\progra~2\wxdown~1\sprote~1.dll ()

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O27:64bit: - HKLM IFEO\3dsmax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\ltu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\m3gplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\main.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\maxfind.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\nusb3utl.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\webcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\win7ui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\3dsmax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\ltu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\m3gplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\main.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\maxfind.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\nusb3utl.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\webcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\win7ui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.05.07 23:06:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{ca2b987f-f867-11e1-8ecd-ec55f9a428a1}\Shell - "" = AutoRun

O33 - MountPoints2\{ca2b987f-f867-11e1-8ecd-ec55f9a428a1}\Shell\AutoRun\command - "" = F:\HPLauncher.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.12.19 20:05:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Thekenputzer\Desktop\OTL.exe

[2012.12.19 19:17:45 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vdzxkyfz.sys

[2012.12.19 19:17:26 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gqnzvnoh.sys

[2012.12.19 18:30:23 | 000,000,000 | ---D | C] -- C:\Users\Thekenputzer\AppData\Roaming\Malwarebytes

[2012.12.19 18:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.12.19 18:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.12.19 18:29:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.12.19 18:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.12.19 18:15:47 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rcpcjwxv.sys

[2012.12.19 18:15:22 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gocwqspf.sys

[2012.12.19 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.12.19 17:57:09 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxkgnyci.sys

[2012.12.19 17:56:53 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\glrmycqo.sys

[2012.12.19 17:55:55 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\emxjpqhq.sys

[2012.12.19 17:55:45 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\yixjicbi.sys

[2012.12.19 17:51:55 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\qglvyrbb.sys

[2012.12.19 17:51:39 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\jfxxtkdr.sys

[2012.12.19 17:51:07 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nxfdbfth.sys

[2012.12.19 17:50:49 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wbrmnyts.sys

[2012.12.19 16:57:45 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\frzgezkd.sys

[2012.12.19 16:57:22 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gijdesuw.sys

[2012.12.19 16:56:38 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hahdheiq.sys

[2012.12.19 16:56:14 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\uwhbwwpg.sys

[2012.12.19 16:55:33 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wpcbdkxi.sys

[2012.12.19 16:55:08 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tslghqlz.sys

[2012.12.19 16:54:34 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\chhlykpf.sys

[2012.12.19 16:54:12 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lqgbbwap.sys

[2012.12.19 16:53:19 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ghclvpvd.sys

[2012.12.19 16:53:07 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zepzkghl.sys

[2012.12.19 16:52:23 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ancfcpnc.sys

[2012.12.19 16:52:08 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\qxqfjazw.sys

[2012.12.19 16:51:56 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\copfklkc.sys

[2012.12.19 16:51:48 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bkjqolip.sys

[2012.12.19 16:51:36 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ajdkoffx.sys

[2012.12.19 16:51:26 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hopiytqi.sys

[2012.12.19 16:51:04 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mbmterxp.sys

[2012.12.19 16:50:55 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wqcesqrn.sys

[2012.12.19 16:50:38 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\oeugmqcs.sys

[2012.12.19 16:50:24 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvenempu.sys

[2012.12.19 16:50:14 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ujzrngzc.sys

[2012.12.19 16:50:01 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\phzrxlue.sys

[2012.12.19 16:49:50 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mvatfxtx.sys

[2012.12.19 16:49:42 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\kzjslsqz.sys

[2012.12.19 16:48:36 | 000,049,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hsphsdak.sys

[2012.12.19 16:47:08 | 000,249,856 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Thekenputzer\wgsdgsdgdsgsd.dll

[2012.12.19 16:46:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012.12.19 12:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012.12.19 12:51:49 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012.12.19 12:51:49 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012.12.19 10:48:19 | 000,000,000 | ---D | C] -- C:\Users\Thekenputzer\AppData\Roaming\Mozilla

[2012.12.18 17:19:22 | 000,000,000 | ---D | C] -- C:\Users\Thekenputzer\Desktop\Kom Kraft-dwg

[2012.12.17 13:21:00 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2012.12.17 13:20:59 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2012.12.17 13:20:58 | 000,037,216 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2012.12.17 13:20:57 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2012.12.14 12:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.12.14 12:45:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012.12.14 09:22:58 | 000,000,000 | ---D | C] -- C:\Users\Thekenputzer\Desktop\Zwischenpräsi Produkt

[2012.12.13 10:40:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WxDownload

[2012.12.13 10:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\wxDownload

[2012.12.13 10:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDownload

[2012.12.13 10:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2012.12.13 09:01:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.12.13 09:01:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.12.13 09:01:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.12.13 09:01:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.12.13 09:01:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.12.13 09:01:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.12.13 09:01:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.12.13 09:01:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.12.13 09:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.12.13 09:01:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.12.13 09:01:09 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.12.13 09:01:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012.12.13 09:01:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.12.13 09:01:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.12.13 09:01:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012.12.12 21:22:33 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012.12.12 21:22:33 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012.12.12 21:22:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012.12.12 21:22:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012.12.12 21:21:56 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012.12.12 21:21:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012.12.12 21:21:51 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012.12.12 21:21:51 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012.12.12 21:21:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012.12.12 21:21:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012.12.12 21:21:40 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012.12.12 21:21:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012.12.12 21:21:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012.12.12 21:21:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012.12.12 21:21:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012.12.12 21:21:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012.12.12 21:21:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.12.12 21:21:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.12.12 21:21:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.12.12 21:21:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.12.12 21:21:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.12.12 21:21:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.12.12 21:21:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.12.12 21:21:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.12.12 21:21:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.12.12 21:21:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.12.12 21:21:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.12.12 21:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.12.12 21:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.12.12 21:21:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.12.12 21:21:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.12.12 21:21:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.12.12 21:21:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.12.12 21:21:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.12.12 21:21:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.12.12 21:21:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.12.12 21:21:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.12.12 21:21:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.12.12 21:21:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.12.12 21:21:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.12.12 21:21:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.12.12 21:21:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.12.12 21:21:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.12.12 21:21:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.12.12 21:21:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.12.12 21:21:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.12.12 21:21:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.12.12 21:21:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.12.12 21:21:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.12.12 21:21:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.12.12 21:21:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.12.12 21:21:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.12.12 21:21:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.12.12 21:21:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.12.12 21:21:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.12.12 21:21:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.12.12 21:21:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.12.12 21:21:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.12.12 21:21:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.12.12 21:21:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.12.12 21:21:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.12.12 21:21:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.12.12 21:21:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.12.12 21:21:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.12.12 21:21:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.12.12 21:21:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.12.12 21:21:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.12.12 21:21:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.12.12 21:21:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.12.12 21:21:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.12.12 21:21:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.12.12 21:21:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.12.12 21:21:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012.12.12 21:21:04 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll

[2012.12.12 21:21:03 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll

[2012.12.07 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes

[2012.12.06 12:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2012.12.05 15:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.11.26 13:07:30 | 000,000,000 | ---D | C] -- C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Para 3d

[2012.11.26 13:07:25 | 000,000,000 | ---D | C] -- C:\Windows\Para 3d

[2012.11.26 12:21:06 | 000,000,000 | ---D | C] -- C:\Users\Thekenputzer\Desktop\Para_2.8_FH_02

[2012.11.22 09:29:30 | 000,000,000 | ---D | C] -- C:\Users\Thekenputzer\Desktop\Metall origami

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.12.19 20:09:27 | 006,766,269 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\Endplan.pdf

[2012.12.19 20:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thekenputzer\Desktop\OTL.exe

[2012.12.19 19:56:21 | 000,000,000 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\~portfolio~o88l6u.idlk

[2012.12.19 19:26:08 | 000,001,205 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\Console.lnk

[2012.12.19 19:22:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.12.19 19:17:45 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vdzxkyfz.sys

[2012.12.19 19:17:26 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gqnzvnoh.sys

[2012.12.19 18:30:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.19 18:15:49 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rcpcjwxv.sys

[2012.12.19 18:15:23 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gocwqspf.sys

[2012.12.19 17:57:09 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxkgnyci.sys

[2012.12.19 17:56:53 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\glrmycqo.sys

[2012.12.19 17:55:55 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\emxjpqhq.sys

[2012.12.19 17:55:45 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\yixjicbi.sys

[2012.12.19 17:51:55 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\qglvyrbb.sys

[2012.12.19 17:51:39 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\jfxxtkdr.sys

[2012.12.19 17:51:07 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nxfdbfth.sys

[2012.12.19 17:50:49 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wbrmnyts.sys

[2012.12.19 16:57:45 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\frzgezkd.sys

[2012.12.19 16:57:22 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\gijdesuw.sys

[2012.12.19 16:56:38 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hahdheiq.sys

[2012.12.19 16:56:15 | 003,277,766 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\kallhöfer.vwx

[2012.12.19 16:56:14 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\uwhbwwpg.sys

[2012.12.19 16:55:33 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wpcbdkxi.sys

[2012.12.19 16:55:08 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tslghqlz.sys

[2012.12.19 16:54:35 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\chhlykpf.sys

[2012.12.19 16:54:12 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\lqgbbwap.sys

[2012.12.19 16:53:19 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ghclvpvd.sys

[2012.12.19 16:53:07 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zepzkghl.sys

[2012.12.19 16:52:23 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ancfcpnc.sys

[2012.12.19 16:52:08 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\qxqfjazw.sys

[2012.12.19 16:51:56 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\copfklkc.sys

[2012.12.19 16:51:48 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bkjqolip.sys

[2012.12.19 16:51:36 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ajdkoffx.sys

[2012.12.19 16:51:26 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hopiytqi.sys

[2012.12.19 16:51:04 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mbmterxp.sys

[2012.12.19 16:50:55 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wqcesqrn.sys

[2012.12.19 16:50:38 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\oeugmqcs.sys

[2012.12.19 16:50:25 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvenempu.sys

[2012.12.19 16:50:14 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ujzrngzc.sys

[2012.12.19 16:50:01 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\phzrxlue.sys

[2012.12.19 16:49:51 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mvatfxtx.sys

[2012.12.19 16:49:46 | 006,406,144 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\Portfolio.indd

[2012.12.19 16:49:42 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\kzjslsqz.sys

[2012.12.19 16:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.12.19 16:49:05 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2012.12.19 16:48:36 | 000,049,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hsphsdak.sys

[2012.12.19 16:47:41 | 000,001,055 | ---- | M] () -- C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

[2012.12.19 16:47:08 | 000,249,856 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Thekenputzer\wgsdgsdgdsgsd.dll

[2012.12.19 15:30:15 | 000,700,943 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\donaldjudd2.jpg

[2012.12.19 15:28:51 | 000,020,931 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\marfa12.jpg

[2012.12.19 13:00:32 | 015,289,017 | ---- | M] () -- C:\Users\Thekenputzer\Documents\Kom Kraft.vwx

[2012.12.19 12:50:45 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012.12.19 12:50:45 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012.12.19 12:17:20 | 000,668,397 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\Kom Kraft stonepunktde.pdf

[2012.12.19 11:06:15 | 000,013,287 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\GESAMTSCHULDENLISTE_12.12..pdf

[2012.12.19 10:48:09 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.12.19 10:27:46 | 001,355,776 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\kraft.max

[2012.12.18 18:35:11 | 000,031,962 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\team7_kueche_k7_slide1.jpg

[2012.12.18 18:34:21 | 000,027,897 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\team7_kueche_k7_slide2.jpg

[2012.12.18 18:31:26 | 000,058,044 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\2.jpg

[2012.12.18 18:20:20 | 000,036,503 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\1.jpg

[2012.12.17 09:43:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.12.17 09:43:50 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.12.17 09:34:48 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys

[2012.12.15 17:17:19 | 000,989,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.12.15 17:17:19 | 000,711,874 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.12.15 17:17:19 | 000,153,082 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.12.15 17:17:19 | 000,125,562 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.12.15 17:17:19 | 000,008,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.12.14 01:29:55 | 004,678,728 | ---- | M] () -- C:\Users\Thekenputzer\Documents\raupe.vwx

[2012.12.14 00:21:04 | 000,000,287 | ---- | M] () -- C:\Users\Thekenputzer\AppData\Local\VersionChecker_16.xml

[2012.12.13 21:16:34 | 004,349,952 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\raupe.max

[2012.12.13 09:20:29 | 005,066,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.12.12 15:16:00 | 005,535,312 | ---- | M] () -- C:\Users\Thekenputzer\Desktop\Raupe.vwx

[2012.12.12 14:06:02 | 000,000,287 | ---- | M] () -- C:\Users\Thekenputzer\AppData\Local\VersionChecker_17.xml

[2012.12.12 02:38:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.12.12 02:38:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.12.07 19:14:17 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib

[2012.12.06 08:34:58 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml

[2012.11.29 16:06:14 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2012.11.29 16:06:08 | 000,037,216 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll

[2012.11.29 16:06:08 | 000,029,536 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll

[2012.11.29 16:06:08 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2012.11.28 09:25:31 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012.11.23 01:47:43 | 000,000,251 | -H-- | M] () -- C:\Users\Thekenputzer\Desktop\canyon.lck

 
 ========== Files Created - No Company Name ==========

 

[2012.12.19 20:09:27 | 006,766,269 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\Endplan.pdf

[2012.12.19 19:56:21 | 000,000,000 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\~portfolio~o88l6u.idlk

[2012.12.19 19:25:14 | 000,001,205 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\Console.lnk

[2012.12.19 18:30:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.12.19 16:47:16 | 000,001,055 | ---- | C] () -- C:\Users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

[2012.12.19 16:47:14 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad

[2012.12.19 15:30:15 | 000,700,943 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\donaldjudd2.jpg

[2012.12.19 15:28:49 | 000,020,931 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\marfa12.jpg

[2012.12.19 12:11:08 | 000,668,397 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\Kom Kraft stonepunktde.pdf

[2012.12.19 11:06:13 | 000,013,287 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\GESAMTSCHULDENLISTE_12.12..pdf

[2012.12.19 10:48:09 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.12.19 10:48:08 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.12.19 10:27:36 | 001,355,776 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\kraft.max

[2012.12.18 18:35:10 | 000,031,962 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\team7_kueche_k7_slide1.jpg

[2012.12.18 18:34:20 | 000,027,897 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\team7_kueche_k7_slide2.jpg

[2012.12.18 18:31:26 | 000,058,044 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\2.jpg

[2012.12.18 18:20:20 | 000,036,503 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\1.jpg

[2012.12.18 11:08:40 | 015,289,017 | ---- | C] () -- C:\Users\Thekenputzer\Documents\Kom Kraft.vwx

[2012.12.16 16:48:40 | 003,973,086 | ---- | C] () -- C:\Users\Thekenputzer\Documents\De La Soul - Ring Ring Ring.mp3

[2012.12.15 15:26:45 | 003,277,766 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\kallhöfer.vwx

[2012.12.07 17:10:49 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2012.12.06 22:31:29 | 004,678,728 | ---- | C] () -- C:\Users\Thekenputzer\Documents\raupe.vwx

[2012.12.06 08:34:58 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml

[2012.12.05 13:29:28 | 006,406,144 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\Portfolio.indd

[2012.11.24 10:47:05 | 004,349,952 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\raupe.max

[2012.11.23 01:47:43 | 000,000,251 | -H-- | C] () -- C:\Users\Thekenputzer\Desktop\canyon.lck

[2012.11.21 19:37:39 | 005,535,312 | ---- | C] () -- C:\Users\Thekenputzer\Desktop\Raupe.vwx

[2012.10.25 10:08:01 | 000,000,287 | ---- | C] () -- C:\Users\Thekenputzer\AppData\Local\VersionChecker_16.xml

[2012.10.23 11:10:45 | 000,000,132 | ---- | C] () -- C:\Users\Thekenputzer\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2012.09.11 10:58:07 | 000,001,456 | ---- | C] () -- C:\Users\Thekenputzer\AppData\Local\Adobe Für Web speichern 12.0 Prefs

[2012.05.27 07:32:49 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini

[2012.05.21 06:08:29 | 000,000,000 | ---- | C] () -- C:\Windows\CNWVPREV.INI

[2012.05.08 13:15:47 | 000,000,287 | ---- | C] () -- C:\Users\Thekenputzer\AppData\Local\VersionChecker_17.xml

[2012.05.07 11:41:10 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

[2012.05.07 10:32:25 | 004,078,592 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll

[2012.05.07 10:32:25 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012.05.07 10:32:25 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012.05.07 10:32:25 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

[2012.05.07 10:32:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012.05.07 10:32:20 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012.05.07 05:28:42 | 001,597,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.03.03 12:52:21 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011.03.03 12:52:20 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011.03.03 12:52:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011.02.22 14:19:46 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
 

< End of report >

--- --- ---

Hi
OTL.txt fehlt noch.

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 19.12.2012 20:07:02 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thekenputzer\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,86 Gb Total Physical Memory | 3,73 Gb Available Physical Memory | 47,48% Memory free

15,71 Gb Paging File | 11,19 Gb Available in Paging File | 71,22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450,66 Gb Total Space | 234,92 Gb Free Space | 52,13% Space Free | Partition Type: NTFS

Drive E: | 3,69 Gb Total Space | 0,02 Gb Free Space | 0,47% Space Free | Partition Type: FAT32

Drive F: | 931,28 Gb Total Space | 83,30 Gb Free Space | 8,94% Space Free | Partition Type: FAT32

 

Computer Name: THEKENPUTZER-PC | User Name: Thekenputzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0254E17E-67B8-42E8-A545-BFED4FE3EC98}" = rport=138 | protocol=17 | dir=out | app=system | 

"{07B4B1F0-1052-420D-B296-C0FC638FB838}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1274A62A-5180-4AE6-9AF3-4B5977915E3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1C11F64E-76DD-4710-B45F-CFCEB1C09495}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{1D70E85B-D501-4268-A5C3-FE0451A62527}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{2315DB4F-0AE6-4269-A554-F3B5E606E898}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{27475E27-1902-4922-8DA1-CB58F28E74BB}" = rport=445 | protocol=6 | dir=out | app=system | 

"{41785A26-B9FB-4298-A87E-832D5CBF0670}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4AD0F99D-1585-41BD-A61C-8DADEF1140CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{5F33B6AF-E096-4AD1-8748-2BA81B6BE84F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{6926C1FF-EB2E-43FC-AD60-7589B53FFCF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{695DC1DB-7E54-4B69-8183-744F65165134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6BF27330-5062-47D8-A13D-6B3B8B2DE2C2}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{866DD532-9EE0-4863-A2D7-42ADA61896B8}" = rport=137 | protocol=17 | dir=out | app=system | 

"{919DD729-D2D7-4E69-A4A8-8687B8E3AA9E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{A057C285-FDAD-4592-A2DE-AB2C529967F4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{AAE0BA41-7767-4EA0-9ADA-AD4EB7690B1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B700D70B-A240-4ACC-AFB1-AFD6C908AFC1}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{C0A03FA4-D880-47C2-86E4-4B611A7EA8C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C22A5837-E31D-4105-837C-49C6A9DA7C66}" = lport=137 | protocol=17 | dir=in | app=system | 

"{C64A4C15-A0E7-44CE-8783-1C3C7A9D9704}" = lport=445 | protocol=6 | dir=in | app=system | 

"{CD788BF7-51A8-413F-88CE-30E13BC35E32}" = lport=138 | protocol=17 | dir=in | app=system | 

"{DB55A79E-0753-4215-BA5D-6A5C48C59281}" = rport=139 | protocol=6 | dir=out | app=system | 

"{F88B6191-41C6-490D-847E-7360101CF4BF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{FA5A9417-86C5-4F91-8456-D54204CF985D}" = lport=139 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05970FD3-EAD2-45F6-AECD-C82033510D1C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 

"{0A4D8ECF-E65A-4F78-AB4A-AD70F4FAC665}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{0C9C00C4-BC0B-4D4F-8FC4-1E4AA4A01302}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | 

"{10440864-C556-4DD9-BDF9-62CB50289541}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{11D199EE-3C00-4C02-9CE3-6E61B091F81F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{193D224B-52F8-4556-8F39-32D3CBD3E4E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{22C76685-1294-4296-AB2D-D74EDF45D11D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{2671318E-237E-4E90-B593-5AC66AB07DF1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{2ABBBCEE-F831-4034-97BD-D161E627E2C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{30C78548-408E-4063-917F-BEDEADB4109C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{32DEDB01-B28A-4070-9879-8C93F4309BFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3398C44C-43A5-4FD5-BF71-2577891705FF}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 

"{33F5B33E-212D-4449-878A-04A23D86E55A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | 

"{359B1AF5-2393-4E7E-9096-24BFFD55558D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3C3552B7-0014-4BD6-B05A-6DB2B6B7F5CE}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | 

"{3F62EA1C-CE76-4617-8245-8A4795BDBC5A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{408ED483-1642-408A-9F2C-F6AA666E6B4C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{45067417-7F02-41FB-928A-A83B11C665F3}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | 

"{57A82CB4-860E-494E-B3E7-65F0E4332FF4}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 

"{59D088B7-742B-4F85-9771-06CA1492E764}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{5EA74724-E4FC-40AF-85EE-349DA8B22BB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{5F359E39-1BD6-41C6-9616-33A0D300A817}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{5F394A31-4DA8-45BE-9024-E6595F753A53}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 

"{6258D586-F46F-4C25-BBD2-EE55B3AB3F0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{749F8B81-17FA-4110-9B1B-32FD67B1A9C1}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 

"{7A47EAB8-CCFD-4F68-B0F1-04704B663E66}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 

"{7DB0E4DD-0506-4551-8893-4FD97FC9C76C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{7DE5D169-F064-461E-9B51-AA9E98A08F60}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 

"{81C1604E-FF4E-4DC8-8827-B1A495E6E600}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | 

"{87E1ED02-F39E-4448-BFEF-2ACCE8356E88}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 

"{91C3712C-C744-4B15-A944-1103D75BC57D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{93F7254D-D65F-49CF-859B-5FA6968E9FC1}" = protocol=6 | dir=in | app=c:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe | 

"{97E0A16A-3073-4232-9BD2-67F9AC80B03F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9C913B72-3D1B-44A1-AF55-1BE45FB75D71}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | 

"{9CAA99EA-8168-46C4-B691-1F255C39A7AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9E64017C-D85B-4E61-9858-635817E1F932}" = protocol=17 | dir=in | app=c:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe | 

"{AD687CB6-F450-49F7-B54D-35870E08E306}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 

"{B2F78B4C-82FA-47F9-9842-7F086C96A461}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{BDADC73F-5AEE-4E2D-ADFA-251EC625CC69}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 

"{C0A84497-250C-4FD6-A43E-B5D446B1C341}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 

"{C14A7319-9F70-4B9D-A081-A74F570659EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C782B21E-2C65-4279-A328-62E93AF654E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{CE5365F9-67CD-49CD-86FE-B5EABF5A2840}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{D06BC23C-D718-40DB-9714-4CB13BC2294A}" = protocol=6 | dir=out | app=system | 

"{D778E3C8-36A3-46E6-90C7-368C213C54CF}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 

"{DBF0D4CC-CADC-45B0-BA22-37497D706167}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E10018F9-734E-419A-81CC-6735B09B4B44}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | 

"{E1A40E63-ECFD-4F49-881B-DE45574CB575}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2012\3dsmax.exe | 

"{E1C2AC53-5090-42CB-ADF1-FD74B7AFA060}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 

"{EDA689E4-9FD1-4F77-9BE3-FF4B688A7E09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{EF6BF162-A4C3-4D3E-B838-DF2E515267DE}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2012\3dsmax.exe | 

"{F345707E-787C-468E-B0AF-F5D93BC96A8C}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | 

"{FE52B1F2-D7E2-47EF-8477-3A61B8F45DC1}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | 

"TCP Query User{45BE0840-79CE-4A76-A6BF-1A2ECCAA27F2}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | 

"TCP Query User{5AD35E39-BE86-45F5-8B22-378343514094}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | 

"TCP Query User{61A2FD97-EAB2-4D48-8205-2065EB0B35C1}C:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{8843E71E-CDA7-4D51-9F8D-5D27125550B5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 

"TCP Query User{8AD78A1C-BB7F-4681-B95E-2A4A8F603B4C}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | 

"TCP Query User{92DAF154-5DBA-4F48-AF2E-D7F8FA9A75C2}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 

"TCP Query User{94400AF0-4B45-4BD4-B46B-B4B806460F8C}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"TCP Query User{B94F6CB2-1514-425D-8416-58132C42C497}C:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe | 

"TCP Query User{BE6869FE-BA63-405A-9AF0-3E811C537883}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | 

"TCP Query User{C6F7EDEC-6E55-41A4-B884-D722F55EEFDD}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 

"TCP Query User{DD882D67-A5A5-4FCF-8686-2FEC34D5514A}C:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe | 

"UDP Query User{0FF8E809-93A0-4FE6-A40F-49D9113FDD21}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 

"UDP Query User{163DF28A-E269-40A4-BDEA-5C5B8A434275}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 

"UDP Query User{2FB394EC-6C91-451F-816E-4BEAABBFF21F}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | 

"UDP Query User{3F0EECB3-1888-4BE3-8B75-CD29A35D43A4}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | 

"UDP Query User{5A604376-9B33-40A0-8957-44A66EE0A423}C:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe | 

"UDP Query User{71A0F08B-04E5-4030-BA96-3221035F188B}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"UDP Query User{957D7513-673A-4DBD-B26F-61554CFEDED5}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 

"UDP Query User{98FB8315-C365-4A36-A491-A535E3EDD176}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | 

"UDP Query User{D0D8F1C8-87E5-4678-A691-D16ACD24D763}C:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe | 

"UDP Query User{E37A080E-8DC2-42CB-B892-E5F934B264BF}C:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{FEA1F85C-C2EA-4AD3-B249-950AA2AFD881}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{24E0FEFE-42C4-8822-6AC9-0AE6FF03DC08}" = WxDownload Expansion

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{52099562-C109-0409-BFF1-1C19149A8749}" = Autodesk 3ds Max Design 2012 64-bit - English

"{5783F2D7-A001-0407-0102-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch

"{5783F2D7-A001-0407-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010

"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0

"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch

"Autodesk 3ds Max Design 2012 64-bit - English" = Autodesk 3ds Max Design 2012 64-bit - English

"Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit

"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.1.0 (64-bit)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service

"{088DF54D-6FFC-8C91-02D5-A461DCC2E652}" = 

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F63FE0E-3279-7399-CAAB-E9B19A570F40}" = Vectorworks 2011 Hilfe

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1CE8E6EB-3077-4E90-9C53-28B7015231D9}" = Google SketchUp Pro 8

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{39AE731B-85B7-4004-8FF7-58989943A68B}" = GoGear SA19xx Device Manager

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client

"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"adawaretb" = Ad-Aware Security Add-on

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar

"eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2011 Hilfe

"eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031

"Identity Card" = Identity Card

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.6.0

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NCH_DE Toolbar" = NCH DE Toolbar

"Para 3d2.8" = Para 3d

"Q Pilot - Client 4.4.0.14582" = Q Pilot - Client

"SP_0beb79c1" = 

"Switch" = Switch Audiodatei-Konverter

"TuneUp Utilities 2013" = TuneUp Utilities 2013

"VLC media player" = VLC media player 2.0.1

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 29.10.2012 11:59:41 | Computer Name = Thekenputzer-PC | Source = .NET Runtime | ID = 1022

Description = 

 

Error - 29.10.2012 12:29:08 | Computer Name = Thekenputzer-PC | Source = .NET Runtime | ID = 1022

Description = 

 

Error - 30.10.2012 04:35:36 | Computer Name = Thekenputzer-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Vectorworks2012E.exe, Version: 17.0.2.0,

 Zeitstempel: 0x4ec2e641  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,

 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc015000f  Fehleroffset: 0x00084621  ID des fehlerhaften

 Prozesses: 0x238  Startzeit der fehlerhaften Anwendung: 0x01cdb676c545d4fa  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\Vectorworks2012\Vectorworks2012E.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c6ab070e-226c-11e2-a794-1c7508fa1d3a

 

Error - 30.10.2012 06:02:52 | Computer Name = Thekenputzer-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: VECTOR~2.EXE, Version: 17.0.2.0, 

Zeitstempel: 0x4ec2e641  Name des fehlerhaften Moduls: VECTOR~2.EXE, Version: 17.0.2.0,

 Zeitstempel: 0x4ec2e641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x009a7ad7  ID des fehlerhaften

 Prozesses: 0x1730  Startzeit der fehlerhaften Anwendung: 0x01cdb679996d0e0d  Pfad der

 fehlerhaften Anwendung: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE  Pfad des fehlerhaften 

Moduls: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE  Berichtskennung: f7412ee6-2278-11e2-a794-1c7508fa1d3a

 

Error - 30.10.2012 06:03:00 | Computer Name = Thekenputzer-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: VECTOR~2.EXE, Version: 17.0.2.0, 

Zeitstempel: 0x4ec2e641  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,

 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0150010  Fehleroffset: 0x000847db  ID des fehlerhaften

 Prozesses: 0x1730  Startzeit der fehlerhaften Anwendung: 0x01cdb679996d0e0d  Pfad der

 fehlerhaften Anwendung: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE  Pfad des fehlerhaften 

Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: fbd71be7-2278-11e2-a794-1c7508fa1d3a

 

Error - 30.10.2012 10:33:46 | Computer Name = Thekenputzer-PC | Source = Application Hang | ID = 1002

Description = Programm VECTOR~2.EXE, Version 17.0.2.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1ac4    Startzeit:

 01cdb685c5cc3329    Endzeit: 86    Anwendungspfad: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE    Berichts-ID:

 cd903c7f-229e-11e2-a794-1c7508fa1d3a  

 

Error - 30.10.2012 10:46:29 | Computer Name = Thekenputzer-PC | Source = Application Hang | ID = 1002

Description = Programm VECTOR~2.EXE, Version 17.0.2.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1a70    Startzeit:

 01cdb6ac7e91aed0    Endzeit: 37    Anwendungspfad: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE    Berichts-ID:

 90743575-22a0-11e2-a7b2-1c7508fa1d3a  

 

Error - 30.10.2012 10:59:34 | Computer Name = Thekenputzer-PC | Source = .NET Runtime | ID = 1022

Description = 

 

Error - 31.10.2012 19:23:15 | Computer Name = Thekenputzer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

Error - 01.11.2012 21:40:35 | Computer Name = Thekenputzer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

[ System Events ]

Error - 20.10.2012 06:53:34 | Computer Name = Thekenputzer-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.137.1822.0     Aktualisierungsquelle: 

%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 

%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8800.0     Fehlercode: 0x80248014     Fehlerbeschreibung: Unerwartetes

 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates

 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

 

Error - 20.10.2012 09:39:36 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 09:47:31 | Computer Name = Thekenputzer-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.137.1822.0     Aktualisierungsquelle: 

%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 

%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8800.0     Fehlercode: 0x80248014     Fehlerbeschreibung: Unerwartetes

 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates

 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

 

Error - 20.10.2012 10:00:38 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 11:12:45 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 12:18:52 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 12:28:42 | Computer Name = Thekenputzer-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.137.1822.0     Aktualisierungsquelle: 

%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 

%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8800.0     Fehlercode: 0x80248014     Fehlerbeschreibung: Unerwartetes

 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates

 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

 

Error - 20.10.2012 12:42:54 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 14:01:02 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 14:10:20 | Computer Name = Thekenputzer-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.137.1822.0     Aktualisierungsquelle: 

%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 

%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8800.0     Fehlercode: 0x80248014     Fehlerbeschreibung: Unerwartetes

 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates

 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

 

 

< End of report >

--- --- ---

hi,
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Zitat:

Zitat von thekenputzer (Beitrag 975028)

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 19.12.2012 20:07:02 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thekenputzer\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,86 Gb Total Physical Memory | 3,73 Gb Available Physical Memory | 47,48% Memory free

15,71 Gb Paging File | 11,19 Gb Available in Paging File | 71,22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450,66 Gb Total Space | 234,92 Gb Free Space | 52,13% Space Free | Partition Type: NTFS

Drive E: | 3,69 Gb Total Space | 0,02 Gb Free Space | 0,47% Space Free | Partition Type: FAT32

Drive F: | 931,28 Gb Total Space | 83,30 Gb Free Space | 8,94% Space Free | Partition Type: FAT32

 

Computer Name: THEKENPUTZER-PC | User Name: Thekenputzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0254E17E-67B8-42E8-A545-BFED4FE3EC98}" = rport=138 | protocol=17 | dir=out | app=system | 

"{07B4B1F0-1052-420D-B296-C0FC638FB838}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1274A62A-5180-4AE6-9AF3-4B5977915E3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{1C11F64E-76DD-4710-B45F-CFCEB1C09495}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{1D70E85B-D501-4268-A5C3-FE0451A62527}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{2315DB4F-0AE6-4269-A554-F3B5E606E898}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{27475E27-1902-4922-8DA1-CB58F28E74BB}" = rport=445 | protocol=6 | dir=out | app=system | 

"{41785A26-B9FB-4298-A87E-832D5CBF0670}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4AD0F99D-1585-41BD-A61C-8DADEF1140CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{5F33B6AF-E096-4AD1-8748-2BA81B6BE84F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{6926C1FF-EB2E-43FC-AD60-7589B53FFCF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{695DC1DB-7E54-4B69-8183-744F65165134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6BF27330-5062-47D8-A13D-6B3B8B2DE2C2}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{866DD532-9EE0-4863-A2D7-42ADA61896B8}" = rport=137 | protocol=17 | dir=out | app=system | 

"{919DD729-D2D7-4E69-A4A8-8687B8E3AA9E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{A057C285-FDAD-4592-A2DE-AB2C529967F4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{AAE0BA41-7767-4EA0-9ADA-AD4EB7690B1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B700D70B-A240-4ACC-AFB1-AFD6C908AFC1}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{C0A03FA4-D880-47C2-86E4-4B611A7EA8C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C22A5837-E31D-4105-837C-49C6A9DA7C66}" = lport=137 | protocol=17 | dir=in | app=system | 

"{C64A4C15-A0E7-44CE-8783-1C3C7A9D9704}" = lport=445 | protocol=6 | dir=in | app=system | 

"{CD788BF7-51A8-413F-88CE-30E13BC35E32}" = lport=138 | protocol=17 | dir=in | app=system | 

"{DB55A79E-0753-4215-BA5D-6A5C48C59281}" = rport=139 | protocol=6 | dir=out | app=system | 

"{F88B6191-41C6-490D-847E-7360101CF4BF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{FA5A9417-86C5-4F91-8456-D54204CF985D}" = lport=139 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05970FD3-EAD2-45F6-AECD-C82033510D1C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 

"{0A4D8ECF-E65A-4F78-AB4A-AD70F4FAC665}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{0C9C00C4-BC0B-4D4F-8FC4-1E4AA4A01302}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | 

"{10440864-C556-4DD9-BDF9-62CB50289541}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{11D199EE-3C00-4C02-9CE3-6E61B091F81F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{193D224B-52F8-4556-8F39-32D3CBD3E4E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{22C76685-1294-4296-AB2D-D74EDF45D11D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{2671318E-237E-4E90-B593-5AC66AB07DF1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{2ABBBCEE-F831-4034-97BD-D161E627E2C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{30C78548-408E-4063-917F-BEDEADB4109C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{32DEDB01-B28A-4070-9879-8C93F4309BFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3398C44C-43A5-4FD5-BF71-2577891705FF}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 

"{33F5B33E-212D-4449-878A-04A23D86E55A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\clml\clmlsvc.exe | 

"{359B1AF5-2393-4E7E-9096-24BFFD55558D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3C3552B7-0014-4BD6-B05A-6DB2B6B7F5CE}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | 

"{3F62EA1C-CE76-4617-8245-8A4795BDBC5A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{408ED483-1642-408A-9F2C-F6AA666E6B4C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{45067417-7F02-41FB-928A-A83B11C665F3}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | 

"{57A82CB4-860E-494E-B3E7-65F0E4332FF4}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | 

"{59D088B7-742B-4F85-9771-06CA1492E764}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{5EA74724-E4FC-40AF-85EE-349DA8B22BB2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{5F359E39-1BD6-41C6-9616-33A0D300A817}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{5F394A31-4DA8-45BE-9024-E6595F753A53}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 

"{6258D586-F46F-4C25-BBD2-EE55B3AB3F0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{749F8B81-17FA-4110-9B1B-32FD67B1A9C1}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 

"{7A47EAB8-CCFD-4F68-B0F1-04704B663E66}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 

"{7DB0E4DD-0506-4551-8893-4FD97FC9C76C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{7DE5D169-F064-461E-9B51-AA9E98A08F60}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | 

"{81C1604E-FF4E-4DC8-8827-B1A495E6E600}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe | 

"{87E1ED02-F39E-4448-BFEF-2ACCE8356E88}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe | 

"{91C3712C-C744-4B15-A944-1103D75BC57D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{93F7254D-D65F-49CF-859B-5FA6968E9FC1}" = protocol=6 | dir=in | app=c:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe | 

"{97E0A16A-3073-4232-9BD2-67F9AC80B03F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9C913B72-3D1B-44A1-AF55-1BE45FB75D71}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | 

"{9CAA99EA-8168-46C4-B691-1F255C39A7AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9E64017C-D85B-4E61-9858-635817E1F932}" = protocol=17 | dir=in | app=c:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe | 

"{AD687CB6-F450-49F7-B54D-35870E08E306}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 

"{B2F78B4C-82FA-47F9-9842-7F086C96A461}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{BDADC73F-5AEE-4E2D-ADFA-251EC625CC69}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | 

"{C0A84497-250C-4FD6-A43E-B5D446B1C341}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe | 

"{C14A7319-9F70-4B9D-A081-A74F570659EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C782B21E-2C65-4279-A328-62E93AF654E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{CE5365F9-67CD-49CD-86FE-B5EABF5A2840}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 

"{D06BC23C-D718-40DB-9714-4CB13BC2294A}" = protocol=6 | dir=out | app=system | 

"{D778E3C8-36A3-46E6-90C7-368C213C54CF}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe | 

"{DBF0D4CC-CADC-45B0-BA22-37497D706167}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E10018F9-734E-419A-81CC-6735B09B4B44}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | 

"{E1A40E63-ECFD-4F49-881B-DE45574CB575}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2012\3dsmax.exe | 

"{E1C2AC53-5090-42CB-ADF1-FD74B7AFA060}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\.\kernel\dmr\dmrengine.exe | 

"{EDA689E4-9FD1-4F77-9BE3-FF4B688A7E09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{EF6BF162-A4C3-4D3E-B838-DF2E515267DE}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2012\3dsmax.exe | 

"{F345707E-787C-468E-B0AF-F5D93BC96A8C}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | 

"{FE52B1F2-D7E2-47EF-8477-3A61B8F45DC1}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe | 

"TCP Query User{45BE0840-79CE-4A76-A6BF-1A2ECCAA27F2}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | 

"TCP Query User{5AD35E39-BE86-45F5-8B22-378343514094}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | 

"TCP Query User{61A2FD97-EAB2-4D48-8205-2065EB0B35C1}C:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe | 

"TCP Query User{8843E71E-CDA7-4D51-9F8D-5D27125550B5}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 

"TCP Query User{8AD78A1C-BB7F-4681-B95E-2A4A8F603B4C}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | 

"TCP Query User{92DAF154-5DBA-4F48-AF2E-D7F8FA9A75C2}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 

"TCP Query User{94400AF0-4B45-4BD4-B46B-B4B806460F8C}C:\windows\syswow64\msiexec.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"TCP Query User{B94F6CB2-1514-425D-8416-58132C42C497}C:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe | 

"TCP Query User{BE6869FE-BA63-405A-9AF0-3E811C537883}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | 

"TCP Query User{C6F7EDEC-6E55-41A4-B884-D722F55EEFDD}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 

"TCP Query User{DD882D67-A5A5-4FCF-8686-2FEC34D5514A}C:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe | 

"UDP Query User{0FF8E809-93A0-4FE6-A40F-49D9113FDD21}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 

"UDP Query User{163DF28A-E269-40A4-BDEA-5C5B8A434275}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 

"UDP Query User{2FB394EC-6C91-451F-816E-4BEAABBFF21F}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | 

"UDP Query User{3F0EECB3-1888-4BE3-8B75-CD29A35D43A4}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | 

"UDP Query User{5A604376-9B33-40A0-8957-44A66EE0A423}C:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe | 

"UDP Query User{71A0F08B-04E5-4030-BA96-3221035F188B}C:\windows\syswow64\msiexec.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"UDP Query User{957D7513-673A-4DBD-B26F-61554CFEDED5}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 

"UDP Query User{98FB8315-C365-4A36-A491-A535E3EDD176}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | 

"UDP Query User{D0D8F1C8-87E5-4678-A691-D16ACD24D763}C:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\renderworks\cinerender 64bit.exe | 

"UDP Query User{E37A080E-8DC2-42CB-B892-E5F934B264BF}C:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thekenputzer\appdata\roaming\dropbox\bin\dropbox.exe | 

"UDP Query User{FEA1F85C-C2EA-4AD3-B249-950AA2AFD881}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{24E0FEFE-42C4-8822-6AC9-0AE6FF03DC08}" = WxDownload Expansion

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{52099562-C109-0409-BFF1-1C19149A8749}" = Autodesk 3ds Max Design 2012 64-bit - English

"{5783F2D7-A001-0407-0102-0060B0CE6BBA}" = AutoCAD 2012 - Deutsch

"{5783F2D7-A001-0407-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Deutsch

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010

"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0

"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AutoCAD 2012 - Deutsch" = AutoCAD 2012 - Deutsch

"Autodesk 3ds Max Design 2012 64-bit - English" = Autodesk 3ds Max Design 2012 64-bit - English

"Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit

"KLiteCodecPack64_is1" = K-Lite Codec Pack 6.1.0 (64-bit)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service

"{088DF54D-6FFC-8C91-02D5-A461DCC2E652}" = 

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F63FE0E-3279-7399-CAAB-E9B19A570F40}" = Vectorworks 2011 Hilfe

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1CE8E6EB-3077-4E90-9C53-28B7015231D9}" = Google SketchUp Pro 8

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{39AE731B-85B7-4004-8FF7-58989943A68B}" = GoGear SA19xx Device Manager

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client

"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012

"{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"adawaretb" = Ad-Aware Security Add-on

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar

"eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2011 Hilfe

"eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031

"Identity Card" = Identity Card

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.6.0

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NCH_DE Toolbar" = NCH DE Toolbar

"Para 3d2.8" = Para 3d

"Q Pilot - Client 4.4.0.14582" = Q Pilot - Client

"SP_0beb79c1" = 

"Switch" = Switch Audiodatei-Konverter

"TuneUp Utilities 2013" = TuneUp Utilities 2013

"VLC media player" = VLC media player 2.0.1

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 29.10.2012 11:59:41 | Computer Name = Thekenputzer-PC | Source = .NET Runtime | ID = 1022

Description = 

 

Error - 29.10.2012 12:29:08 | Computer Name = Thekenputzer-PC | Source = .NET Runtime | ID = 1022

Description = 

 

Error - 30.10.2012 04:35:36 | Computer Name = Thekenputzer-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Vectorworks2012E.exe, Version: 17.0.2.0,

 Zeitstempel: 0x4ec2e641  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,

 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc015000f  Fehleroffset: 0x00084621  ID des fehlerhaften

 Prozesses: 0x238  Startzeit der fehlerhaften Anwendung: 0x01cdb676c545d4fa  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\Vectorworks2012\Vectorworks2012E.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c6ab070e-226c-11e2-a794-1c7508fa1d3a

 

Error - 30.10.2012 06:02:52 | Computer Name = Thekenputzer-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: VECTOR~2.EXE, Version: 17.0.2.0, 

Zeitstempel: 0x4ec2e641  Name des fehlerhaften Moduls: VECTOR~2.EXE, Version: 17.0.2.0,

 Zeitstempel: 0x4ec2e641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x009a7ad7  ID des fehlerhaften

 Prozesses: 0x1730  Startzeit der fehlerhaften Anwendung: 0x01cdb679996d0e0d  Pfad der

 fehlerhaften Anwendung: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE  Pfad des fehlerhaften 

Moduls: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE  Berichtskennung: f7412ee6-2278-11e2-a794-1c7508fa1d3a

 

Error - 30.10.2012 06:03:00 | Computer Name = Thekenputzer-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: VECTOR~2.EXE, Version: 17.0.2.0, 

Zeitstempel: 0x4ec2e641  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,

 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0150010  Fehleroffset: 0x000847db  ID des fehlerhaften

 Prozesses: 0x1730  Startzeit der fehlerhaften Anwendung: 0x01cdb679996d0e0d  Pfad der

 fehlerhaften Anwendung: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE  Pfad des fehlerhaften 

Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: fbd71be7-2278-11e2-a794-1c7508fa1d3a

 

Error - 30.10.2012 10:33:46 | Computer Name = Thekenputzer-PC | Source = Application Hang | ID = 1002

Description = Programm VECTOR~2.EXE, Version 17.0.2.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1ac4    Startzeit:

 01cdb685c5cc3329    Endzeit: 86    Anwendungspfad: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE    Berichts-ID:

 cd903c7f-229e-11e2-a794-1c7508fa1d3a  

 

Error - 30.10.2012 10:46:29 | Computer Name = Thekenputzer-PC | Source = Application Hang | ID = 1002

Description = Programm VECTOR~2.EXE, Version 17.0.2.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1a70    Startzeit:

 01cdb6ac7e91aed0    Endzeit: 37    Anwendungspfad: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE    Berichts-ID:

 90743575-22a0-11e2-a7b2-1c7508fa1d3a  

 

Error - 30.10.2012 10:59:34 | Computer Name = Thekenputzer-PC | Source = .NET Runtime | ID = 1022

Description = 

 

Error - 31.10.2012 19:23:15 | Computer Name = Thekenputzer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

Error - 01.11.2012 21:40:35 | Computer Name = Thekenputzer-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte

 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen

 Indexwerte enthalten.

 

[ System Events ]

Error - 20.10.2012 06:53:34 | Computer Name = Thekenputzer-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.137.1822.0     Aktualisierungsquelle: 

%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 

%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8800.0     Fehlercode: 0x80248014     Fehlerbeschreibung: Unerwartetes

 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates

 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

 

Error - 20.10.2012 09:39:36 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 09:47:31 | Computer Name = Thekenputzer-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.137.1822.0     Aktualisierungsquelle: 

%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 

%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8800.0     Fehlercode: 0x80248014     Fehlerbeschreibung: Unerwartetes

 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates

 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

 

Error - 20.10.2012 10:00:38 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 11:12:45 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 12:18:52 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 12:28:42 | Computer Name = Thekenputzer-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.137.1822.0     Aktualisierungsquelle: 

%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 

%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8800.0     Fehlercode: 0x80248014     Fehlerbeschreibung: Unerwartetes

 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates

 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

 

Error - 20.10.2012 12:42:54 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 14:01:02 | Computer Name = Thekenputzer-PC | Source = bowser | ID = 8003

Description = 

 

Error - 20.10.2012 14:10:20 | Computer Name = Thekenputzer-PC | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.137.1822.0     Aktualisierungsquelle: 

%%859     Aktualisierungsphase: %%852     Quellpfad: Microsoft Deutschland | Geräte und Dienste     Signaturtyp: 

%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:

      Vorherige Modulversion: 1.1.8800.0     Fehlercode: 0x80248014     Fehlerbeschreibung: Unerwartetes

 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates

 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

 

 

< End of report >

--- --- ---

Also ich es hatte sich zwei Fenster geöffnet ich hab mal wie du siehst beide geladen.
sorry wenn das mehr arbeit ist.

Hi
dann mal weiter mit Combofix bitte.

Hi markusg,

sorry ich hatte vorhin deine Meldung nicht gelesen. ich hatte natürlichnicht alle Programme geschlossen. Soll ich jetzt trotzdem so fortfahren???

Zitat:

Zitat von thekenputzer (Beitrag 975057)

Hi markusg,

sorry ich hatte vorhin deine Meldung nicht gelesen. ich hatte natürlichnicht alle Programme geschlossen. Soll ich jetzt trotzdem so fortfahren???

Ach MSE auch beenden-geht das überhaupt?

Combofix Logfile:

Code:

ComboFix 12-12-19.02 - Thekenputzer 19.12.2012  21:17:10.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8044.4795 [GMT 1:00]

ausgeführt von:: c:\users\Thekenputzer\Desktop\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\dsgsdgdsgdsgw.pad

c:\programdata\FullRemove.exe

c:\users\Thekenputzer\wgsdgsdgdsgsd.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-11-19 bis 2012-12-19  ))))))))))))))))))))))))))))))

.

.

2012-12-19 20:27 . 2012-12-19 20:27        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-12-19 20:27 . 2012-12-19 20:27        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-12-19 18:17 . 2012-12-19 18:17        49872        ----a-w-        c:\windows\system32\drivers\vdzxkyfz.sys

2012-12-19 18:17 . 2012-12-19 18:17        49872        ----a-w-        c:\windows\system32\drivers\gqnzvnoh.sys

2012-12-19 17:30 . 2012-12-19 17:30        --------        d-----w-        c:\users\Thekenputzer\AppData\Roaming\Malwarebytes

2012-12-19 17:29 . 2012-12-19 17:29        --------        d-----w-        c:\programdata\Malwarebytes

2012-12-19 17:29 . 2012-12-19 20:05        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-19 17:15 . 2012-12-19 17:15        49872        ----a-w-        c:\windows\system32\drivers\rcpcjwxv.sys

2012-12-19 17:15 . 2012-12-19 17:15        49872        ----a-w-        c:\windows\system32\drivers\gocwqspf.sys

2012-12-19 17:08 . 2012-12-19 17:08        --------        d-----w-        c:\program files (x86)\Avira

2012-12-19 16:57 . 2012-12-19 16:57        49872        ----a-w-        c:\windows\system32\drivers\fxkgnyci.sys

2012-12-19 16:56 . 2012-12-19 16:56        49872        ----a-w-        c:\windows\system32\drivers\glrmycqo.sys

2012-12-19 16:55 . 2012-12-19 16:55        49872        ----a-w-        c:\windows\system32\drivers\emxjpqhq.sys

2012-12-19 16:55 . 2012-12-19 16:55        49872        ----a-w-        c:\windows\system32\drivers\yixjicbi.sys

2012-12-19 16:51 . 2012-12-19 16:51        49872        ----a-w-        c:\windows\system32\drivers\qglvyrbb.sys

2012-12-19 16:51 . 2012-12-19 16:51        49872        ----a-w-        c:\windows\system32\drivers\jfxxtkdr.sys

2012-12-19 16:51 . 2012-12-19 16:51        49872        ----a-w-        c:\windows\system32\drivers\nxfdbfth.sys

2012-12-19 16:50 . 2012-12-19 16:50        49872        ----a-w-        c:\windows\system32\drivers\wbrmnyts.sys

2012-12-19 15:57 . 2012-12-19 15:57        49872        ----a-w-        c:\windows\system32\drivers\frzgezkd.sys

2012-12-19 15:57 . 2012-12-19 15:57        49872        ----a-w-        c:\windows\system32\drivers\gijdesuw.sys

2012-12-19 15:56 . 2012-12-19 15:56        49872        ----a-w-        c:\windows\system32\drivers\hahdheiq.sys

2012-12-19 15:56 . 2012-12-19 15:56        49872        ----a-w-        c:\windows\system32\drivers\uwhbwwpg.sys

2012-12-19 15:55 . 2012-12-19 15:55        49872        ----a-w-        c:\windows\system32\drivers\wpcbdkxi.sys

2012-12-19 15:55 . 2012-12-19 15:55        49872        ----a-w-        c:\windows\system32\drivers\tslghqlz.sys

2012-12-19 15:54 . 2012-12-19 15:54        49872        ----a-w-        c:\windows\system32\drivers\chhlykpf.sys

2012-12-19 15:54 . 2012-12-19 15:54        49872        ----a-w-        c:\windows\system32\drivers\lqgbbwap.sys

2012-12-19 15:53 . 2012-12-19 15:53        49872        ----a-w-        c:\windows\system32\drivers\ghclvpvd.sys

2012-12-19 15:53 . 2012-12-19 15:53        49872        ----a-w-        c:\windows\system32\drivers\zepzkghl.sys

2012-12-19 15:52 . 2012-12-19 15:52        49872        ----a-w-        c:\windows\system32\drivers\ancfcpnc.sys

2012-12-19 15:52 . 2012-12-19 15:52        49872        ----a-w-        c:\windows\system32\drivers\qxqfjazw.sys

2012-12-19 15:51 . 2012-12-19 15:51        49872        ----a-w-        c:\windows\system32\drivers\copfklkc.sys

2012-12-19 15:51 . 2012-12-19 15:51        49872        ----a-w-        c:\windows\system32\drivers\bkjqolip.sys

2012-12-19 15:51 . 2012-12-19 15:51        49872        ----a-w-        c:\windows\system32\drivers\ajdkoffx.sys

2012-12-19 15:51 . 2012-12-19 15:51        49872        ----a-w-        c:\windows\system32\drivers\hopiytqi.sys

2012-12-19 15:51 . 2012-12-19 15:51        49872        ----a-w-        c:\windows\system32\drivers\mbmterxp.sys

2012-12-19 15:50 . 2012-12-19 15:50        49872        ----a-w-        c:\windows\system32\drivers\wqcesqrn.sys

2012-12-19 15:50 . 2012-12-19 15:50        49872        ----a-w-        c:\windows\system32\drivers\oeugmqcs.sys

2012-12-19 15:50 . 2012-12-19 15:50        49872        ----a-w-        c:\windows\system32\drivers\fvenempu.sys

2012-12-19 15:50 . 2012-12-19 15:50        49872        ----a-w-        c:\windows\system32\drivers\ujzrngzc.sys

2012-12-19 15:50 . 2012-12-19 15:50        49872        ----a-w-        c:\windows\system32\drivers\phzrxlue.sys

2012-12-19 15:49 . 2012-12-19 15:49        49872        ----a-w-        c:\windows\system32\drivers\mvatfxtx.sys

2012-12-19 15:49 . 2012-12-19 15:49        49872        ----a-w-        c:\windows\system32\drivers\kzjslsqz.sys

2012-12-19 15:48 . 2012-12-19 15:48        49872        ----a-w-        c:\windows\system32\drivers\hsphsdak.sys

2012-12-19 15:47 . 2012-12-19 15:47        76232        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{094D465D-BB7C-482F-BFE2-4241E9585ED3}\offreg.dll

2012-12-19 15:46 . 2012-12-19 15:46        --------        d-----w-        c:\windows\Sun

2012-12-19 11:51 . 2012-12-19 11:50        859072        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-12-19 11:51 . 2012-12-19 11:50        779704        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-12-17 12:21 . 2012-11-29 15:06        25952        ----a-w-        c:\windows\system32\authuitu.dll

2012-12-17 12:20 . 2012-11-29 15:06        21344        ----a-w-        c:\windows\SysWow64\authuitu.dll

2012-12-17 12:20 . 2012-11-29 15:06        37216        ----a-w-        c:\windows\system32\uxtuneup.dll

2012-12-17 12:20 . 2012-11-29 15:06        29536        ----a-w-        c:\windows\SysWow64\uxtuneup.dll

2012-12-14 16:45 . 2012-11-19 00:01        9125352        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{094D465D-BB7C-482F-BFE2-4241E9585ED3}\mpengine.dll

2012-12-14 11:45 . 2012-12-14 11:45        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2012-12-13 09:40 . 2012-12-13 09:40        --------        d-----w-        c:\program files (x86)\WxDownload

2012-12-13 09:39 . 2012-12-13 09:39        --------        d-----w-        c:\programdata\wxDownload

2012-12-13 09:37 . 2012-12-13 10:08        --------        d-----w-        c:\programdata\InstallMate

2012-12-13 08:00 . 2012-11-14 05:55        2144768        ----a-w-        c:\windows\system32\iertutil.dll

2012-12-13 08:00 . 2012-11-14 02:00        387584        ----a-w-        c:\program files (x86)\Internet Explorer\jsdbgui.dll

2012-12-13 08:00 . 2012-11-14 06:06        499200        ----a-w-        c:\program files\Internet Explorer\jsdbgui.dll

2012-12-13 08:00 . 2012-11-14 02:01        678912        ----a-w-        c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-12-13 08:00 . 2012-11-14 06:06        887296        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll

2012-12-13 08:00 . 2012-11-14 07:06        17811968        ----a-w-        c:\windows\system32\mshtml.dll

2012-12-13 08:00 . 2012-11-14 06:32        10925568        ----a-w-        c:\windows\system32\ieframe.dll

2012-12-12 20:22 . 2012-11-09 05:45        2048        ----a-w-        c:\windows\system32\tzres.dll

2012-12-12 20:22 . 2012-11-09 04:42        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2012-12-12 20:22 . 2012-11-22 03:26        3149824        ----a-w-        c:\windows\system32\win32k.sys

2012-12-12 20:22 . 2012-11-05 20:41        367616        ----a-w-        c:\windows\system32\atmfd.dll

2012-12-12 20:22 . 2012-11-05 20:32        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll

2012-12-12 20:22 . 2012-11-05 21:35        46080        ----a-w-        c:\windows\system32\atmlib.dll

2012-12-12 20:22 . 2012-11-05 20:32        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2012-12-08 22:01 . 2012-11-19 00:01        9125352        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-12-07 16:09 . 2012-12-10 09:54        --------        d-----w-        c:\program files (x86)\Elaborate Bytes

2012-12-06 11:35 . 2012-12-07 09:45        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird

2012-12-02 22:15 . 2012-10-23 05:04        972264        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D529129D-5097-465A-A7C8-5C233E1169D2}\gapaengine.dll

2012-11-26 12:07 . 2012-11-26 12:07        --------        d-----w-        c:\windows\Para 3d

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 08:06 . 2012-05-07 07:17        67413224        ----a-w-        c:\windows\system32\MRT.exe

2012-12-12 01:38 . 2012-05-07 10:20        73656        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 01:38 . 2012-05-07 10:20        697272        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-29 15:06 . 2012-11-13 08:21        34656        ----a-w-        c:\windows\system32\TURegOpt.exe

2012-10-16 08:38 . 2012-11-28 10:25        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 10:25        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 10:25        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-15 21:04        55296        ----a-w-        c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 21:04        226816        ----a-w-        c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 21:04        44032        ----a-w-        c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 21:04        193536        ----a-w-        c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 20:21        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-15 21:04        1914248        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-15 21:04        70656        ----a-w-        c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-15 21:04        303104        ----a-w-        c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-15 21:04        246272        ----a-w-        c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-15 21:04        18944        ----a-w-        c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-15 21:04        216576        ----a-w-        c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-15 21:04        569344        ----a-w-        c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-15 21:04        18944        ----a-w-        c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-15 21:04        175104        ----a-w-        c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-15 21:04        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-15 21:04        45568        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2012-09-25 22:47 . 2012-11-15 21:04        78336        ----a-w-        c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-15 21:04        95744        ----a-w-        c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files (x86)\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2012-09-20 20:06        87448        ----a-w-        c:\program files (x86)\adawaretb\adawareDx.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2011-05-09 09:49        176936        ----a-w-        c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}]

2011-05-09 08:49        176936        ----a-w-        c:\program files (x86)\NCH_DE\prxtbNCH_.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]

"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files (x86)\NCH_DE\prxtbNCH_.dll" [2011-05-09 176936]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-09-20 87448]

.

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

.

[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]

.

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\Thekenputzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\Thekenputzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\Thekenputzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-25 843208]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]

"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]

"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]

"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-24 1078352]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-09 177448]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"QPilotClientGUI"="c:\program files (x86)\Q Pilot - Client\GUI\QPilot-Client-GUI.exe" [2012-01-18 29445120]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]

.

c:\users\Thekenputzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Thekenputzer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

runctf.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

imagePROGRAF Status Monitor.lnk - c:\program files\Canon\imagePROGRAFStatusMonitor\cnwism.exe [2012-5-7 608016]

Philips SA19xx Gere-Manager.lnk - c:\program files (x86)\Philips\GoGear SA19xx Device Manager\main.exe [2012-7-10 124760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\WXDOWN~1\sprotector.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

R1 ajdkoffx;ajdkoffx;c:\windows\system32\drivers\ajdkoffx.sys [2012-12-19 49872]

R1 ancfcpnc;ancfcpnc;c:\windows\system32\drivers\ancfcpnc.sys [2012-12-19 49872]

R1 bkjqolip;bkjqolip;c:\windows\system32\drivers\bkjqolip.sys [2012-12-19 49872]

R1 chhlykpf;chhlykpf;c:\windows\system32\drivers\chhlykpf.sys [2012-12-19 49872]

R1 copfklkc;copfklkc;c:\windows\system32\drivers\copfklkc.sys [2012-12-19 49872]

R1 emxjpqhq;emxjpqhq;c:\windows\system32\drivers\emxjpqhq.sys [2012-12-19 49872]

R1 frzgezkd;frzgezkd;c:\windows\system32\drivers\frzgezkd.sys [2012-12-19 49872]

R1 fvenempu;fvenempu;c:\windows\system32\drivers\fvenempu.sys [2012-12-19 49872]

R1 fxkgnyci;fxkgnyci;c:\windows\system32\drivers\fxkgnyci.sys [2012-12-19 49872]

R1 ghclvpvd;ghclvpvd;c:\windows\system32\drivers\ghclvpvd.sys [2012-12-19 49872]

R1 gijdesuw;gijdesuw;c:\windows\system32\drivers\gijdesuw.sys [2012-12-19 49872]

R1 glrmycqo;glrmycqo;c:\windows\system32\drivers\glrmycqo.sys [2012-12-19 49872]

R1 gocwqspf;gocwqspf;c:\windows\system32\drivers\gocwqspf.sys [2012-12-19 49872]

R1 gqnzvnoh;gqnzvnoh;c:\windows\system32\drivers\gqnzvnoh.sys [2012-12-19 49872]

R1 hahdheiq;hahdheiq;c:\windows\system32\drivers\hahdheiq.sys [2012-12-19 49872]

R1 hopiytqi;hopiytqi;c:\windows\system32\drivers\hopiytqi.sys [2012-12-19 49872]

R1 hsphsdak;hsphsdak;c:\windows\system32\drivers\hsphsdak.sys [2012-12-19 49872]

R1 jfxxtkdr;jfxxtkdr;c:\windows\system32\drivers\jfxxtkdr.sys [2012-12-19 49872]

R1 kzjslsqz;kzjslsqz;c:\windows\system32\drivers\kzjslsqz.sys [2012-12-19 49872]

R1 lqgbbwap;lqgbbwap;c:\windows\system32\drivers\lqgbbwap.sys [2012-12-19 49872]

R1 mbmterxp;mbmterxp;c:\windows\system32\drivers\mbmterxp.sys [2012-12-19 49872]

R1 mvatfxtx;mvatfxtx;c:\windows\system32\drivers\mvatfxtx.sys [2012-12-19 49872]

R1 nxfdbfth;nxfdbfth;c:\windows\system32\drivers\nxfdbfth.sys [2012-12-19 49872]

R1 oeugmqcs;oeugmqcs;c:\windows\system32\drivers\oeugmqcs.sys [2012-12-19 49872]

R1 phzrxlue;phzrxlue;c:\windows\system32\drivers\phzrxlue.sys [2012-12-19 49872]

R1 qglvyrbb;qglvyrbb;c:\windows\system32\drivers\qglvyrbb.sys [2012-12-19 49872]

R1 qxqfjazw;qxqfjazw;c:\windows\system32\drivers\qxqfjazw.sys [2012-12-19 49872]

R1 rcpcjwxv;rcpcjwxv;c:\windows\system32\drivers\rcpcjwxv.sys [2012-12-19 49872]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]

R1 tslghqlz;tslghqlz;c:\windows\system32\drivers\tslghqlz.sys [2012-12-19 49872]

R1 ujzrngzc;ujzrngzc;c:\windows\system32\drivers\ujzrngzc.sys [2012-12-19 49872]

R1 uwhbwwpg;uwhbwwpg;c:\windows\system32\drivers\uwhbwwpg.sys [2012-12-19 49872]

R1 vdzxkyfz;vdzxkyfz;c:\windows\system32\drivers\vdzxkyfz.sys [2012-12-19 49872]

R1 wbrmnyts;wbrmnyts;c:\windows\system32\drivers\wbrmnyts.sys [2012-12-19 49872]

R1 wpcbdkxi;wpcbdkxi;c:\windows\system32\drivers\wpcbdkxi.sys [2012-12-19 49872]

R1 wqcesqrn;wqcesqrn;c:\windows\system32\drivers\wqcesqrn.sys [2012-12-19 49872]

R1 yixjicbi;yixjicbi;c:\windows\system32\drivers\yixjicbi.sys [2012-12-19 49872]

R1 zepzkghl;zepzkghl;c:\windows\system32\drivers\zepzkghl.sys [2012-12-19 49872]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-20 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-20 298144]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-20 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-20 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-20 154272]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-20 279200]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-07 1431888]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-06 1255736]

R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]

R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]

R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-27 28992]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-02-22 22912]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-02-22 20328]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-02-22 62584]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-09-20 1236368]

S2 Canon imagePROGRAF Status Monitor;Canon imagePROGRAF Status Monitor;c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [2009-10-09 713488]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-02-24 347216]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-06 868224]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 iPFDeviceAgentService;iPF Device Agent Service;c:\windows\system32\cnwiols6.exe [2008-12-08 210944]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]

S2 QPilotClientService;Q Pilot - Client Service;c:\program files (x86)\Q Pilot - Client\Service\QPilot-Client-Service.exe [2012-01-18 25624576]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]

S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]

S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]

S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-01-19 52264]

S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-13 85544]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-20 28832]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]

S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - AVKMGR

.

Inhalt des "geplante Tasks" Ordners

.

2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 01:38]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        97792        ----a-w-        c:\users\Thekenputzer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        97792        ----a-w-        c:\users\Thekenputzer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        97792        ----a-w-        c:\users\Thekenputzer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        97792        ----a-w-        c:\users\Thekenputzer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-20 615584]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-20 379552]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-06 860040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

"CnwiDeviceAgent"="c:\program files\Canon\imagePROGRAFStatusMonitor\cnwida.exe" [2009-10-09 71440]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IEAUTOTB

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4dcbf78d-0f41-49e2-a2ba-d4a9f94857cb&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Free YouTube to MP3 Converter - c:\users\Thekenputzer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Thekenputzer\AppData\Roaming\Mozilla\Firefox\Profiles\rnvs4wkq.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - 

FF - prefs.js: browser.startup.homepage - 

FF - ExtSQL: 2012-12-05 15:01; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2012-12-19 17:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Thekenputzer\AppData\Roaming\Mozilla\Firefox\Profiles\rnvs4wkq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Toolbar-Locked - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-12-19  21:33:23

ComboFix-quarantined-files.txt  2012-12-19 20:33

.

Vor Suchlauf: 12 Verzeichnis(se), 260.876.013.568 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 260.375.597.056 Bytes frei

.

- - End Of File - - F02EF8EA452B305E91A4FA5BB789C9B6

--- --- ---

OK!!!
Ich bedanke mich mal das hat ja wie am Schnürchen geklappt. Sieht alles sehr sehr gut aus. Meine letzte Frage ist nun sollte man nach so einer Viren-Attacke den Laptop vorsichtshalber doch formatieren oder passt das so wie es ist?

Nochmals vielen Danke!!!

Hi,
passt schon.

Start programme Zubehör Editor, reinkopieren:

Killall::
Rootkit::
c:\windows\system32\drivers\vdzxkyfz.sys
c:\windows\system32\drivers\gqnzvnoh.sys
c:\windows\system32\drivers\rcpcjwxv.sys
c:\windows\system32\drivers\gocwqspf.sys
c:\windows\system32\drivers\fxkgnyci.sys
c:\windows\system32\drivers\glrmycqo.sys
c:\windows\system32\drivers\emxjpqhq.sys
c:\windows\system32\drivers\yixjicbi.sys
c:\windows\system32\drivers\qglvyrbb.sys
c:\windows\system32\drivers\jfxxtkdr.sys
c:\windows\system32\drivers\nxfdbfth.sys
c:\windows\system32\drivers\wbrmnyts.sys
c:\windows\system32\drivers\frzgezkd.sys
c:\windows\system32\drivers\gijdesuw.sys
c:\windows\system32\drivers\hahdheiq.sys
c:\windows\system32\drivers\uwhbwwpg.sys
c:\windows\system32\drivers\wpcbdkxi.sys
c:\windows\system32\drivers\tslghqlz.sys
c:\windows\system32\drivers\chhlykpf.sys
c:\windows\system32\drivers\lqgbbwap.sys
c:\windows\system32\drivers\ghclvpvd.sys
c:\windows\system32\drivers\zepzkghl.sys
c:\windows\system32\drivers\ancfcpnc.sys
c:\windows\system32\drivers\qxqfjazw.sys
c:\windows\system32\drivers\copfklkc.sys
c:\windows\system32\drivers\bkjqolip.sys
c:\windows\system32\drivers\ajdkoffx.sys
c:\windows\system32\drivers\hopiytqi.sys
c:\windows\system32\drivers\mbmterxp.sys
c:\windows\system32\drivers\wqcesqrn.sys
c:\windows\system32\drivers\oeugmqcs.sys
c:\windows\system32\drivers\fvenempu.sys
c:\windows\system32\drivers\ujzrngzc.sys
c:\windows\system32\drivers\phzrxlue.sys
c:\windows\system32\drivers\mvatfxtx.sys
c:\windows\system32\drivers\kzjslsqz.sys
c:\windows\system32\drivers\hsphsdak.sys

Datei speichern unter, Typ, alle Dateien, Ort, dort wo sich Combofix.exe befindet.
Name:
cfscript.txt
Deaktiviere wieder alle Programme.
Ziehe cfscript.txt auf Combofix, programm startet, log posten.