Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Computer wird bei Verbindung mit dem Internet gesperrt (https://www.trojaner-board.de/130033-computer-verbindung-internet-gesperrt.html)

Mk91 24.01.2013 18:45
Computer wird bei Verbindung mit dem Internet gesperrt
 
Hallo liebe Helfer,
seit heute Mittag habe ich dass Problem, dass mein PC bei bestehender Verbindung mit dem Internet gesperrt wird.

Das Problem ist exakt Deckungsgleich zum dem, welches hier in der Community ebenfalls schon aufgekommen ist:

http://www.trojaner-board.de/129974-...-gesperrt.html

Ich hoffe ihr könnt mir schnell helfen, ich brauche meinen PC eigentlich dringend für die Uni und habe wenig Lust alles neu zu installieren (Die Daten könnte ich ja retten denke ich)

Viele Grüße Manuel

markusg 24.01.2013 19:20
hi
starte neu, drücke f8 wähle abgesicherter Modus mit Netzwerk, melde dich im betroffenen Konto an, inet sollte funktionieren
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Mk91 24.01.2013 19:28
Hallo markus,
ich bedanke mich für die Antwort und wqerde das gleich mal testen.

Ich hoffe du kannst mir bei meinem Problem helfen.

Gruß Manuel

Ich komme leider garnicht erst in den abgesicherten Modus ...
was soll ich jetzt tun ??

OK nachdem ich meinen PC abgewürgt hatte kam ich doch rein ;-)

So lange der Scan läuft kläre ich dich kurz über mein System auf:

Also ich denke was besonderst wichtig ist:
Ich habe Windows 7

Außerdem habe ich bereits mit Antivir gescannt: ohne Erfolg

Also hier die Ergebnisse des Scans:
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
Code:
OTL logfile created on: 24.01.2013 19:43:43 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Manuel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 87,38% Memory free
11,96 Gb Paging File | 11,24 Gb Available in Paging File | 93,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,21 Gb Total Space | 305,62 Gb Free Space | 66,85% Space Free | Partition Type: NTFS
Drive D: | 457,21 Gb Total Space | 326,18 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive F: | 992,70 Mb Total Space | 899,61 Mb Free Space | 90,62% Space Free | Partition Type: FAT
Drive M: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive P: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive V: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive X: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive Y: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
 
Computer Name: M-PC2 | User Name: Manuel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.24 19:24:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.18 18:47:54 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 13:31:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.13 14:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.11.26 19:06:13 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.02 11:33:28 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.05.08 17:35:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 17:35:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 02:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Stopped] -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.15 05:19:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.01 06:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 06:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.11.06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.06.03 16:18:08 | 000,066,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\jwpen.exe -- (HWSuperPowerTablet)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.13 14:26:36 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.03 20:38:55 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.07.02 11:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012.05.08 17:35:57 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:35:57 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.20 07:59:12 | 002,727,936 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.24 08:32:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.10.19 10:37:56 | 000,543,232 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stk7070P_64.sys -- (Ltn_stk7070P_64)
DRV:64bit: - [2007.10.19 10:37:56 | 000,016,256 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stkrc_64.sys -- (Ltn_stkrc_64)
DRV:64bit: - [2007.03.26 11:17:00 | 000,008,320 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HWDrawing.sys -- (VHWDrawing)
DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VLCVideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 18:47:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.05 16:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions
[2012.09.12 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\6zvrdmdc.default\extensions
[2012.09.12 22:01:38 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\firefox\profiles\6zvrdmdc.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.01.18 18:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.18 18:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.18 18:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.01.18 18:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.01.18 18:47:55 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.27 21:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.27 21:31:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.27 21:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.27 21:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.27 21:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.27 21:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLCVideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [HWTablet KeyPlus] C:\Windows\SysWOW64\HWKeyPlus.exe ()
O4 - HKLM..\Run: [HWTablet Service] C:\Windows\SysWOW64\HWTabTray.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Sonderedition\TrayServer.exe (MAGIX AG)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Manuel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Software Suite SE] C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDFA9DF7-7226-4B4B-B1B3-F93EDF312F18}: NameServer = 192.168.123.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c00a5ab8-b769-11e0-a2ac-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c00a5ab8-b769-11e0-a2ac-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {0AB324FA-DF78-6EFA-4598-91C1D14D0C44} - Themes Setup
ActiveX:64bit: {143D5D37-881A-AF39-0679-1C54239533A1} - Microsoft Windows Media Player
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {370C3286-5717-3F99-D4C7-920316FC9D89} - Themes Setup
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3F24D6E7-F128-36E6-06CD-331F1CCE1D53} - Internet Explorer
ActiveX:64bit: {400D3158-9F53-5179-8E4E-11B750D7661A} - Internet Explorer
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {8D115047-4358-16B9-443D-94C55A9EEDB2} - Themes Setup
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F04A7E29-C694-639F-6283-C6536C1EF220} - Browser Customizations
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 19:42:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2013.01.24 14:33:47 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{636BD44D-8DEB-4A0C-B9A0-BBC77DF03BE2}
[2013.01.23 12:34:24 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{6C507BA3-7D42-4467-9784-16410627D227}
[2013.01.22 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{2C5AAD76-6AB4-4D3C-91AF-623656C726F7}
[2013.01.21 18:52:40 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{D89AA588-5297-423E-97D6-338BC90CAAB0}
[2013.01.20 15:04:30 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{267BB2F6-6879-4EEE-8EDC-E65CDC148855}
[2013.01.19 23:28:36 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{7ED4A46D-8178-414C-A337-2BC897DDDFBF}
[2013.01.19 15:21:47 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{81C893D2-44EF-4404-8E06-8183F401A467}
[2013.01.18 22:29:15 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{9D6B6910-C2D9-49B9-94C2-0AB71CD44BDE}
[2013.01.18 18:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 12:34:03 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{64E51A94-3D2B-4BB3-8EDA-2BD0865482B7}
[2013.01.17 15:24:36 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{88318385-008A-44FF-A261-9E1C8DBB2B3D}
[2013.01.16 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{3C43DF0A-AAF8-46C4-B465-436B39E117B2}
[2013.01.16 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{4252B951-033B-4010-8A12-78E8AE11A1AE}
[2013.01.15 21:01:57 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{06A352C3-7011-4D40-8712-0A8ADDB6A396}
[2013.01.14 18:59:01 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{2DCC7127-7B87-40E3-B66B-4613429F76BF}
[2013.01.13 14:42:18 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{50DC0841-C5BF-46BF-9B3E-F30C3A63E1F6}
[2013.01.12 15:22:01 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{7C6B8B93-7D62-471D-BA11-8799E4E7FE57}
[2013.01.11 17:46:03 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{2BC61DE6-0BBF-4B65-A1D3-9C954C4CA535}
[2013.01.10 16:11:41 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{FE843118-63B5-4347-8141-33147D16C7A9}
[2013.01.09 17:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013.01.09 14:54:59 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{B9A9FBF9-3FF9-4C8A-AC95-6F4679B81D74}
[2013.01.08 22:18:22 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{CE337FD7-B5E2-4167-AB16-A6FDB96F0D4A}
[2013.01.07 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{6B83C634-265C-4326-97A3-F7FF280DBDF1}
[2013.01.06 16:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.01.06 13:09:54 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{B0C3021C-51B5-4D4D-A5A5-26F4A07FD593}
[2013.01.05 17:04:13 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{F956E350-687F-4F28-8F0E-FCDD5743E822}
[2013.01.04 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{F396AF30-B5B9-48BA-8425-4E56E31AD0BC}
[2013.01.03 09:36:20 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{63D832BB-A18B-4E37-A13C-2E05814F4580}
[2013.01.01 23:11:40 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{25D3BAE8-004C-4F0F-89EF-8E8953BBDD57}
[2012.12.31 18:30:54 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{7C7D805D-224A-4F66-89F7-2D88F9807C1D}
[2012.12.31 13:00:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2012.12.30 23:41:54 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{CF9B229F-B2C2-4421-AEBA-4140FE030D8D}
[2012.12.29 23:33:49 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{12CBA199-ABDE-4124-8D3F-78E5FE0DE9C9}
[2012.12.29 23:02:58 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{509149E7-8B54-4073-BC0D-842064CB92D0}
[2012.12.28 20:26:16 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{2ED54A71-311C-4E49-A0A6-BF001B52FB29}
[2012.12.27 12:42:36 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{B8F557D7-F1FC-4900-A5C9-EF921A5FA6C7}
[2012.12.25 22:53:30 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{951FDEB3-D114-44D7-B442-AA9A2F4B720B}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Manuel\*.tmp files -> C:\Users\Manuel\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 19:42:24 | 001,614,736 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.24 19:42:24 | 000,697,336 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.24 19:42:24 | 000,652,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.24 19:42:24 | 000,148,632 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.24 19:42:24 | 000,121,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.24 19:40:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 19:40:15 | 523,104,255 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.24 19:38:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 19:38:37 | 000,003,116 | ---- | M] () -- C:\Windows\HWTablet.bin
[2013.01.24 19:38:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.01.24 19:35:59 | 000,533,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.24 19:24:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2013.01.24 15:32:19 | 095,023,320 | ---- | M] () -- C:\ProgramData\HizKK03.pad
[2013.01.24 15:31:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.24 15:25:17 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.24 15:06:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 15:06:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 14:41:39 | 000,003,223 | ---- | M] () -- C:\ProgramData\HizKK03.js
[2013.01.24 14:41:39 | 000,001,085 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.24 14:41:39 | 000,000,153 | ---- | M] () -- C:\ProgramData\HizKK03.reg
[2013.01.24 14:41:39 | 000,000,080 | ---- | M] () -- C:\ProgramData\HizKK03.bat
[2013.01.24 14:16:07 | 001,591,518 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.19 21:09:49 | 688,613,278 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.09 15:02:19 | 000,002,853 | ---- | M] () -- C:\Users\Manuel\AppData\Local\recently-used.xbel
[2013.01.05 12:26:03 | 000,000,847 | ---- | M] () -- C:\Users\Manuel\Desktop\TX-NR414 - Verknüpfung.lnk
[2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.12.25 23:06:06 | 000,000,036 | ---- | M] () -- C:\Users\Manuel\.org.eclipse.epp.usagedata.recording.userId
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Manuel\*.tmp files -> C:\Users\Manuel\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.24 14:41:39 | 000,003,223 | ---- | C] () -- C:\ProgramData\HizKK03.js
[2013.01.24 14:41:39 | 000,001,085 | ---- | C] () -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.24 14:41:39 | 000,000,153 | ---- | C] () -- C:\ProgramData\HizKK03.reg
[2013.01.24 14:41:39 | 000,000,080 | ---- | C] () -- C:\ProgramData\HizKK03.bat
[2013.01.24 14:41:38 | 095,023,320 | ---- | C] () -- C:\ProgramData\HizKK03.pad
[2013.01.09 15:02:19 | 000,002,853 | ---- | C] () -- C:\Users\Manuel\AppData\Local\recently-used.xbel
[2013.01.05 12:26:03 | 000,000,847 | ---- | C] () -- C:\Users\Manuel\Desktop\TX-NR414 - Verknüpfung.lnk
[2012.12.25 23:06:06 | 000,000,036 | ---- | C] () -- C:\Users\Manuel\.org.eclipse.epp.usagedata.recording.userId
[2012.11.30 18:51:56 | 000,007,605 | ---- | C] () -- C:\Users\Manuel\AppData\Local\Resmon.ResmonCfg
[2012.11.26 18:49:36 | 001,591,518 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.06 21:16:22 | 000,000,032 | ---- | C] () -- C:\Windows\DVD_Start.INI
[2012.11.01 10:57:44 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012.11.01 10:57:42 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.11.01 10:57:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.11.01 10:56:58 | 000,044,950 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.11.01 10:56:12 | 000,000,872 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.11.01 10:56:01 | 000,005,066 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.09.26 14:12:26 | 000,000,072 | ---- | C] () -- C:\Windows\wininit.ini
[2012.05.09 14:03:21 | 000,000,028 | ---- | C] () -- C:\Users\Manuel\.gtk-bookmarks
[2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.02.16 15:12:48 | 000,004,608 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.24 11:46:10 | 000,000,594 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2011.11.22 19:08:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.11.06 14:45:23 | 000,066,560 | ---- | C] () -- C:\Windows\jwpen.exe
[2011.11.06 14:45:23 | 000,028,672 | ---- | C] () -- C:\Windows\HWCkPenT.dll
[2011.11.06 14:45:23 | 000,013,824 | ---- | C] () -- C:\Windows\DevInst.exe
[2011.11.06 14:45:23 | 000,011,264 | ---- | C] () -- C:\Windows\HWDevInst.exe
[2011.11.06 14:45:23 | 000,003,116 | ---- | C] () -- C:\Windows\HWTablet.bin
[2011.11.06 14:45:22 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\HWTabTray.exe
[2011.11.06 14:45:22 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\WinTab32.dll
[2011.11.06 14:45:22 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jwusbchk32.dll
[2011.11.06 14:45:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\JWKey.dll
[2011.11.06 14:45:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\HWKeyPlus.exe
[2011.11.06 14:45:22 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\JWPen.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.01 11:02:16 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ASUS
[2012.12.01 20:33:31 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Autodesk
[2011.11.19 11:04:41 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Foxit Software
[2012.06.23 14:53:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\FreeCommander
[2012.05.16 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\gtk-2.0
[2011.11.06 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\IrfanView
[2011.11.05 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Leadertech
[2011.11.12 15:48:50 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\MAGIX
[2011.11.05 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\OEM
[2012.11.30 13:53:54 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Origin
[2011.11.12 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\proDAD
[2011.12.20 18:08:40 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ProtectDISC
[2012.01.31 15:45:57 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\PTC
[2012.11.15 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Samsung
[2012.07.12 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\TeamViewer
[2012.04.24 18:36:57 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Temp
[2011.11.05 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Windows Live Writer
[2011.11.06 19:22:40 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.11.05 15:36:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.26 10:36:56 | 000,000,000 | ---D | M] -- C:\book
[2013.01.24 14:16:11 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.05 15:32:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.11 10:11:28 | 000,000,000 | ---D | M] -- C:\Intel
[2011.11.05 15:53:55 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.09.28 07:31:04 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.10.21 16:09:27 | 000,000,000 | -H-D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs
[2011.11.05 21:34:58 | 000,000,000 | ---D | M] -- C:\prgs
[2012.11.30 18:45:59 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.18 21:58:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.24 14:41:39 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.05 15:32:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.05 15:32:49 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.24 15:28:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.21 22:03:03 | 000,000,000 | ---D | M] -- C:\Temp
[2012.09.28 07:32:59 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.24 14:42:46 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.06 17:17:08 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.11.06 17:17:08 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 10:29:13 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2010.09.24 02:48:00 | 000,222,288 | ---- | M] (Advanced Micro Devices, Inc) MD5=A3F4FEE7E8C40242FD6CD77DAE51370F -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.05.09 14:03:21 | 000,000,028 | ---- | M] () -- C:\Users\Manuel\.gtk-bookmarks
[2012.12.25 23:06:06 | 000,000,036 | ---- | M] () -- C:\Users\Manuel\.org.eclipse.epp.usagedata.recording.userId
[2013.01.24 19:54:42 | 006,029,312 | -HS- | M] () -- C:\Users\Manuel\NTUSER.DAT
[2013.01.24 19:54:42 | 000,262,144 | -HS- | M] () -- C:\Users\Manuel\ntuser.dat.LOG1
[2011.11.05 15:33:07 | 000,000,000 | -HS- | M] () -- C:\Users\Manuel\ntuser.dat.LOG2
[2011.11.05 15:45:00 | 000,065,536 | -HS- | M] () -- C:\Users\Manuel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.11.05 15:45:00 | 000,524,288 | -HS- | M] () -- C:\Users\Manuel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.11.05 15:45:00 | 000,524,288 | -HS- | M] () -- C:\Users\Manuel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.11.21 03:50:53 | 000,000,020 | -HS- | M] () -- C:\Users\Manuel\ntuser.ini
[2012.10.27 16:27:01 | 000,000,326 | ---- | M] () -- C:\Users\Manuel\stools_.log
[2012.10.27 17:04:36 | 000,005,516 | ---- | M] () -- C:\Users\Manuel\stools_proe.log
[1 C:\Users\Manuel\*.tmp files -> C:\Users\Manuel\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >

markusg 24.01.2013 20:55
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
[2013.01.24 15:32:19 | 095,023,320 | ---- | M] () -- C:\ProgramData\HizKK03.pad
[2013.01.24 14:41:39 | 000,003,223 | ---- | M] () -- C:\ProgramData\HizKK03.js
[2013.01.24 14:41:39 | 000,001,085 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.24 14:41:39 | 000,000,153 | ---- | M] () -- C:\ProgramData\HizKK03.reg
[2013.01.24 14:41:39 | 000,000,080 | ---- | M] () -- C:\ProgramData\HizKK03.bat
 :Files
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Mk91 24.01.2013 21:20
Code:
All processes killed
Error: Unable to interpret <%:OTL> in the current context!
Error: Unable to interpret <[2013.01.24 15:32:19 | 095,023,320 | ---- | M] () -- C:\ProgramData\HizKK03.pad> in the current context!
Error: Unable to interpret <[2013.01.24 14:41:39 | 000,003,223 | ---- | M] () -- C:\ProgramData\HizKK03.js> in the current context!
Error: Unable to interpret <[2013.01.24 14:41:39 | 000,001,085 | ---- | M] () -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk> in the current context!
Error: Unable to interpret <[2013.01.24 14:41:39 | 000,000,153 | ---- | M] () -- C:\ProgramData\HizKK03.reg> in the current context!
Error: Unable to interpret <[2013.01.24 14:41:39 | 000,000,080 | ---- | M] () -- C:\ProgramData\HizKK03.bat> in the current context!
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 42016 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Manuel
->Flash cache emptied: 42148 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 42016 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Manuel
->Temp folder emptied: 1243166758 bytes
->Temporary Internet Files folder emptied: 491266648 bytes
->Java cache emptied: 7153767 bytes
->FireFox cache emptied: 325477772 bytes
->Google Chrome cache emptied: 32072876 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 1564672 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8136530440 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 279610 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 763 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 6308995229 bytes
 
Total Files Cleaned = 15.780,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01242013_210404

Files\Folders moved on Reboot...
C:\Users\Manuel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg 24.01.2013 21:22
hi
du hast da beim kopieren n fehler gemacht, füre das Script noch mal aus bitte

Mk91 24.01.2013 21:26
Kann ich die exe auch im normalen modus ausfuehren ???

Es wurde aber trotzdem gemeldet dass dateien fehlen ;-)

habs jetzt nochmal probiert:

Es ging dieses mal sehr schnell und demzufolge denke ich dass es schon beim ersten mal erfolgreich gewesen sein muss ...
die zweite log folgt gleich

Code:
All processes killed
========== OTL ==========
C:\ProgramData\HizKK03.pad moved successfully.
C:\ProgramData\HizKK03.js moved successfully.
C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
C:\ProgramData\HizKK03.reg moved successfully.
C:\ProgramData\HizKK03.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Manuel
->Flash cache emptied: 492 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Manuel
->Temp folder emptied: 66292 bytes
->Temporary Internet Files folder emptied: 1087916 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01242013_214203

Files\Folders moved on Reboot...
C:\Users\Manuel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
was muss ich nun machen ?? ;-)

markusg 25.01.2013 12:30
jetzt hatts geklappt.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Mk91 25.01.2013 14:28
Code:
14:21:58.0396 5312  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:21:58.0656 5312  ============================================================
14:21:58.0656 5312  Current date / time: 2013/01/25 14:21:58.0656
14:21:58.0656 5312  SystemInfo:
14:21:58.0656 5312 
14:21:58.0656 5312  OS Version: 6.1.7601 ServicePack: 1.0
14:21:58.0656 5312  Product type: Workstation
14:21:58.0656 5312  ComputerName: M-PC2
14:21:58.0656 5312  UserName: Manuel
14:21:58.0656 5312  Windows directory: C:\Windows
14:21:58.0656 5312  System windows directory: C:\Windows
14:21:58.0656 5312  Running under WOW64
14:21:58.0656 5312  Processor architecture: Intel x64
14:21:58.0656 5312  Number of processors: 8
14:21:58.0656 5312  Page size: 0x1000
14:21:58.0656 5312  Boot type: Normal boot
14:21:58.0656 5312  ============================================================
14:21:59.0115 5312  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:21:59.0155 5312  Drive \Device\Harddisk6\DR6 - Size: 0x3E100000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:21:59.0157 5312  ============================================================
14:21:59.0157 5312  \Device\Harddisk0\DR0:
14:21:59.0157 5312  MBR partitions:
14:21:59.0157 5312  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
14:21:59.0157 5312  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x39269800
14:21:59.0157 5312  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B49C015, BlocksNum 0x392699AC
14:21:59.0157 5312  \Device\Harddisk6\DR6:
14:21:59.0159 5312  MBR partitions:
14:21:59.0159 5312  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F07DF
14:21:59.0159 5312  ============================================================
14:21:59.0186 5312  C: <-> \Device\Harddisk0\DR0\Partition2
14:21:59.0207 5312  D: <-> \Device\Harddisk0\DR0\Partition3
14:21:59.0207 5312  ============================================================
14:21:59.0209 5312  Initialize success
14:21:59.0209 5312  ============================================================
14:22:37.0045 4820  ============================================================
14:22:37.0045 4820  Scan started
14:22:37.0045 4820  Mode: Manual; SigCheck; TDLFS;
14:22:37.0045 4820  ============================================================
14:22:37.0242 4820  ================ Scan system memory ========================
14:22:37.0242 4820  System memory - ok
14:22:37.0242 4820  ================ Scan services =============================
14:22:37.0500 4820  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:22:37.0582 4820  1394ohci - ok
14:22:37.0604 4820  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:22:37.0614 4820  ACPI - ok
14:22:37.0628 4820  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
14:22:37.0693 4820  AcpiPmi - ok
14:22:37.0747 4820  [ 5AE65DCD983077278A6173C2872BCA99 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
14:22:37.0769 4820  acsock - ok
14:22:37.0835 4820  [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
14:22:37.0849 4820  AdobeActiveFileMonitor9.0 - ok
14:22:37.0928 4820  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:22:37.0940 4820  AdobeARMservice - ok
14:22:38.0058 4820  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:22:38.0074 4820  AdobeFlashPlayerUpdateSvc - ok
14:22:38.0084 4820  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
14:22:38.0104 4820  adp94xx - ok
14:22:38.0110 4820  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
14:22:38.0125 4820  adpahci - ok
14:22:38.0144 4820  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
14:22:38.0155 4820  adpu320 - ok
14:22:38.0173 4820  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
14:22:38.0304 4820  AeLookupSvc - ok
14:22:38.0357 4820  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
14:22:38.0388 4820  AFD - ok
14:22:38.0403 4820  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:22:38.0415 4820  agp440 - ok
14:22:38.0439 4820  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
14:22:38.0487 4820  ALG - ok
14:22:38.0504 4820  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:22:38.0519 4820  aliide - ok
14:22:38.0524 4820  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:22:38.0539 4820  amdide - ok
14:22:38.0564 4820  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
14:22:38.0583 4820  AmdK8 - ok
14:22:38.0602 4820  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:22:38.0638 4820  AmdPPM - ok
14:22:38.0659 4820  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
14:22:38.0679 4820  amdsata - ok
14:22:38.0687 4820  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:22:38.0704 4820  amdsbs - ok
14:22:38.0739 4820  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
14:22:38.0750 4820  amdxata - ok
14:22:38.0799 4820  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:22:38.0812 4820  AntiVirSchedulerService - ok
14:22:38.0848 4820  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:22:38.0859 4820  AntiVirService - ok
14:22:38.0870 4820  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
14:22:38.0930 4820  AppID - ok
14:22:38.0952 4820  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:22:38.0995 4820  AppIDSvc - ok
14:22:39.0014 4820  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
14:22:39.0034 4820  Appinfo - ok
14:22:39.0048 4820  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
14:22:39.0058 4820  arc - ok
14:22:39.0075 4820  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:22:39.0087 4820  arcsas - ok
14:22:39.0214 4820  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:22:39.0225 4820  aspnet_state - ok
14:22:39.0242 4820  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:39.0295 4820  AsyncMac - ok
14:22:39.0397 4820  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
14:22:39.0412 4820  atapi - ok
14:22:39.0429 4820  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:22:39.0490 4820  AudioEndpointBuilder - ok
14:22:39.0499 4820  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:22:39.0523 4820  AudioSrv - ok
14:22:39.0534 4820  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:22:39.0543 4820  avgntflt - ok
14:22:39.0554 4820  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:22:39.0563 4820  avipbb - ok
14:22:39.0575 4820  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:22:39.0583 4820  avkmgr - ok
14:22:39.0614 4820  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:22:39.0659 4820  AxInstSV - ok
14:22:39.0680 4820  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
14:22:39.0723 4820  b06bdrv - ok
14:22:39.0762 4820  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:39.0803 4820  b57nd60a - ok
14:22:39.0822 4820  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:22:39.0868 4820  BDESVC - ok
14:22:39.0884 4820  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:22:39.0928 4820  Beep - ok
14:22:39.0970 4820  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
14:22:40.0018 4820  BFE - ok
14:22:40.0053 4820  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:22:40.0095 4820  BITS - ok
14:22:40.0104 4820  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:22:40.0114 4820  blbdrive - ok
14:22:40.0144 4820  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:22:40.0169 4820  bowser - ok
14:22:40.0185 4820  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:22:40.0200 4820  BrFiltLo - ok
14:22:40.0213 4820  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:22:40.0225 4820  BrFiltUp - ok
14:22:40.0255 4820  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
14:22:40.0280 4820  Browser - ok
14:22:40.0297 4820  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
14:22:40.0333 4820  Brserid - ok
14:22:40.0343 4820  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:40.0359 4820  BrSerWdm - ok
14:22:40.0362 4820  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:40.0375 4820  BrUsbMdm - ok
14:22:40.0378 4820  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:22:40.0388 4820  BrUsbSer - ok
14:22:40.0406 4820  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:22:40.0427 4820  BTHMODEM - ok
14:22:40.0462 4820  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
14:22:40.0501 4820  bthserv - ok
14:22:40.0516 4820  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:22:40.0553 4820  cdfs - ok
14:22:40.0692 4820  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
14:22:40.0719 4820  cdrom - ok
14:22:40.0741 4820  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
14:22:40.0796 4820  CertPropSvc - ok
14:22:40.0813 4820  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:22:40.0826 4820  circlass - ok
14:22:40.0849 4820  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:22:40.0859 4820  CLFS - ok
14:22:40.0893 4820  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:40.0903 4820  clr_optimization_v2.0.50727_32 - ok
14:22:40.0928 4820  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:22:40.0938 4820  clr_optimization_v2.0.50727_64 - ok
14:22:41.0026 4820  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:22:41.0038 4820  clr_optimization_v4.0.30319_32 - ok
14:22:41.0054 4820  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:22:41.0067 4820  clr_optimization_v4.0.30319_64 - ok
14:22:41.0079 4820  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:22:41.0104 4820  CmBatt - ok
14:22:41.0109 4820  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:22:41.0123 4820  cmdide - ok
14:22:41.0243 4820  [ 6B56A1437913C1DEA2EE1F8B5DB1ED74 ] cmudaxp        C:\Windows\system32\drivers\cmudaxp.sys
14:22:41.0358 4820  cmudaxp - ok
14:22:41.0401 4820  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
14:22:41.0439 4820  CNG - ok
14:22:41.0451 4820  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:22:41.0462 4820  Compbatt - ok
14:22:41.0481 4820  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:22:41.0507 4820  CompositeBus - ok
14:22:41.0518 4820  COMSysApp - ok
14:22:41.0527 4820  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
14:22:41.0538 4820  crcdisk - ok
14:22:41.0572 4820  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:22:41.0613 4820  CryptSvc - ok
14:22:41.0654 4820  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:22:41.0709 4820  DcomLaunch - ok
14:22:41.0727 4820  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
14:22:41.0786 4820  defragsvc - ok
14:22:41.0799 4820  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:22:41.0833 4820  DfsC - ok
14:22:41.0863 4820  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
14:22:41.0874 4820  dg_ssudbus - ok
14:22:42.0021 4820  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:22:42.0049 4820  Dhcp - ok
14:22:42.0057 4820  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:22:42.0092 4820  discache - ok
14:22:42.0106 4820  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:22:42.0117 4820  Disk - ok
14:22:42.0146 4820  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:22:42.0186 4820  Dnscache - ok
14:22:42.0203 4820  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
14:22:42.0253 4820  dot3svc - ok
14:22:42.0262 4820  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
14:22:42.0292 4820  DPS - ok
14:22:42.0297 4820  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
14:22:42.0319 4820  drmkaud - ok
14:22:42.0348 4820  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
14:22:42.0382 4820  DXGKrnl - ok
14:22:42.0402 4820  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
14:22:42.0443 4820  EapHost - ok
14:22:42.0527 4820  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
14:22:42.0656 4820  ebdrv - ok
14:22:42.0687 4820  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
14:22:42.0726 4820  EFS - ok
14:22:42.0779 4820  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
14:22:42.0819 4820  ehRecvr - ok
14:22:42.0833 4820  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
14:22:42.0849 4820  ehSched - ok
14:22:42.0868 4820  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
14:22:42.0898 4820  elxstor - ok
14:22:42.0906 4820  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:22:42.0931 4820  ErrDev - ok
14:22:42.0951 4820  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
14:22:42.0989 4820  EventSystem - ok
14:22:43.0016 4820  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
14:22:43.0041 4820  exfat - ok
14:22:43.0123 4820  Fabs - ok
14:22:43.0138 4820  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
14:22:43.0188 4820  fastfat - ok
14:22:43.0236 4820  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
14:22:43.0282 4820  Fax - ok
14:22:43.0299 4820  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
14:22:43.0324 4820  fdc - ok
14:22:43.0341 4820  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
14:22:43.0377 4820  fdPHost - ok
14:22:43.0392 4820  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:22:43.0416 4820  FDResPub - ok
14:22:43.0431 4820  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:22:43.0439 4820  FileInfo - ok
14:22:43.0451 4820  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
14:22:43.0486 4820  Filetrace - ok
14:22:43.0573 4820  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
14:22:43.0712 4820  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
14:22:43.0712 4820  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
14:22:43.0794 4820  [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:22:43.0852 4820  FLEXnet Licensing Service 64 - ok
14:22:43.0869 4820  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:22:43.0879 4820  flpydisk - ok
14:22:43.0896 4820  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:22:43.0911 4820  FltMgr - ok
14:22:43.0967 4820  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
14:22:44.0036 4820  FontCache - ok
14:22:44.0079 4820  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:22:44.0092 4820  FontCache3.0.0.0 - ok
14:22:44.0112 4820  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
14:22:44.0127 4820  FsDepends - ok
14:22:44.0136 4820  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:22:44.0149 4820  Fs_Rec - ok
14:22:44.0154 4820  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:22:44.0168 4820  fvevol - ok
14:22:44.0184 4820  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:22:44.0193 4820  gagp30kx - ok
14:22:44.0248 4820  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:22:44.0274 4820  GamesAppService - ok
14:22:44.0296 4820  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
14:22:44.0343 4820  gpsvc - ok
14:22:44.0404 4820  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService    C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
14:22:44.0414 4820  GREGService - ok
14:22:44.0482 4820  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:22:44.0494 4820  gupdate - ok
14:22:44.0519 4820  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:22:44.0531 4820  gupdatem - ok
14:22:44.0548 4820  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:22:44.0584 4820  hcw85cir - ok
14:22:44.0599 4820  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:22:44.0644 4820  HdAudAddService - ok
14:22:44.0673 4820  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:22:44.0699 4820  HDAudBus - ok
14:22:44.0703 4820  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
14:22:44.0727 4820  HidBatt - ok
14:22:44.0748 4820  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:22:44.0786 4820  HidBth - ok
14:22:44.0817 4820  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
14:22:44.0841 4820  HidIr - ok
14:22:44.0844 4820  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
14:22:44.0883 4820  hidserv - ok
14:22:44.0897 4820  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:22:44.0908 4820  HidUsb - ok
14:22:44.0937 4820  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:22:44.0973 4820  hkmsvc - ok
14:22:44.0983 4820  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:22:45.0013 4820  HomeGroupListener - ok
14:22:45.0027 4820  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:22:45.0049 4820  HomeGroupProvider - ok
14:22:45.0061 4820  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:22:45.0081 4820  HpSAMD - ok
14:22:45.0093 4820  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:22:45.0148 4820  HTTP - ok
14:22:45.0164 4820  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:22:45.0172 4820  hwpolicy - ok
14:22:45.0203 4820  [ 2A0E04F22F47DC548430E06EA6BED882 ] HWSuperPowerTablet C:\Windows\jwpen.exe
14:22:45.0218 4820  HWSuperPowerTablet ( UnsignedFile.Multi.Generic ) - warning
14:22:45.0218 4820  HWSuperPowerTablet - detected UnsignedFile.Multi.Generic (1)
14:22:45.0222 4820  HYRDBios - ok
14:22:45.0241 4820  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:22:45.0263 4820  i8042prt - ok
14:22:45.0283 4820  [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:22:45.0299 4820  iaStor - ok
14:22:45.0356 4820  [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:22:45.0366 4820  IAStorDataMgrSvc - ok
14:22:45.0394 4820  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
14:22:45.0422 4820  iaStorV - ok
14:22:45.0487 4820  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:22:45.0504 4820  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:22:45.0504 4820  IDriverT - detected UnsignedFile.Multi.Generic (1)
14:22:45.0546 4820  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:22:45.0617 4820  idsvc - ok
14:22:45.0637 4820  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
14:22:45.0646 4820  iirsp - ok
14:22:45.0668 4820  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:22:45.0702 4820  IKEEXT - ok
14:22:45.0786 4820  [ A0C2C3D4C03C4FB896CFC53873784178 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:22:45.0833 4820  IntcAzAudAddService - ok
14:22:45.0842 4820  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:22:45.0849 4820  intelide - ok
14:22:45.0864 4820  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:22:45.0872 4820  intelppm - ok
14:22:45.0899 4820  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
14:22:45.0943 4820  IPBusEnum - ok
14:22:45.0946 4820  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:45.0971 4820  IpFilterDriver - ok
14:22:46.0017 4820  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:22:46.0054 4820  iphlpsvc - ok
14:22:46.0067 4820  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
14:22:46.0094 4820  IPMIDRV - ok
14:22:46.0098 4820  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
14:22:46.0139 4820  IPNAT - ok
14:22:46.0171 4820  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:22:46.0202 4820  IRENUM - ok
14:22:46.0221 4820  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:22:46.0237 4820  isapnp - ok
14:22:46.0257 4820  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:22:46.0283 4820  iScsiPrt - ok
14:22:46.0301 4820  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:22:46.0318 4820  kbdclass - ok
14:22:46.0333 4820  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:22:46.0352 4820  kbdhid - ok
14:22:46.0376 4820  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:22:46.0391 4820  KeyIso - ok
14:22:46.0418 4820  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:22:46.0438 4820  KSecDD - ok
14:22:46.0453 4820  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
14:22:46.0474 4820  KSecPkg - ok
14:22:46.0488 4820  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
14:22:46.0542 4820  ksthunk - ok
14:22:46.0569 4820  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
14:22:46.0636 4820  KtmRm - ok
14:22:46.0661 4820  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:22:46.0686 4820  LanmanServer - ok
14:22:46.0709 4820  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:22:46.0734 4820  LanmanWorkstation - ok
14:22:46.0778 4820  [ 6BCEE9C766815BFFF89DE7D81AF34CE1 ] Live Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
14:22:46.0791 4820  Live Updater Service - ok
14:22:46.0804 4820  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:22:46.0841 4820  lltdio - ok
14:22:46.0868 4820  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
14:22:46.0896 4820  lltdsvc - ok
14:22:46.0904 4820  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
14:22:46.0942 4820  lmhosts - ok
14:22:46.0992 4820  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:22:47.0007 4820  LMS - ok
14:22:47.0024 4820  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:22:47.0038 4820  LSI_FC - ok
14:22:47.0042 4820  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
14:22:47.0054 4820  LSI_SAS - ok
14:22:47.0068 4820  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:22:47.0081 4820  LSI_SAS2 - ok
14:22:47.0089 4820  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:22:47.0103 4820  LSI_SCSI - ok
14:22:47.0141 4820  [ 639D24E769BDBEC6145E4C1921669B73 ] Ltn_stk7070P_64 C:\Windows\system32\DRIVERS\Ltn_stk7070P_64.sys
14:22:47.0169 4820  Ltn_stk7070P_64 - ok
14:22:47.0192 4820  [ E028DF5A96827A87898D4D7EB768E3AB ] Ltn_stkrc_64    C:\Windows\system32\DRIVERS\Ltn_stkrc_64.sys
14:22:47.0229 4820  Ltn_stkrc_64 - ok
14:22:47.0241 4820  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
14:22:47.0303 4820  luafv - ok
14:22:47.0348 4820  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
14:22:47.0368 4820  LVRS64 - ok
14:22:47.0486 4820  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64        C:\Windows\system32\DRIVERS\lvuvc64.sys
14:22:47.0547 4820  LVUVC64 - ok
14:22:47.0561 4820  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
14:22:47.0573 4820  Mcx2Svc - ok
14:22:47.0584 4820  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
14:22:47.0593 4820  megasas - ok
14:22:47.0624 4820  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:22:47.0647 4820  MegaSR - ok
14:22:47.0661 4820  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:22:47.0669 4820  MEIx64 - ok
14:22:47.0801 4820  [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2013_64 C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
14:22:47.0807 4820  mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - warning
14:22:47.0807 4820  mi-raysat_3dsmax2013_64 - detected UnsignedFile.Multi.Generic (1)
14:22:47.0883 4820  [ 551A5E070F5DF69A64463852E93009DD ] mitsijm2013    C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
14:22:47.0902 4820  mitsijm2013 - ok
14:22:47.0916 4820  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
14:22:47.0952 4820  MMCSS - ok
14:22:47.0969 4820  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
14:22:47.0993 4820  Modem - ok
14:22:47.0999 4820  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
14:22:48.0021 4820  monitor - ok
14:22:48.0041 4820  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:22:48.0049 4820  mouclass - ok
14:22:48.0064 4820  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:22:48.0081 4820  mouhid - ok
14:22:48.0098 4820  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:22:48.0104 4820  mountmgr - ok
14:22:48.0183 4820  [ C8619D099F8149149045772B60DB09AC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:22:48.0203 4820  MozillaMaintenance - ok
14:22:48.0221 4820  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:22:48.0236 4820  mpio - ok
14:22:48.0244 4820  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:22:48.0277 4820  mpsdrv - ok
14:22:48.0296 4820  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:22:48.0329 4820  MpsSvc - ok
14:22:48.0343 4820  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:22:48.0363 4820  MRxDAV - ok
14:22:48.0379 4820  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:48.0402 4820  mrxsmb - ok
14:22:48.0417 4820  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:48.0432 4820  mrxsmb10 - ok
14:22:48.0438 4820  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:48.0449 4820  mrxsmb20 - ok
14:22:48.0458 4820  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:22:48.0467 4820  msahci - ok
14:22:48.0481 4820  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
14:22:48.0492 4820  msdsm - ok
14:22:48.0511 4820  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
14:22:48.0523 4820  MSDTC - ok
14:22:48.0538 4820  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:22:48.0561 4820  Msfs - ok
14:22:48.0574 4820  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
14:22:48.0597 4820  mshidkmdf - ok
14:22:48.0607 4820  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:22:48.0614 4820  msisadrv - ok
14:22:48.0629 4820  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
14:22:48.0662 4820  MSiSCSI - ok
14:22:48.0663 4820  msiserver - ok
14:22:48.0684 4820  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
14:22:48.0721 4820  MSKSSRV - ok
14:22:48.0723 4820  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:48.0754 4820  MSPCLOCK - ok
14:22:48.0762 4820  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
14:22:48.0784 4820  MSPQM - ok
14:22:48.0802 4820  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
14:22:48.0817 4820  MsRPC - ok
14:22:48.0821 4820  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:22:48.0827 4820  mssmbios - ok
14:22:48.0836 4820  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
14:22:48.0858 4820  MSTEE - ok
14:22:48.0869 4820  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:22:48.0879 4820  MTConfig - ok
14:22:48.0891 4820  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
14:22:48.0899 4820  Mup - ok
14:22:48.0921 4820  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:22:48.0953 4820  napagent - ok
14:22:48.0984 4820  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
14:22:49.0033 4820  NativeWifiP - ok
14:22:49.0094 4820  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
14:22:49.0111 4820  NAUpdate - ok
14:22:49.0161 4820  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:22:49.0192 4820  NDIS - ok
14:22:49.0206 4820  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
14:22:49.0229 4820  NdisCap - ok
14:22:49.0246 4820  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:49.0269 4820  NdisTapi - ok
14:22:49.0287 4820  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:49.0314 4820  Ndisuio - ok
14:22:49.0331 4820  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:49.0372 4820  NdisWan - ok
14:22:49.0386 4820  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
14:22:49.0437 4820  NDProxy - ok
14:22:49.0451 4820  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
14:22:49.0473 4820  NetBIOS - ok
14:22:49.0482 4820  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
14:22:49.0503 4820  NetBT - ok
14:22:49.0509 4820  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:22:49.0516 4820  Netlogon - ok
14:22:49.0537 4820  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:22:49.0582 4820  Netman - ok
14:22:49.0632 4820  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:49.0643 4820  NetMsmqActivator - ok
14:22:49.0661 4820  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:49.0669 4820  NetPipeActivator - ok
14:22:49.0687 4820  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:22:49.0726 4820  netprofm - ok
14:22:49.0734 4820  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:49.0741 4820  NetTcpActivator - ok
14:22:49.0743 4820  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:49.0748 4820  NetTcpPortSharing - ok
14:22:49.0764 4820  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
14:22:49.0773 4820  nfrd960 - ok
14:22:49.0808 4820  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:22:49.0822 4820  NlaSvc - ok
14:22:49.0837 4820  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:22:49.0862 4820  Npfs - ok
14:22:49.0864 4820  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
14:22:49.0889 4820  nsi - ok
14:22:49.0902 4820  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:22:49.0938 4820  nsiproxy - ok
14:22:49.0997 4820  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:22:50.0093 4820  Ntfs - ok
14:22:50.0099 4820  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:22:50.0121 4820  Null - ok
14:22:50.0144 4820  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
14:22:50.0154 4820  NVHDA - ok
14:22:50.0368 4820  [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:22:50.0482 4820  nvlddmkm - ok
14:22:50.0509 4820  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:22:50.0521 4820  nvraid - ok
14:22:50.0549 4820  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:22:50.0561 4820  nvstor - ok
14:22:50.0614 4820  [ A83AC04D672567CAF8BE7A4D73C0B850 ] NVSvc          C:\Windows\system32\nvvsvc.exe
14:22:50.0638 4820  NVSvc - ok
14:22:50.0721 4820  [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:22:50.0747 4820  nvUpdatusService - ok
14:22:50.0773 4820  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:22:50.0789 4820  nv_agp - ok
14:22:50.0801 4820  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:22:50.0821 4820  ohci1394 - ok
14:22:50.0892 4820  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:22:50.0909 4820  ose - ok
14:22:51.0021 4820  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:22:51.0143 4820  osppsvc - ok
14:22:51.0192 4820  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:22:51.0226 4820  p2pimsvc - ok
14:22:51.0256 4820  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:22:51.0283 4820  p2psvc - ok
14:22:51.0307 4820  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
14:22:51.0321 4820  Parport - ok
14:22:51.0357 4820  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
14:22:51.0377 4820  partmgr - ok
14:22:51.0386 4820  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:22:51.0431 4820  PcaSvc - ok
14:22:51.0443 4820  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
14:22:51.0464 4820  pci - ok
14:22:51.0484 4820  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:22:51.0499 4820  pciide - ok
14:22:51.0518 4820  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:22:51.0541 4820  pcmcia - ok
14:22:51.0559 4820  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
14:22:51.0576 4820  pcw - ok
14:22:51.0596 4820  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:22:51.0661 4820  PEAUTH - ok
14:22:51.0734 4820  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:22:51.0766 4820  PerfHost - ok
14:22:51.0803 4820  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
14:22:51.0881 4820  pla - ok
14:22:51.0923 4820  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:22:51.0973 4820  PlugPlay - ok
14:22:51.0988 4820  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
14:22:52.0023 4820  PNRPAutoReg - ok
14:22:52.0031 4820  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
14:22:52.0046 4820  PNRPsvc - ok
14:22:52.0091 4820  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64        C:\Windows\system32\DRIVERS\point64.sys
14:22:52.0101 4820  Point64 - ok
14:22:52.0126 4820  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
14:22:52.0189 4820  PolicyAgent - ok
14:22:52.0207 4820  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
14:22:52.0256 4820  Power - ok
14:22:52.0281 4820  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:22:52.0304 4820  PptpMiniport - ok
14:22:52.0322 4820  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
14:22:52.0348 4820  Processor - ok
14:22:52.0381 4820  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
14:22:52.0416 4820  ProfSvc - ok
14:22:52.0419 4820  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:22:52.0433 4820  ProtectedStorage - ok
14:22:52.0439 4820  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:22:52.0476 4820  Psched - ok
14:22:52.0506 4820  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
14:22:52.0516 4820  PxHlpa64 - ok
14:22:52.0554 4820  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:22:52.0616 4820  ql2300 - ok
14:22:52.0626 4820  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:22:52.0637 4820  ql40xx - ok
14:22:52.0647 4820  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
14:22:52.0664 4820  QWAVE - ok
14:22:52.0679 4820  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:22:52.0692 4820  QWAVEdrv - ok
14:22:52.0704 4820  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:22:52.0727 4820  RasAcd - ok
14:22:52.0741 4820  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
14:22:52.0764 4820  RasAgileVpn - ok
14:22:52.0772 4820  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
14:22:52.0812 4820  RasAuto - ok
14:22:52.0822 4820  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:52.0846 4820  Rasl2tp - ok
14:22:52.0872 4820  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:22:52.0918 4820  RasMan - ok
14:22:52.0933 4820  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:52.0958 4820  RasPppoe - ok
14:22:52.0971 4820  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
14:22:52.0996 4820  RasSstp - ok
14:22:53.0012 4820  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
14:22:53.0041 4820  rdbss - ok
14:22:53.0049 4820  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:22:53.0069 4820  rdpbus - ok
14:22:53.0086 4820  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:53.0106 4820  RDPCDD - ok
14:22:53.0111 4820  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:22:53.0138 4820  RDPENCDD - ok
14:22:53.0151 4820  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:22:53.0171 4820  RDPREFMP - ok
14:22:53.0203 4820  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
14:22:53.0239 4820  RDPWD - ok
14:22:53.0259 4820  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:22:53.0283 4820  rdyboost - ok
14:22:53.0293 4820  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:22:53.0328 4820  RemoteAccess - ok
14:22:53.0336 4820  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:22:53.0371 4820  RemoteRegistry - ok
14:22:53.0374 4820  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:22:53.0398 4820  RpcEptMapper - ok
14:22:53.0424 4820  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:22:53.0443 4820  RpcLocator - ok
14:22:53.0463 4820  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
14:22:53.0487 4820  RpcSs - ok
14:22:53.0501 4820  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:22:53.0526 4820  rspndr - ok
14:22:53.0559 4820  [ 712944C0A377E9B8743F95BD83E882D4 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
14:22:53.0571 4820  RTL8167 - ok
14:22:53.0576 4820  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
14:22:53.0583 4820  SamSs - ok
14:22:53.0592 4820  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:22:53.0602 4820  sbp2port - ok
14:22:53.0616 4820  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:22:53.0642 4820  SCardSvr - ok
14:22:53.0652 4820  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:22:53.0689 4820  scfilter - ok
14:22:53.0712 4820  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:22:53.0766 4820  Schedule - ok
14:22:53.0783 4820  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
14:22:53.0804 4820  SCPolicySvc - ok
14:22:53.0817 4820  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:22:53.0839 4820  SDRSVC - ok
14:22:53.0854 4820  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:22:53.0883 4820  secdrv - ok
14:22:53.0899 4820  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:22:53.0922 4820  seclogon - ok
14:22:53.0954 4820  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:22:53.0997 4820  SENS - ok
14:22:53.0999 4820  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:22:54.0031 4820  SensrSvc - ok
14:22:54.0052 4820  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\drivers\serenum.sys
14:22:54.0061 4820  Serenum - ok
14:22:54.0087 4820  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
14:22:54.0099 4820  Serial - ok
14:22:54.0137 4820  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:22:54.0153 4820  sermouse - ok
14:22:54.0176 4820  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:22:54.0236 4820  SessionEnv - ok
14:22:54.0248 4820  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
14:22:54.0258 4820  sffdisk - ok
14:22:54.0261 4820  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:22:54.0277 4820  sffp_mmc - ok
14:22:54.0279 4820  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
14:22:54.0289 4820  sffp_sd - ok
14:22:54.0292 4820  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
14:22:54.0301 4820  sfloppy - ok
14:22:54.0318 4820  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:22:54.0348 4820  SharedAccess - ok
14:22:54.0368 4820  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:22:54.0396 4820  ShellHWDetection - ok
14:22:54.0404 4820  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:22:54.0413 4820  SiSRaid2 - ok
14:22:54.0423 4820  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:22:54.0433 4820  SiSRaid4 - ok
14:22:54.0497 4820  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
14:22:54.0543 4820  SkypeUpdate - ok
14:22:54.0563 4820  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
14:22:54.0588 4820  Smb - ok
14:22:54.0604 4820  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:22:54.0622 4820  SNMPTRAP - ok
14:22:54.0631 4820  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
14:22:54.0638 4820  spldr - ok
14:22:54.0677 4820  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
14:22:54.0711 4820  Spooler - ok
14:22:54.0777 4820  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:22:54.0856 4820  sppsvc - ok
14:22:54.0866 4820  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
14:22:54.0889 4820  sppuinotify - ok
14:22:54.0916 4820  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
14:22:54.0949 4820  srv - ok
14:22:54.0966 4820  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:22:54.0998 4820  srv2 - ok
14:22:55.0016 4820  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:22:55.0039 4820  srvnet - ok
14:22:55.0052 4820  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
14:22:55.0089 4820  SSDPSRV - ok
14:22:55.0107 4820  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
14:22:55.0128 4820  SstpSvc - ok
14:22:55.0207 4820  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
14:22:55.0227 4820  ssudmdm - ok
14:22:55.0269 4820  [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:22:55.0283 4820  Stereo Service - ok
14:22:55.0301 4820  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:22:55.0314 4820  stexstor - ok
14:22:55.0353 4820  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:22:55.0406 4820  stisvc - ok
14:22:55.0409 4820  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:22:55.0422 4820  swenum - ok
14:22:55.0444 4820  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
14:22:55.0481 4820  swprv - ok
14:22:55.0521 4820  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
14:22:55.0564 4820  SysMain - ok
14:22:55.0572 4820  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:22:55.0587 4820  TabletInputService - ok
14:22:55.0598 4820  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
14:22:55.0629 4820  TapiSrv - ok
14:22:55.0639 4820  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
14:22:55.0664 4820  TBS - ok
14:22:55.0728 4820  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
14:22:55.0827 4820  Tcpip - ok
14:22:55.0871 4820  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:22:55.0893 4820  TCPIP6 - ok
14:22:55.0922 4820  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:22:55.0932 4820  tcpipreg - ok
14:22:55.0949 4820  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:22:55.0979 4820  TDPIPE - ok
14:22:56.0004 4820  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
14:22:56.0022 4820  TDTCP - ok
14:22:56.0036 4820  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
14:22:56.0093 4820  tdx - ok
14:22:56.0228 4820  [ 4A84526076717F87F3E1AD24AB28FB5A ] TeamViewer7    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:22:56.0263 4820  TeamViewer7 - ok
14:22:56.0306 4820  [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn  C:\Windows\system32\DRIVERS\teamviewervpn.sys
14:22:56.0312 4820  teamviewervpn - ok
14:22:56.0337 4820  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:22:56.0346 4820  TermDD - ok
14:22:56.0368 4820  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
14:22:56.0451 4820  TermService - ok
14:22:56.0521 4820  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk      C:\Windows\System32\Drivers\TFsExDisk.sys
14:22:56.0534 4820  TFsExDisk - ok
14:22:56.0547 4820  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:22:56.0572 4820  Themes - ok
14:22:56.0611 4820  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
14:22:56.0651 4820  THREADORDER - ok
14:22:56.0666 4820  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:22:56.0691 4820  TrkWks - ok
14:22:56.0732 4820  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:22:56.0770 4820  TrustedInstaller - ok
14:22:56.0783 4820  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:56.0813 4820  tssecsrv - ok
14:22:56.0825 4820  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:22:56.0845 4820  TsUsbFlt - ok
14:22:56.0858 4820  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
14:22:56.0868 4820  TsUsbGD - ok
14:22:56.0880 4820  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:22:56.0916 4820  tunnel - ok
14:22:56.0923 4820  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:22:56.0933 4820  uagp35 - ok
14:22:56.0951 4820  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:22:56.0978 4820  udfs - ok
14:22:56.0998 4820  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
14:22:57.0010 4820  UI0Detect - ok
14:22:57.0027 4820  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:22:57.0036 4820  uliagpkx - ok
14:22:57.0047 4820  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
14:22:57.0067 4820  umbus - ok
14:22:57.0091 4820  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:22:57.0112 4820  UmPass - ok
14:22:57.0175 4820  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
14:22:57.0195 4820  UMVPFSrv - ok
14:22:57.0292 4820  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:22:57.0363 4820  UNS - ok
14:22:57.0380 4820  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:22:57.0413 4820  upnphost - ok
14:22:57.0438 4820  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:22:57.0470 4820  usbaudio - ok
14:22:57.0506 4820  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:57.0538 4820  usbccgp - ok
14:22:57.0555 4820  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:22:57.0576 4820  usbcir - ok
14:22:57.0593 4820  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
14:22:57.0620 4820  usbehci - ok
14:22:57.0652 4820  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:22:57.0695 4820  usbhub - ok
14:22:57.0706 4820  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
14:22:57.0721 4820  usbohci - ok
14:22:57.0735 4820  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:22:57.0766 4820  usbprint - ok
14:22:57.0797 4820  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:57.0832 4820  USBSTOR - ok
14:22:57.0842 4820  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
14:22:57.0863 4820  usbuhci - ok
14:22:57.0881 4820  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
14:22:57.0936 4820  UxSms - ok
14:22:57.0953 4820  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:22:57.0961 4820  VaultSvc - ok
14:22:57.0963 4820  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:22:57.0972 4820  vdrvroot - ok
14:22:57.0988 4820  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
14:22:58.0023 4820  vds - ok
14:22:58.0026 4820  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:58.0037 4820  vga - ok
14:22:58.0052 4820  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
14:22:58.0076 4820  VgaSave - ok
14:22:58.0093 4820  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
14:22:58.0106 4820  vhdmp - ok
14:22:58.0142 4820  [ 30F14186C6CB1A0A80FBF5F4FCB83301 ] VHWDrawing      C:\Windows\system32\DRIVERS\HWDrawing.sys
14:22:58.0163 4820  VHWDrawing - ok
14:22:58.0180 4820  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:22:58.0196 4820  viaide - ok
14:22:58.0210 4820  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:22:58.0228 4820  volmgr - ok
14:22:58.0240 4820  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
14:22:58.0255 4820  volmgrx - ok
14:22:58.0261 4820  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
14:22:58.0287 4820  volsnap - ok
14:22:58.0350 4820  [ 19AFBA7191A78EDCA6D235456D65E002 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
14:22:58.0370 4820  vpnagent - ok
14:22:58.0410 4820  [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva          C:\Windows\system32\DRIVERS\vpnva64.sys
14:22:58.0426 4820  vpnva - ok
14:22:58.0442 4820  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
14:22:58.0460 4820  vsmraid - ok
14:22:58.0502 4820  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
14:22:58.0591 4820  VSS - ok
14:22:58.0600 4820  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:22:58.0623 4820  vwifibus - ok
14:22:58.0645 4820  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
14:22:58.0685 4820  W32Time - ok
14:22:58.0703 4820  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:22:58.0725 4820  WacomPen - ok
14:22:58.0738 4820  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:22:58.0793 4820  WANARP - ok
14:22:58.0796 4820  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:22:58.0816 4820  Wanarpv6 - ok
14:22:58.0843 4820  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:22:58.0918 4820  wbengine - ok
14:22:58.0932 4820  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:22:58.0955 4820  WbioSrvc - ok
14:22:58.0966 4820  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
14:22:58.0996 4820  wcncsvc - ok
14:22:59.0008 4820  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:22:59.0036 4820  WcsPlugInService - ok
14:22:59.0046 4820  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:22:59.0062 4820  Wd - ok
14:22:59.0100 4820  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:22:59.0166 4820  Wdf01000 - ok
14:22:59.0198 4820  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:22:59.0285 4820  WdiServiceHost - ok
14:22:59.0288 4820  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
14:22:59.0305 4820  WdiSystemHost - ok
14:22:59.0322 4820  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
14:22:59.0341 4820  WebClient - ok
14:22:59.0358 4820  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:22:59.0395 4820  Wecsvc - ok
14:22:59.0411 4820  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
14:22:59.0433 4820  wercplsupport - ok
14:22:59.0455 4820  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:22:59.0478 4820  WerSvc - ok
14:22:59.0488 4820  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:22:59.0510 4820  WfpLwf - ok
14:22:59.0521 4820  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:22:59.0530 4820  WIMMount - ok
14:22:59.0545 4820  WinDefend - ok
14:22:59.0551 4820  WinHttpAutoProxySvc - ok
14:22:59.0603 4820  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
14:22:59.0642 4820  Winmgmt - ok
14:22:59.0673 4820  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
14:22:59.0742 4820  WinRM - ok
14:22:59.0766 4820  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:22:59.0777 4820  WinUsb - ok
14:22:59.0800 4820  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
14:22:59.0846 4820  Wlansvc - ok
14:22:59.0870 4820  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:22:59.0878 4820  wlcrasvc - ok
14:22:59.0970 4820  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:23:00.0031 4820  wlidsvc - ok
14:23:00.0040 4820  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
14:23:00.0046 4820  WmiAcpi - ok
14:23:00.0063 4820  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:23:00.0087 4820  wmiApSrv - ok
14:23:00.0116 4820  WMPNetworkSvc - ok
14:23:00.0130 4820  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:23:00.0148 4820  WPCSvc - ok
14:23:00.0167 4820  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:23:00.0193 4820  WPDBusEnum - ok
14:23:00.0201 4820  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
14:23:00.0237 4820  ws2ifsl - ok
14:23:00.0252 4820  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
14:23:00.0266 4820  wscsvc - ok
14:23:00.0278 4820  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:23:00.0288 4820  WSDPrintDevice - ok
14:23:00.0318 4820  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan        C:\Windows\system32\DRIVERS\WSDScan.sys
14:23:00.0337 4820  WSDScan - ok
14:23:00.0341 4820  WSearch - ok
14:23:00.0423 4820  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:23:00.0475 4820  wuauserv - ok
14:23:00.0506 4820  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:23:00.0541 4820  WudfPf - ok
14:23:00.0573 4820  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:23:00.0610 4820  WUDFRd - ok
14:23:00.0640 4820  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
14:23:00.0667 4820  wudfsvc - ok
14:23:00.0681 4820  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
14:23:00.0712 4820  WwanSvc - ok
14:23:00.0756 4820  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:23:00.0783 4820  xusb21 - ok
14:23:00.0795 4820  ================ Scan global ===============================
14:23:00.0811 4820  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:23:00.0846 4820  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:23:00.0860 4820  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
14:23:00.0865 4820  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:23:00.0882 4820  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:23:00.0891 4820  [Global] - ok
14:23:00.0891 4820  ================ Scan MBR ==================================
14:23:00.0902 4820  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:23:01.0190 4820  \Device\Harddisk0\DR0 - ok
14:23:01.0195 4820  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk6\DR6
14:23:02.0505 4820  \Device\Harddisk6\DR6 - ok
14:23:02.0506 4820  ================ Scan VBR ==================================
14:23:02.0507 4820  [ 1FBDFAF5600EC3CE049C369C0CC62350 ] \Device\Harddisk0\DR0\Partition1
14:23:02.0510 4820  \Device\Harddisk0\DR0\Partition1 - ok
14:23:02.0526 4820  [ 895275351BFB46153D2FE7B18B6D3F61 ] \Device\Harddisk0\DR0\Partition2
14:23:02.0528 4820  \Device\Harddisk0\DR0\Partition2 - ok
14:23:02.0551 4820  [ D708CDA5B8E7825FE4E989FB078636FE ] \Device\Harddisk0\DR0\Partition3
14:23:02.0553 4820  \Device\Harddisk0\DR0\Partition3 - ok
14:23:02.0557 4820  [ 60D7EFC648A7D38560F1447C3F76F87E ] \Device\Harddisk6\DR6\Partition1
14:23:02.0558 4820  \Device\Harddisk6\DR6\Partition1 - ok
14:23:02.0560 4820  ============================================================
14:23:02.0560 4820  Scan finished
14:23:02.0560 4820  ============================================================
14:23:02.0568 3676  Detected object count: 4
14:23:02.0568 3676  Actual detected object count: 4
14:23:17.0971 3676  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:17.0971 3676  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:23:17.0971 3676  HWSuperPowerTablet ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:17.0971 3676  HWSuperPowerTablet ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:23:17.0974 3676  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:17.0974 3676  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:23:17.0975 3676  mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:17.0975 3676  mi-raysat_3dsmax2013_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:24:46.0128 3204  Deinitialize success
hat dann doch soweit funktioniert danke ;-) ... bin schon gespannt wie es weiter geht :-)

markusg 25.01.2013 14:38
hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Mk91 25.01.2013 15:14
Code:
ComboFix 13-01-24.02 - Manuel 25.01.2013  15:04:16.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6126.4160 [GMT 1:00]
ausgeführt von:: c:\users\Manuel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Manuel\~app.tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-25 bis 2013-01-25  ))))))))))))))))))))))))))))))
.
.
2013-01-25 14:09 . 2013-01-25 14:09        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-01-25 14:09 . 2013-01-25 14:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-25 13:49 . 2013-01-25 13:49        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{82AACAF2-271D-4F0A-95D7-03160217CFFF}\offreg.dll
2013-01-25 13:12 . 2013-01-08 05:32        9161176        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{82AACAF2-271D-4F0A-95D7-03160217CFFF}\mpengine.dll
2013-01-24 20:11 . 2013-01-24 20:11        --------        d-----w-        C:\found.000
2013-01-24 20:04 . 2013-01-24 20:04        --------        d-----w-        C:\_OTL
2013-01-10 13:16 . 2012-11-30 05:45        362496        ----a-w-        c:\windows\system32\wow64win.dll
2013-01-06 15:44 . 2013-01-06 15:44        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2012-12-29 01:54 . 2012-12-29 01:54        550328        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 22:22 . 2011-11-05 16:22        67599240        ----a-w-        c:\windows\system32\MRT.exe
2013-01-09 12:31 . 2012-04-03 09:29        697864        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 12:31 . 2011-11-05 17:04        74248        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-29 10:34 . 2012-10-10 20:23        2824656        ----a-w-        c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-10 20:23        1107592        ----a-w-        c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2012-10-10 20:23        15052368        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2012-10-10 20:23        12641120        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2012-10-10 20:22        2504248        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-10 20:22        15129064        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-12-29 10:34 . 2012-09-28 06:31        1813432        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-09-28 06:31        1504696        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2012-12-29 08:40 . 2011-03-23 22:53        6382008        ----a-w-        c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2011-03-23 22:52        3455416        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-09-28 06:32        2923201        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2011-03-23 22:53        884152        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2011-03-23 22:53        63928        ----a-w-        c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2011-03-23 22:53        2558392        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2011-03-23 22:53        118712        ----a-w-        c:\windows\system32\nvmctray.dll
2012-12-18 22:06 . 2012-12-18 22:06        289768        ----a-w-        c:\windows\system32\javaws.exe
2012-12-18 22:06 . 2012-12-18 22:06        189416        ----a-w-        c:\windows\system32\javaw.exe
2012-12-18 22:06 . 2012-12-18 22:06        188904        ----a-w-        c:\windows\system32\java.exe
2012-12-18 22:06 . 2012-12-18 22:06        108008        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-18 22:06 . 2012-04-27 16:02        916456        ----a-w-        c:\windows\system32\deployJava1.dll
2012-12-18 22:06 . 2012-04-27 16:02        1034216        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-12-16 17:11 . 2012-12-21 22:16        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:16        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:16        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:16        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-13 13:44 . 2012-12-13 13:44        11336        ----a-w-        c:\windows\SysWow64\vpncategories.dll
2012-12-13 13:44 . 2012-12-13 13:44        34376        ----a-w-        c:\windows\SysWow64\vpnevents.dll
2012-12-13 13:26 . 2011-09-09 15:59        112080        ----a-r-        c:\windows\system32\drivers\acsock64.sys
2012-11-30 04:45 . 2013-01-10 13:16        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 22:19        17811968        ----a-w-        c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 22:19        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 22:19        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 22:19        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 22:19        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 22:19        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 22:19        237056        ----a-w-        c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 22:19        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 22:19        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 22:19        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 22:19        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 22:19        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 22:19        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 22:19        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 22:19        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 22:19        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 22:19        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 22:19        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 22:19        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 22:19        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 22:19        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 22:19        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 19:09        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 19:09        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 19:08        478208        ----a-w-        c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 19:08        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll
2012-11-01 10:02 . 2011-12-23 12:12        419840        ----a-w-        c:\windows\system32\wrap_oal.dll
2012-11-01 10:02 . 2011-12-23 12:12        413696        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2012-11-01 10:02 . 2011-12-23 12:12        111616        ----a-w-        c:\windows\system32\OpenAL32.dll
2012-11-01 10:02 . 2011-12-23 12:12        102400        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Suite SE"="c:\program files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe" [2009-09-29 2275360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
"Akamai NetSession Interface"="c:\users\Manuel\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"HWTablet KeyPlus"="c:\windows\SysWOW64\HWKeyPlus.exe" [2008-06-03 53248]
"HWTablet Service"="c:\windows\SysWOW64\HWTabTray.exe" [2009-03-05 184320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_17_Premium_Sonderedition\TrayServer.exe" [2008-08-07 90112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-07-23 1632216]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-12-13 702024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Photo Frame.lnk - c:\program files (x86)\Northstar\Photo Frame\Photo Frame.exe [2011-7-26 516688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\jwpen.exe [2008-06-03 66560]
R2 HYRDBios;HYRDBios;c:\windows\system32\DRIVERS\HYRDBios.sys [x]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-09-15 86016]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-12-13 112080]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-26 1432400]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-24 412264]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-01-31 244624]
S2 mitsijm2013;Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager;c:\program files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [2012-01-31 339776]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-02 2673064]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-13 544840]
S3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-12-20 2727936]
S3 Ltn_stk7070P_64;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P_64.sys [2007-10-19 543232]
S3 Ltn_stkrc_64;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc_64.sys [2007-10-19 16256]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-07-02 35112]
S3 VHWDrawing;HanWang Drawing Tablet;c:\windows\system32\DRIVERS\HWDrawing.sys [2007-03-26 8320]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 62758286
*Deregistered* - 62758286
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-24 20:54        1607120        ----a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:31]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 16:17]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-06 16:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: Interfaces\{DDFA9DF7-7226-4B4B-B1B3-F93EDF312F18}: NameServer = 192.168.123.1
FF - ProfilePath - c:\users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\6zvrdmdc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-25  15:10:47
ComboFix-quarantined-files.txt  2013-01-25 14:10
.
Vor Suchlauf: 11 Verzeichnis(se), 338.914.459.648 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 338.757.087.232 Bytes frei
.
- - End Of File - - 6BED520448483E08583C0B1CB215F418
Hat soweit eig gut funktioniert :-)

Wie gehts weiter ??

markusg 25.01.2013 16:51
sieht doch schon mal gut aus.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Mk91 25.01.2013 20:09
Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Manuel :: M-PC2 [Administrator]

Schutz: Aktiviert

25.01.2013 17:42:42
mbam-log-2013-01-25 (17-42-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 706685
Laufzeit: 2 Stunde(n), 10 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Downloads\vdownloader112\vdownloader_setup.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Also das kam raus ...
Es wurde allerdings nur eine Datein gefunden ...
Symptome sind aber schon seit ner weile weg ...

Also mittlerweile geht so ziemlich alles ... aber ich habe so das gefühl das hochfahren dauert länger als vorher ....

markusg 28.01.2013 16:33
Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Mk91 28.01.2013 21:00
Code:
7-Zip 9.23 (x64 edition)        Igor Pavlov        06.11.2011        4,21MB        9.23.01.0                                                        Notwendig
Acrobat.com        Adobe Systems Incorporated        11.03.2011        1,60MB        1.6.65                                                                Notwendig
ActiveX контрола на Windows Live Mesh за отдалечени връзки        Microsoft Corporation        20.11.2011        5,57MB        15.4.5722.2                Unbekannt
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Adobe AIR        Adobe Systems Inc.        26.07.2011                1.5.3.9130                                                                Unbekannt
Adobe Community Help        Adobe Systems Incorporated        26.07.2011                3.2.1.650                                                Unbekannt
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        08.01.2013        6,00MB        11.5.502.146                                        Unbekannt
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        09.01.2013        6,00MB        11.5.502.146                                        Unbekannt
Adobe Photoshop Elements 9        Adobe Systems Incorporated        11.02.2012        2,60GB        9.0.3.0                                                Notwendig
Adobe Premiere Elements 9        Adobe Systems Incorporated        26.07.2011        1,23GB        9.0                                                Unbekannt
Adobe Reader X (10.1.5) - Deutsch        Adobe Systems Incorporated        10.01.2013        122MB        10.1.5                                        Notwendig
Akamai NetSession Interface        Akamai Technologies, Inc        26.11.2012                                                                Unbekannt       
Apple Application Support        Apple Inc.        08.11.2012        65,0MB        2.3                                                                Unbekannt
Apple Software Update        Apple Inc.        10.11.2011        2,38MB        2.1.3.127                                                                Unbekannt
ASUS Xonar DG Audio Driver                01.11.2012                                                                                        Notwendig
Audacity 1.2.6                06.11.2011                                                                                                        Notwendig       
Autodesk 3ds Max 2013 64-bit        Autodesk        01.12.2012                15.0.0.347                                                        Notwendig
Autodesk Backburner 2013.0.0        Autodesk, Inc.        29.11.2012        12,8MB        2013.0.0                                                        Notwendig
Autodesk Design Review 2013        Autodesk, Inc.        26.11.2012                13.0.0.82                                                        Notwendig
Autodesk DirectConnect 2013 64-bit        Autodesk        29.11.2012        1,06GB        7.0.28.0                                                Notwendig
Autodesk Download Manager        Autodesk, Inc.        26.11.2012        15,0MB        2.0.2.0                                                                Notwendig
Autodesk Essential Skills Movies for 3ds Max 2013 64-bit        Autodesk        01.12.2012        337MB        1.0.0.1                                Notwendig
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit        Autodesk        01.12.2012                                                        Notwendig       
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit        Autodesk        29.11.2012                                                                Notwendig       
Autodesk Inventor Content Center Libraries 2013 (Desktop Content)        Autodesk        26.11.2012        1,31MB        17.0.13800.0000                Notwendig
Autodesk Inventor Fusion 2013        Autodesk, Inc.        26.11.2012        585MB        2.0.0.206                                                        Notwendig
Autodesk Inventor Fusion for Inventor 2013 Add-in        Autodesk        26.11.2012        12,9MB        1.0.0.111                                Notwendig
Autodesk Inventor Professional 2013 Deutsch (German)        Autodesk        26.11.2012        3,48GB        17.0.13800.0000                                Notwendig
Autodesk Inventor Server Engine for 3ds Max 2013 64-bit        Autodesk        01.12.2012        332MB        15.0                                        Notwendig
Autodesk MatchMover 2013 64-bit        Autodesk        29.11.2012        361MB        14.00.0000                                                        Notwendig
Autodesk Material Library 2013        Autodesk        26.11.2012        94,9MB        3.0.13                                                                Notwendig
Autodesk Material Library Base Resolution Image Library 2013        Autodesk        26.11.2012        71,4MB        3.0.13                                Notwendig
Autodesk Material Library Low Resolution Image Library 2013        Autodesk        26.11.2012        245MB        3.0.13                                Notwendig
Autodesk Material Library Medium Resolution Image Library 2013        Autodesk        01.12.2012        739MB        3.0.13                                Notwendig
Autodesk Maya 2013 64-bit        Autodesk        29.11.2012                15.0.0.0                                                        Notwendig
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit        Autodesk        01.12.2012        589MB        1.0.0.1                Notwendig
Autodesk Sync        Autodesk, Inc.        26.11.2012        45,3MB        3.5.24.0                                                                        Notwendig
Autodesk Vault Basic 2013 (Client)        Autodesk        26.11.2012                17.0.61.0                                                Notwendig                                               
Avira Free Antivirus        Avira        14.11.2012        104MB        12.1.9.1236                                                                        Notwendig
Bridge Building Game                16.02.2012                                                                                                Unnötig               
Canon MP640 series Benutzerregistrierung                16.05.2012                                                                        Notwendig               
Canon MP640 series MP Drivers                16.05.2012                                                                                        Notwendig               
Canon Utilities My Printer                16.05.2012                                                                                        Notwendig               
CCleaner        Piriform        23.01.2013                3.27                                                                                -------------------
CD-LabelPrint                16.05.2012                                                                                                        Notwendig               
Cisco AnyConnect Secure Mobility Client        Cisco Systems, Inc.        09.01.2013                3.1.02026                                        Notwendig
Composite 2013 64-bit        Autodesk        29.11.2012        621MB        8.0.0                                                                        Notwendig
Control ActiveX de Windows Live Mesh para conexiones remotas        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Control ActiveX del Windows Live Mesh per a connexions remotes        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Control ActiveX Windows Live Mesh pentru conexiuni la distanță        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Controle ActiveX do Windows Live Mesh para Conexões Remotas        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Controlo ActiveX do Windows Live Mesh para Ligações Remotas        Microsoft Corporation        20.11.2011        5,57MB        15.4.5722.2                Unbekannt
Contrôle ActiveX Windows Live Mesh pour connexions à distance        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
CyberLink MediaEspresso        CyberLink Corp.        26.07.2011        164MB        6.5.1615_36053b                                                                Notwendig
DWG TrueView 2013        Autodesk        26.11.2012                19.0.55.0                                                                Notwendig
Eco Materials Adviser for Autodesk Inventor 2013        Granta Design Limited        26.11.2012        50,0MB        3.9.12.0                        Notwendig
Emergency 2012 Deluxe        Quadriga Games GmbH        20.12.2011                                                                                Unnötig       
Emergency4                25.11.2011                1.03.001                                                                                Unnötig
EVEREST Home Edition v2.20        Lavalys Inc        21.10.2012                2.20                                                                Notwendig
FIFA 13        Electronic Arts        26.09.2012        5,26GB        1.0.0.0                                                                                        Notwendig
Firebird SQL Server - MAGIX Edition        MAGIX AG        09.11.2011        10,1MB        2.1.27.0                                                Notwendig
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                                Unbekannt
Franzis 3D-Eisenbahnplaner 11        Franzis        04.01.2012                                                                                        Notwendig       
FreeCommander 2009.02b        Marek Jasinski        23.06.2012                2009.02                                                                        Notwendig
GIMP 2.8.0        The GIMP Team        10.05.2012        241MB        2.8.0                                                                                Notwendig
Google Chrome        Google Inc.        06.11.2011                24.0.1312.56                                                                        Notwendig
Google Earth        Google        06.11.2011        92,7MB        6.1.0.5001                                                                                Notwendig
Hotkey Utility        Packard Bell        26.07.2011                2.05.3014                                                                        Unbekannt
Identity Card        Packard Bell        26.07.2011                1.00.3006                                                                        Unbekannt
Intel(R) Management Engine Components        Intel Corporation        26.07.2011                7.0.0.1144                                        Unbekannt
Intel(R) Rapid Storage Technology        Intel Corporation        26.07.2011                10.1.0.1008                                        Unbekannt
Internet-TV für Windows Media Center        Microsoft Corporation        06.11.2011        13,6MB        4.2.2.0                                                Notwendig
IrfanView (remove only)        Irfan Skiljan        06.11.2011        1,50MB        4.30                                                                        Notwendig
Java 7 Update 9 (64-bit)        Oracle        18.12.2012        127MB        7.0.90                                                                        Notwendig
Java SE Development Kit 7 Update 4 (64-bit)        Oracle        27.04.2012        143MB        1.7.0.40                                                Notwendig
Java SE Development Kit 7 Update 9 (64-bit)        Oracle        18.12.2012        188MB        1.7.0.90                                                Notwendig
Java(TM) 6 Update 37        Oracle        05.09.2012        95,7MB        6.0.370                                                                                Notwendig
JavaFX 2.1.0 (64-bit)        Oracle Corporation        27.04.2012        23,7MB        2.1.0                                                                Notwendig
JavaFX 2.1.0 SDK (64-bit)        Oracle Corporation        27.04.2012        79,6MB        2.1.0                                                        Notwendig
Kontrola Windows Live Mesh ActiveX za daljinske veze        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                        Unbekannt
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Landwirtschafts Simulator 2013        GIANTS Software        03.11.2012        282MB        1.0                                                                Notwendig
Logitech Webcam-Software        Logitech Inc.        05.11.2011                2.30                                                                Notwendig
MAGIX Screenshare        MAGIX AG        12.11.2011        1,42MB        4.3.6.1987                                                                Notwendig
MAGIX Speed burnR (MSI)        MAGIX AG        12.11.2011        51,1MB        7.0.2.6                                                                        Notwendig
MAGIX Video deluxe 17 Premium Sonderedition        MAGIX AG        12.11.2011                10.0.12.2                                        Notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        25.01.2013        18,4MB        1.70.0.1100                        ------------------
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        24.07.2012        38,8MB        4.0.30320                                Unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        24.07.2012        2,93MB        4.0.30320                Unbekannt
Microsoft .NET Framework 4 Extended        Microsoft Corporation        26.11.2012        51,9MB        4.0.30319                                        Unbekannt
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        26.11.2012        10,6MB        4.0.30319                        Unbekannt
Microsoft Image Composite Editor        Microsoft Corporation        30.11.2012        5,16MB        1.4.4                                                Unbekannt
Microsoft IntelliPoint 8.2        Microsoft Corporation        16.05.2012                8.20.468.0                                                Unbekannt
Microsoft Office Home and Student 2010        Microsoft Corporation        05.11.2011                14.0.6029.1000                                        Unbekannt
Microsoft Silverlight        Microsoft Corporation        11.05.2012        80,3MB        4.1.10329.0                                                        Unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        26.07.2011        1,69MB        3.1.0000                                Unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        24.01.2012        250KB        8.0.50727.4053        Notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        05.11.2011        300KB        8.0.59193                                Notwendig
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        26.11.2012        620KB        8.0.61000                                Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        11.03.2011        784KB        9.0.30729.4148                Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        05.11.2011        788KB        9.0.30729.6161                Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        10.12.2011        234KB        9.0.30729                Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        11.03.2011        240KB        9.0.30729                Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        11.03.2011        596KB        9.0.30729.4148                Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        05.11.2011        600KB        9.0.30729.6161                Notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        28.09.2012        13,8MB        10.0.40219                Notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        05.11.2011        16,5MB        10.0.40219                Notwendig
Microsoft WSE 3.0 Runtime        Microsoft Corp.        26.11.2012        942KB        3.0.5305.0                                                        Unbekannt
Mozilla Firefox 19.0 (x86 de)        Mozilla        26.01.2013        44,3MB        19.0                                                                        Notwendig
Mozilla Maintenance Service        Mozilla        11.01.2013        330KB        19.0                                                                        Unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        05.11.2011        1,27MB        4.20.9870.0                                                Unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        05.11.2011        1,33MB        4.20.9876.0                                                Unbekannt
MyFreeCodec                24.04.2012                                                                                                        Unbekannt               
Nero DiscSpeed 10        Nero AG        11.03.2011        7,21MB        6.2.10500.2.100                                                                        Notwendig
Nero Express 10        Nero AG        11.03.2011        165MB        10.2.12000.21.100                                                                        Notwendig
Nero Multimedia Suite 10 Essentials        Nero AG        11.03.2011        372MB        10.5.10300                                                        Notwendig
Nero StartSmart 10        Nero AG        11.03.2011        143MB        10.2.11600.14.100                                                                Notwendig
Nero Update        Nero AG        11.03.2011        1,43MB        1.0.0018                                                                                Notwendig
NewBlue Light Rays for Magix        NewBlue        12.11.2011                1.4                                                                        Notwendig
NewBlue Lightning for Magix        NewBlue        12.11.2011                1.4                                                                        Notwendig
NewBlueFX Premium Effects        NewBlue        12.11.2011                1.4                                                                        Notwendig
NVIDIA 3D Vision Controller-Treiber 310.90        NVIDIA Corporation        06.01.2013                310.90                                        Notwendig
NVIDIA 3D Vision Treiber 310.90        NVIDIA Corporation        06.01.2013                310.90                                                        Notwendig
NVIDIA Grafiktreiber 310.90        NVIDIA Corporation        06.01.2013                310.90                                                        Notwendig
NVIDIA HD-Audiotreiber 1.3.18.0        NVIDIA Corporation        06.01.2013                1.3.18.0                                                Notwendig
NVIDIA PhysX-Systemsoftware 9.12.1031        NVIDIA Corporation        06.01.2013                9.12.1031                                        Notwendig
NVIDIA Update 1.11.3        NVIDIA Corporation        06.01.2013                1.11.3                                                                Notwendig
OpenAL                01.11.2012                                                                                                                Unbekannt       
Origin        Electronic Arts, Inc.        26.09.2012                9.0.10.69                                                                        Notwendig
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení        Microsoft Corporation        20.11.2011        5,57MB        15.4.5722.2                        Unbekannt
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                        Unbekannt
Packard Bell Games        WildTangent        11.03.2011                1.0.2.4                                                                        Unbekannt
Packard Bell Recovery Management        Packard Bell        11.03.2011                5.00.3002                                                Unbekannt
Packard Bell Registration        Packard Bell        26.07.2011                1.03.3003                                                        Unbekannt
Packard Bell ScreenSaver        Packard Bell        26.07.2011                1.1.0225.2011                                                        Unbekannt
Packard Bell Software Suite SE        Packard Bell        26.07.2011                2.01.3003                                                        Unbekannt
Packard Bell Updater        Packard Bell        11.03.2011                1.02.3005                                                                Unbekannt
PCTV Package - Windows Media Center        PCTV Systems        05.11.2011        16,1MB        4.1.0.148                                                Notwendig
Photo Frame        Northstar Systems Corp.        26.07.2011        17,8MB        5.0.0.10                                                                Notwendig
PlayReady PC Runtime amd64        Microsoft Corporation        05.11.2011        2,05MB        1.3.0                                                        Notwendig
Pro/ENGINEER Release Wildfire 5.0 Datecode M060        PTC        09.11.2012                Wildfire 5.0                                                Notwendig
Pro/ENGINEER Thumbnail Viewer 1.0        PTC        09.11.2012        15,6MB        28.10.280                                                        Notwendig
proDAD Adorage 3.0        proDAD GmbH        12.11.2011                3.0.61                                                                        Notwendig
proDAD Heroglyph 2.5        proDAD GmbH        12.11.2011                2.6.32                                                                        Notwendig
proDAD Mercalli 2.0        proDAD GmbH        12.11.2011                2.0.61                                                                        Notwendig
ProductView Express 9.1        PTC        31.01.2012        269MB        9.1.50.19                                                                        Notwendig
QuickTime        Apple Inc.        08.11.2012        73,1MB        7.73.80.64                                                                        Notwendig
Realtek Ethernet Controller Driver        Realtek        11.03.2011                7.36.1224.2010                                                        Notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        26.07.2011                6.0.1.6257                                Notwendig
Samsung Kies        Samsung Electronics Co., Ltd.        24.04.2012        207MB        2.3.0.12035_16                                                        Notwendig
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        06.11.2012        42,9MB        1.5.15.0                                Notwendig
Schnell-Deinstallations-Tool für Autodesk Inventor 2013        Autodesk        26.11.2012        1,78MB        17.0.13800.0000                                Notwendig
SDFormatter        SD Association        03.10.2012        3,57MB        3.1.0                                                                                Notwendig
Skype™ 5.10        Skype Technologies S.A.        20.09.2012        19,4MB        5.10.116                                                                Notwendig
Tabellenbuch Metall 7.0        Verlag Europa-Lehrmittel        22.11.2011                7.0                                                        Notwendig
Tablet Driver        Hanwang technolgy        06.11.2011                2.05.0000                                                                Notwendig
TeamViewer 7        TeamViewer        07.07.2012                7.0.13852                                                                        Notwendig
Urruneko konexioetarako Windows Live Mesh ActiveX kontrola        Microsoft Corporation        20.11.2011        5,57MB        15.4.5722.2                Unbekannt
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Vasco da Gama 4 HDPro        MotionStudios        12.11.2011        891MB        4.00.0000                                                                Notwendig
VLC media player 1.1.11        VideoLAN        06.11.2011                1.1.11                                                                        Notwendig
Welcome Center        Packard Bell        26.07.2011                1.02.3102                                                                        Unbekannt
Windows Live Essentials        Microsoft Corporation        03.05.2012                15.4.3555.0308                                                        Unbekannt
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2        Unbekannt
Windows Live Mesh ActiveX Control for Remote Connections        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Windows Live Mesh ActiveX control for remote connections        Microsoft Corporation        20.11.2011        5,57MB        15.4.5722.2                Unbekannt
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                Unbekannt
Windows Live Mesh ActiveX-objekt til fjernforbindelser        Microsoft Corporation        20.11.2011        5,57MB        15.4.5722.2                        Unbekannt
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz        Microsoft Corporation        20.11.2011        5,38MB        15.4.5722.2                        Unbekannt
Windows Live Meshin etäyhteyksien ActiveX-komponentti        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                        Unbekannt
XnView 1.98.2        Gougelet Pierre-e        06.11.2011        36,7MB        1.98.2                                                                        Notwendig
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις        Microsoft Corporation        20.11.2011        5,57MB        15.4.5722.2                Unbekannt
Элемент управления Windows Live Mesh ActiveX для удаленных подключений        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                        Unbekannt
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                                                Unbekannt
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة        Microsoft Corporation        20.11.2011        5,57MB        15.4.5722.2                                                Unbekannt
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                                                Unbekannt
適用遠端連線的 Windows Live Mesh ActiveX 控制項        Microsoft Corporation        20.11.2011        5,37MB        15.4.5722.2                                                        Unbekannt

markusg 29.01.2013 15:18
deinstaliere:
ActiveX beide
Adobe Premiere
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Bridge
Control : alle
Controle
Controlo
Emergency : beide
Formant
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Kontrola
Kontrolnik
Ovládací
TeamViewer : solche software würd ich nur bei bedarfinstalieren, wenn sie aber unbedingt drauf bleiben muss, hol dir version 8
Uzak
Windows Live : alle für dich unnötigen

öffne ccleaner, analysieren, starten, pc neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Mk91 29.01.2013 16:22
Code:
# AdwCleaner v2.109 - Datei am 29/01/2013 um 16:20:12 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Manuel - M-PC2
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Manuel\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\6zvrdmdc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.56

Datei : C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1344 octets] - [29/01/2013 16:20:12]

########## EOF - C:\AdwCleaner[R1].txt - [1404 octets] ##########

markusg 29.01.2013 16:28
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten bitte, testen, wie PC + programme wie Browser laufen.

Mk91 29.01.2013 16:34
Code:
# AdwCleaner v2.109 - Datei am 29/01/2013 um 16:28:32 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Manuel - M-PC2
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Manuel\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\6zvrdmdc.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.56

Datei : C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1471 octets] - [29/01/2013 16:20:12]
AdwCleaner[S1].txt - [1406 octets] - [29/01/2013 16:28:32]

########## EOF - C:\AdwCleaner[S1].txt - [1466 octets] ##########

markusg 29.01.2013 16:35
letzten Test bitte ausführen

Mk91 29.01.2013 16:36
Programme laufen ok ähnlich, wie vor dem befall ;-)

markusg 29.01.2013 16:40
hi
was heißt ok, gibts probleme oder nicht? wenn ja welche

Mk91 29.01.2013 16:42
Beim hochfahren wird eine Meldung angezeigt:
Code:
C:\Users\Manuel\AppData\Local\Temp\zlrkqt wurde nicht gefunden.
Das hochfahren dauert etwas länger als vorher....

Mit den Programmen gibt es sonst keine wieteren Probleme ... ;-)

Browser laufen schneller und flüssiger als vorher ...

markusg 29.01.2013 19:01
öffne bitte CCleaner, extras, autostart liste, und posten die.
öffne malwarebytes, gucke ob der Hintergrundwächter aktiv ist, deaktiviere ihn.

Mk91 29.01.2013 19:02
Code:
Ja        HKCU:Run        Akamai NetSession Interface        Akamai Technologies, Inc.        "C:\Users\Manuel\AppData\Local\Akamai\netsession_win.exe"
Ja        HKCU:Run        KiesAirMessage        Samsung Electronics        C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Ja        HKCU:Run        KiesPDLR        Samsung        C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Ja        HKCU:Run        KiesPreload        Samsung        C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
Ja        HKCU:Run        Software Suite SE        Acer Incorporated        "C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe" /run
Ja        HKLM:Run        Adobe ARM        Adobe Systems Incorporated        "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja        HKLM:Run        AdobeAAMUpdater-1.0        Adobe Systems Incorporated        "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Ja        HKLM:Run        ADSK DLMSession        Autodesk, Inc.        C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
Ja        HKLM:Run        APSDaemon        Apple Inc.        "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja        HKLM:Run        Autodesk Sync        Autodesk, Inc.        C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
Ja        HKLM:Run        avgnt        Avira Operations GmbH & Co. KG        "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Ja        HKLM:Run        CanonMyPrinter        CANON INC.        C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
Ja        HKLM:Run        Cisco AnyConnect Secure Mobility Agent for Windows        Cisco Systems, Inc.        "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
Ja        HKLM:Run        Cmaudio8788        Microsoft Corporation        C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
Ja        HKLM:Run        Cmaudio8788GX                C:\Windows\syswow64\HsMgr.exe Envoke
Ja        HKLM:Run        Cmaudio8788GX64                C:\Windows\system\HsMgr64.exe Envoke
Ja        HKLM:Run        Hotkey Utility        Acer Incorporated        C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
Ja        HKLM:Run        HWTablet KeyPlus                C:\Windows\SysWOW64\HWKeyPlus.exe
Ja        HKLM:Run        HWTablet Service                C:\Windows\SysWOW64\HWTabTray.exe
Ja        HKLM:Run        IAStorIcon        Intel Corporation        C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Ja        HKLM:Run        IntelliPoint        Microsoft Corporation        "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
Ja        HKLM:Run        KiesTrayAgent        Samsung Electronics Co., Ltd.        C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
Ja        HKLM:Run        LWS        Logitech Inc.        C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
Ja        HKLM:Run        QuickTime Task        Apple Inc.        "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Ja        HKLM:Run        RtHDVCpl        Realtek Semiconductor        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Ja        HKLM:Run        TrayServer        MAGIX AG        C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Sonderedition\TrayServer.exe
Ja        Startup Common        Photo Frame.lnk        North Star com.        C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
was genau ist der hintergrundwächter ??
soll ich malwarebytes komplett deaktivieren ??

markusg 31.01.2013 15:11
alle haken raus außer:
avgnt
Hotkey Utility
LWS Logitech
Startup alle haken
malwarebytes deaktivieren.
starte neu, teste wie das system läuft, sollte was wichtiges fehlen, haken wirs wieder an.

Mk91 31.01.2013 16:12
Funktioniert alles bestens ...

markusg 31.01.2013 17:49
was ist hiermit:
C:\Users\Manuel\AppData\Local\Temp\zlrkqt wurde nicht gefunden.

noch Probleme beim hochfahren?

Mk91 31.01.2013 19:56
Achso ja das hatte ich ganz vergessen .... das kommt immer noch .... stört zwar sehr, hat andererseits aber keine auswirkungen die ich bis jetzt feststellen konnte

markusg 31.01.2013 20:00
poste mir noch mal ein neues otl log bitte.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Mk91 31.01.2013 20:20
Code:
OTL logfile created on: 31.01.2013 20:05:18 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Manuel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 69,85% Memory free
11,96 Gb Paging File | 9,82 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,21 Gb Total Space | 327,30 Gb Free Space | 71,59% Space Free | Partition Type: NTFS
Drive D: | 457,21 Gb Total Space | 331,61 Gb Free Space | 72,53% Space Free | Partition Type: NTFS
 
Computer Name: M-PC2 | User Name: Manuel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.26 16:06:56 | 003,494,992 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013.01.24 19:24:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.13 14:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.10.11 01:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.08.08 12:27:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.02 11:33:28 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.08 17:35:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:35:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.09.15 05:19:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
PRC - [2011.02.01 06:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 06:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2011.01.19 02:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.11.06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.06.03 16:18:08 | 000,066,560 | ---- | M] () -- C:\Windows\jwpen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.26 16:06:57 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2011.08.12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2011.01.19 02:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
MOD - [2011.01.19 02:08:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyHook.dll
MOD - [2009.04.03 11:39:30 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.29 15:55:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.26 14:08:25 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.13 14:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.11.26 19:06:13 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.02 11:33:28 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.05.08 17:35:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 17:35:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 02:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013)
SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.15 05:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.01 06:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 06:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.31 22:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.11.06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.05.04 21:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.06.03 16:18:08 | 000,066,560 | ---- | M] () [Auto | Running] -- C:\Windows\jwpen.exe -- (HWSuperPowerTablet)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.13 14:26:36 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.03 20:38:55 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.07.02 11:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012.05.08 17:35:57 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:35:57 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.20 07:59:12 | 002,727,936 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.24 08:32:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.10.19 10:37:56 | 000,543,232 | ---- | M] (LITEON) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ltn_stk7070P_64.sys -- (Ltn_stk7070P_64)
DRV:64bit: - [2007.10.19 10:37:56 | 000,016,256 | ---- | M] (LITEON) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ltn_stkrc_64.sys -- (Ltn_stkrc_64)
DRV:64bit: - [2007.03.26 11:17:00 | 000,008,320 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HWDrawing.sys -- (VHWDrawing)
DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VLCVideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.26 14:08:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.05 16:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions
[2012.09.12 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\6zvrdmdc.default\extensions
[2012.09.12 22:01:38 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\firefox\profiles\6zvrdmdc.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.01.29 16:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.18 18:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.26 14:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.01.26 14:08:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.27 21:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.27 21:31:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.27 21:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.27 21:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.27 21:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.27 21:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLCVideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2013.01.25 15:09:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDFA9DF7-7226-4B4B-B1B3-F93EDF312F18}: NameServer = 192.168.123.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {0AB324FA-DF78-6EFA-4598-91C1D14D0C44} - Themes Setup
ActiveX:64bit: {143D5D37-881A-AF39-0679-1C54239533A1} - Microsoft Windows Media Player
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {370C3286-5717-3F99-D4C7-920316FC9D89} - Themes Setup
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3F24D6E7-F128-36E6-06CD-331F1CCE1D53} - Internet Explorer
ActiveX:64bit: {400D3158-9F53-5179-8E4E-11B750D7661A} - Internet Explorer
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {8D115047-4358-16B9-443D-94C55A9EEDB2} - Themes Setup
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F04A7E29-C694-639F-6283-C6536C1EF220} - Browser Customizations
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ADSK DLMSession - hkey= - key= - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\Manuel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Autodesk Sync - hkey= - key= - C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: Cmaudio8788 - hkey= - key= - C:\Windows\syswow64\RunDll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Cmaudio8788GX - hkey= - key= - C:\Windows\syswow64\HsMgr.exe ()
MsConfig:64bit - StartUpReg: Cmaudio8788GX64 - hkey= - key= - C:\Windows\system\HsMgr64.exe ()
MsConfig:64bit - StartUpReg: HWTablet KeyPlus - hkey= - key= - C:\Windows\SysWOW64\HWKeyPlus.exe ()
MsConfig:64bit - StartUpReg: HWTablet Service - hkey= - key= - C:\Windows\SysWOW64\HWTabTray.exe ()
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Software Suite SE - hkey= - key= - C:\Program Files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe (Acer Incorporated)
MsConfig:64bit - StartUpReg: TrayServer - hkey= - key= - C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Sonderedition\TrayServer.exe (MAGIX AG)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.30 13:09:05 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{726328F0-A5AE-45F6-A0AE-5D102B43FCFE}
[2013.01.29 18:45:12 | 000,000,000 | ---D | C] -- C:\Users\Manuel\.gradle
[2013.01.29 18:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\hsqldb
[2013.01.29 15:07:18 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{22BEBC7B-14F3-4FE0-B9F3-7B14B3D1A70F}
[2013.01.28 20:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.01.28 20:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.01.28 20:21:11 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{B67C5EF6-E2DE-4250-95B0-B4CCB20A239D}
[2013.01.27 13:53:28 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{56E4AF5E-F2D5-4C47-A192-87FFE2A257D6}
[2013.01.26 12:07:53 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{4D19AC0E-A57C-419D-BA41-3CEF70022CD0}
[2013.01.25 17:41:36 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Malwarebytes
[2013.01.25 17:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.25 17:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.25 17:41:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.25 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.25 17:41:10 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\Programs
[2013.01.25 15:14:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.25 15:10:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.25 15:03:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.25 15:03:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.25 15:03:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.25 15:03:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.25 15:03:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.25 15:00:59 | 005,026,656 | R--- | C] (Swearware) -- C:\Users\Manuel\Desktop\ComboFix.exe
[2013.01.25 14:21:39 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2013.01.25 14:17:56 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{4261CCE1-8436-45E4-9978-5EB78732FE1A}
[2013.01.24 21:11:22 | 000,000,000 | ---D | C] -- C:\found.000
[2013.01.24 21:04:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.24 19:42:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2013.01.24 14:33:47 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{636BD44D-8DEB-4A0C-B9A0-BBC77DF03BE2}
[2013.01.23 12:34:24 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{6C507BA3-7D42-4467-9784-16410627D227}
[2013.01.22 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{2C5AAD76-6AB4-4D3C-91AF-623656C726F7}
[2013.01.21 18:52:40 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{D89AA588-5297-423E-97D6-338BC90CAAB0}
[2013.01.20 15:04:30 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{267BB2F6-6879-4EEE-8EDC-E65CDC148855}
[2013.01.19 23:28:36 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{7ED4A46D-8178-414C-A337-2BC897DDDFBF}
[2013.01.19 15:21:47 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{81C893D2-44EF-4404-8E06-8183F401A467}
[2013.01.18 22:29:15 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{9D6B6910-C2D9-49B9-94C2-0AB71CD44BDE}
[2013.01.18 18:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 12:34:03 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{64E51A94-3D2B-4BB3-8EDA-2BD0865482B7}
[2013.01.17 15:24:36 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{88318385-008A-44FF-A261-9E1C8DBB2B3D}
[2013.01.16 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{3C43DF0A-AAF8-46C4-B465-436B39E117B2}
[2013.01.16 18:15:05 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{4252B951-033B-4010-8A12-78E8AE11A1AE}
[2013.01.15 21:01:57 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{06A352C3-7011-4D40-8712-0A8ADDB6A396}
[2013.01.14 18:59:01 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{2DCC7127-7B87-40E3-B66B-4613429F76BF}
[2013.01.13 14:42:18 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{50DC0841-C5BF-46BF-9B3E-F30C3A63E1F6}
[2013.01.12 15:22:01 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{7C6B8B93-7D62-471D-BA11-8799E4E7FE57}
[2013.01.11 17:46:03 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{2BC61DE6-0BBF-4B65-A1D3-9C954C4CA535}
[2013.01.10 16:11:41 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{FE843118-63B5-4347-8141-33147D16C7A9}
[2013.01.09 17:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013.01.09 14:54:59 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{B9A9FBF9-3FF9-4C8A-AC95-6F4679B81D74}
[2013.01.08 22:18:22 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{CE337FD7-B5E2-4167-AB16-A6FDB96F0D4A}
[2013.01.07 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{6B83C634-265C-4326-97A3-F7FF280DBDF1}
[2013.01.06 16:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.01.06 13:09:54 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{B0C3021C-51B5-4D4D-A5A5-26F4A07FD593}
[2013.01.05 17:04:13 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{F956E350-687F-4F28-8F0E-FCDD5743E822}
[2013.01.04 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{F396AF30-B5B9-48BA-8425-4E56E31AD0BC}
[2013.01.03 09:36:20 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{63D832BB-A18B-4E37-A13C-2E05814F4580}
[2013.01.01 23:11:40 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\{25D3BAE8-004C-4F0F-89EF-8E8953BBDD57}
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.31 19:54:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.31 19:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.31 16:54:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.31 16:11:47 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 16:11:47 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.31 16:04:13 | 000,003,116 | ---- | M] () -- C:\Windows\HWTablet.bin
[2013.01.31 16:04:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.01.31 16:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 16:03:59 | 523,104,255 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.31 15:03:51 | 001,591,518 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.31 15:03:51 | 000,697,336 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.31 15:03:51 | 000,652,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.31 15:03:51 | 000,148,632 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.31 15:03:51 | 000,121,586 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.31 15:03:45 | 001,591,518 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.29 18:28:28 | 007,304,644 | ---- | M] () -- C:\Users\Manuel\Desktop\android.pdf
[2013.01.29 18:28:02 | 005,959,000 | ---- | M] () -- C:\Users\Manuel\Desktop\android.zip
[2013.01.29 16:19:53 | 000,580,235 | ---- | M] () -- C:\Users\Manuel\Desktop\adwcleaner.exe
[2013.01.29 15:58:09 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.28 20:56:32 | 000,006,325 | ---- | M] () -- C:\Users\Manuel\Desktop\install.zip
[2013.01.28 20:28:06 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.27 12:00:41 | 000,286,553 | ---- | M] () -- C:\Users\Manuel\Desktop\778635_418191798256909_268783800_o.jpg
[2013.01.26 12:48:25 | 000,001,997 | ---- | M] () -- C:\Users\Manuel\Desktop\Pro ENGINEER.lnk
[2013.01.26 12:46:21 | 000,000,205 | ---- | M] () -- C:\Users\Manuel\Documents\std.out
[2013.01.25 18:45:59 | 000,002,535 | ---- | M] () -- C:\Users\Manuel\Desktop\Skype.lnk
[2013.01.25 17:41:29 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.25 15:09:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.25 15:02:50 | 005,026,656 | R--- | M] (Swearware) -- C:\Users\Manuel\Desktop\ComboFix.exe
[2013.01.25 14:23:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manuel\Desktop\tdsskiller.exe
[2013.01.24 19:35:59 | 000,533,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.24 19:24:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe
[2013.01.09 15:02:19 | 000,002,853 | ---- | M] () -- C:\Users\Manuel\AppData\Local\recently-used.xbel
[2013.01.05 12:26:03 | 000,000,847 | ---- | M] () -- C:\Users\Manuel\Desktop\TX-NR414 - Verknüpfung.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.29 18:28:01 | 005,959,000 | ---- | C] () -- C:\Users\Manuel\Desktop\android.zip
[2013.01.29 16:19:49 | 000,580,235 | ---- | C] () -- C:\Users\Manuel\Desktop\adwcleaner.exe
[2013.01.29 15:58:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.29 15:58:09 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.29 15:55:35 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.28 20:56:32 | 000,006,325 | ---- | C] () -- C:\Users\Manuel\Desktop\install.zip
[2013.01.28 20:28:06 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.01.27 12:00:39 | 000,286,553 | ---- | C] () -- C:\Users\Manuel\Desktop\778635_418191798256909_268783800_o.jpg
[2013.01.26 15:49:35 | 000,001,276 | ---- | C] () -- C:\Users\Manuel\Desktop\FIFA 13.lnk
[2013.01.26 13:04:46 | 000,002,083 | ---- | C] () -- C:\Users\Manuel\Desktop\Tabellenbuch Metall 7.0.lnk
[2013.01.25 18:45:59 | 000,002,535 | ---- | C] () -- C:\Users\Manuel\Desktop\Skype.lnk
[2013.01.25 17:41:29 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.25 15:22:42 | 000,001,989 | ---- | C] () -- C:\Users\Manuel\Desktop\Samsung Kies.lnk
[2013.01.25 15:22:21 | 000,001,997 | ---- | C] () -- C:\Users\Manuel\Desktop\Pro ENGINEER.lnk
[2013.01.25 15:22:12 | 000,000,967 | ---- | C] () -- C:\Users\Manuel\Desktop\Audacity.lnk
[2013.01.25 15:03:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.25 15:03:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.25 15:03:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.25 15:03:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.25 15:03:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.09 15:02:19 | 000,002,853 | ---- | C] () -- C:\Users\Manuel\AppData\Local\recently-used.xbel
[2013.01.05 12:26:03 | 000,000,847 | ---- | C] () -- C:\Users\Manuel\Desktop\TX-NR414 - Verknüpfung.lnk
[2012.12.25 23:06:06 | 000,000,036 | ---- | C] () -- C:\Users\Manuel\.org.eclipse.epp.usagedata.recording.userId
[2012.11.30 18:51:56 | 000,007,605 | ---- | C] () -- C:\Users\Manuel\AppData\Local\Resmon.ResmonCfg
[2012.11.26 18:49:36 | 001,591,518 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.06 21:16:22 | 000,000,032 | ---- | C] () -- C:\Windows\DVD_Start.INI
[2012.11.01 10:57:44 | 000,000,049 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012.11.01 10:57:42 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012.11.01 10:57:30 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012.11.01 10:56:58 | 000,044,950 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012.11.01 10:56:12 | 000,000,872 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012.11.01 10:56:01 | 000,005,066 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012.05.09 14:03:21 | 000,000,028 | ---- | C] () -- C:\Users\Manuel\.gtk-bookmarks
[2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.02.16 15:12:48 | 000,004,608 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.24 11:46:10 | 000,000,594 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2011.11.22 19:08:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.11.06 14:45:23 | 000,066,560 | ---- | C] () -- C:\Windows\jwpen.exe
[2011.11.06 14:45:23 | 000,028,672 | ---- | C] () -- C:\Windows\HWCkPenT.dll
[2011.11.06 14:45:23 | 000,013,824 | ---- | C] () -- C:\Windows\DevInst.exe
[2011.11.06 14:45:23 | 000,011,264 | ---- | C] () -- C:\Windows\HWDevInst.exe
[2011.11.06 14:45:23 | 000,003,116 | ---- | C] () -- C:\Windows\HWTablet.bin
[2011.11.06 14:45:22 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\HWTabTray.exe
[2011.11.06 14:45:22 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\WinTab32.dll
[2011.11.06 14:45:22 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jwusbchk32.dll
[2011.11.06 14:45:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\JWKey.dll
[2011.11.06 14:45:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\HWKeyPlus.exe
[2011.11.06 14:45:22 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\JWPen.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.01 11:02:16 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ASUS
[2012.12.01 20:33:31 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Autodesk
[2011.11.19 11:04:41 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Foxit Software
[2012.06.23 14:53:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\FreeCommander
[2012.05.16 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\gtk-2.0
[2011.11.06 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\IrfanView
[2011.11.05 16:12:18 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Leadertech
[2011.11.12 15:48:50 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\MAGIX
[2011.11.05 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\OEM
[2012.11.30 13:53:54 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Origin
[2011.11.12 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\proDAD
[2011.12.20 18:08:40 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\ProtectDISC
[2012.01.31 15:45:57 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\PTC
[2012.11.15 16:45:51 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Samsung
[2012.07.12 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\TeamViewer
[2012.04.24 18:36:57 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Temp
[2011.11.05 21:23:08 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\Windows Live Writer
[2011.11.06 19:22:40 | 000,000,000 | ---D | M] -- C:\Users\Manuel\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.01.25 15:14:06 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.07.26 10:36:56 | 000,000,000 | ---D | M] -- C:\book
[2013.01.31 15:03:57 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.05 15:32:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.01.24 21:11:22 | 000,000,000 | ---D | M] -- C:\found.000
[2011.03.11 10:11:28 | 000,000,000 | ---D | M] -- C:\Intel
[2011.11.05 15:53:55 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.09.28 07:31:04 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.10.21 16:09:27 | 000,000,000 | ---D | M] -- C:\OEM
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.05 21:34:58 | 000,000,000 | ---D | M] -- C:\prgs
[2013.01.29 18:43:13 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.29 15:43:22 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.25 17:41:29 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.11.05 15:32:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.01.25 15:10:48 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.11.05 15:32:49 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.01.31 20:06:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.27 19:14:18 | 000,000,000 | ---D | M] -- C:\Temp
[2012.09.28 07:32:59 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.29 16:15:18 | 000,000,000 | ---D | M] -- C:\Windows
[2013.01.24 21:04:04 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.06 17:17:08 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.11.06 17:17:08 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.01.29 15:55:35 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2010.09.24 02:48:00 | 000,222,288 | ---- | M] (Advanced Micro Devices, Inc) MD5=A3F4FEE7E8C40242FD6CD77DAE51370F -- C:\OEM\Preload\Autorun\DRV\AMD VGA Generic Driver\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.05.09 14:03:21 | 000,000,028 | ---- | M] () -- C:\Users\Manuel\.gtk-bookmarks
[2012.12.25 23:06:06 | 000,000,036 | ---- | M] () -- C:\Users\Manuel\.org.eclipse.epp.usagedata.recording.userId
[2013.01.31 20:10:23 | 006,029,312 | -HS- | M] () -- C:\Users\Manuel\NTUSER.DAT
[2013.01.31 20:10:23 | 000,262,144 | -HS- | M] () -- C:\Users\Manuel\ntuser.dat.LOG1
[2011.11.05 15:33:07 | 000,000,000 | -HS- | M] () -- C:\Users\Manuel\ntuser.dat.LOG2
[2011.11.05 15:45:00 | 000,065,536 | -HS- | M] () -- C:\Users\Manuel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.11.05 15:45:00 | 000,524,288 | -HS- | M] () -- C:\Users\Manuel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.11.05 15:45:00 | 000,524,288 | -HS- | M] () -- C:\Users\Manuel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.11.21 03:50:53 | 000,000,020 | -HS- | M] () -- C:\Users\Manuel\ntuser.ini
[2012.10.27 16:27:01 | 000,000,326 | ---- | M] () -- C:\Users\Manuel\stools_.log
[2012.10.27 17:04:36 | 000,005,516 | ---- | M] () -- C:\Users\Manuel\stools_proe.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >

Mk91 31.01.2013 20:21
Code:
OTL Extras logfile created on: 24.01.2013 19:43:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Manuel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 87,38% Memory free
11,96 Gb Paging File | 11,24 Gb Available in Paging File | 93,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,21 Gb Total Space | 305,62 Gb Free Space | 66,85% Space Free | Partition Type: NTFS
Drive D: | 457,21 Gb Total Space | 326,18 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive F: | 992,70 Mb Total Space | 899,61 Mb Free Space | 90,62% Space Free | Partition Type: FAT
Drive M: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive P: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive V: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive X: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
Drive Y: | 1828,85 Gb Total Space | 1425,08 Gb Free Space | 77,92% Space Free | Partition Type: NTFS
 
Computer Name: M-PC2 | User Name: Manuel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLCVideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLCVideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLCVideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLCVideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D54BDF-F613-4819-9D8B-9225EE66D0C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03F27C86-42DA-4A4C-AACE-C1377DC6FF70}" = rport=139 | protocol=6 | dir=out | app=system |
"{12BD5E77-4F17-4901-82F0-79E19CE463BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{16D165CB-AF81-420F-8630-399205DC106E}" = lport=445 | protocol=6 | dir=in | app=system |
"{19ECA652-2508-482B-B86D-5BBA8ADEA449}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1DF9A2F9-23E3-4C5D-8F06-4D0B87E3BFE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30A61BE4-40FC-4B81-927D-E26ED0CA908A}" = lport=139 | protocol=6 | dir=in | app=system |
"{3176975A-4132-4FD2-B806-7128FB08D453}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BB36779-012D-46A9-A7CE-FF1BD8D3BE22}" = rport=137 | protocol=17 | dir=out | app=system |
"{48E6AFF1-6CCD-4B88-A422-14E3B0BDEB1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{506C0A58-379B-4382-B19D-66198E673A49}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5ED9215D-63FB-4F12-B8C0-C146AF3A7DCB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{67FAC5C3-4F0D-49E0-B7AD-4DC5B16D4D88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7025DE98-7F64-4F5C-B3AA-126A9E5067A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8D848064-A37E-45A1-9007-DFA651B587EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91A9D6C5-B6ED-4C84-AC3E-174C6609BF10}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FF4ADDF-2231-41E7-939E-84DB9358CCF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B67732EC-EEA6-472B-BBA6-9CD7BDCF72BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B88D8316-A8A3-4B38-A38C-B2D13DB70B85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC049336-88DC-4822-96EB-EFB65A1C55DD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C50E0DDC-FBD4-4C18-84CC-6AE8E7BF42B2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D4A5BCB7-601E-43DC-A302-6382C70B8DE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{D56F0528-CE33-4C72-84F9-78AC4778BE67}" = lport=138 | protocol=17 | dir=in | app=system |
"{E97D9B03-F329-4EC6-A450-561372FAA186}" = lport=137 | protocol=17 | dir=in | app=system |
"{EAC2E274-F7E1-4EE7-8590-C8B30DFA1FD3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0001F3DA-2943-4F68-BAB6-68004DA015A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{00204682-CD6A-46D2-81F7-32C624746BDF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{007B95B6-1796-40FF-8675-9D9DD882772C}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\3dsmax.exe |
"{045085B6-2F33-42D0-A05F-BE2B36B58D49}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{04ED272D-9ACB-472B-91FD-6E87148E1AF0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{120BBEE9-1290-4CAC-8429-DE518C3DDAE1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{1F506530-77C4-4720-8B2C-631A462EBA9D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B87ED99-7E1F-41E2-B5E4-217BC09AFEEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C678E57-9E8F-42A7-BD6B-6A79C6416F62}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{31FBCCCA-6685-41C5-8551-D05473F8D9EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{32EBEA2A-51FF-4E13-8BB3-B36F0A153A5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39049022-C5A4-4375-875D-4F86F11DC112}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{40DD210F-4418-4A5E-B84D-37D60CD2F59A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{48F361C0-2AF2-45C6-897C-9EADECA210DF}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{4A09816C-7DA1-426A-99B0-BE226F887FA1}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{4F39AD1F-3FE9-4F72-B1C1-F1742F03C104}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{515728FE-8F64-45CB-AD98-5A5B3BF4B847}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{53C7B690-F939-47E8-B379-0287FA6E5E39}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{61426EEC-36AF-4287-89C6-D060A54441BC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{68B0DC75-3A81-48AC-A990-AAEFDDA11F56}" = dir=in | app=c:\windows\ehome\ehrecvr.exe |
"{6E09FFA3-161F-42A6-A790-760BCA80A739}" = protocol=6 | dir=out | app=system |
"{6F4BDD7E-24C7-44D4-B987-4562796DB916}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{71977159-EEBB-4B1C-9F9A-8ECC86452CAC}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{7386FE6E-B135-4A14-975B-70A61FBFEDD5}" = protocol=6 | dir=in | app=c:\program files\ptc\productview express\i486_nt\obj\productview.exe |
"{7BDEA2B7-5C70-4CFB-8462-C970B22A72BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82F05F7F-10F3-4C11-8396-AFE42C0A9C98}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{8A26FDD4-C5D2-4D7C-BE74-0C1FEB84AC5E}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{8AEA83F8-B9A1-418B-8B6F-86519C2A55FC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{8C05A2C3-E5FB-4BB9-AD57-5C89E1447CDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D673DBA-4D87-4778-9E53-61417B9686F6}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe |
"{8E57D92E-3C4B-4C86-A74A-56A8D60B89D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FE8082A-BE9E-437E-8AAA-EFD54C95FB3C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{935967FE-2924-4E36-B517-56091AB25CEC}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{95828A4A-88FC-44A5-970E-F40CF6C9FACD}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{97803BAD-E150-4606-94B8-B225EF124F26}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\3dsmax.exe |
"{9F39A92F-0C34-49FD-8051-2F71638DD2E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A59E3E59-75B6-4AA2-A582-C36AF5AD57DE}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{A5B8496D-251B-41C3-95F4-FE10A48F44D3}" = protocol=17 | dir=in | app=c:\program files\ptc\productview express\i486_nt\obj\productview.exe |
"{A98A9DAD-CCFB-49EC-A67C-1F4EC75576BD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AD12A039-5D89-4633-9EAC-1B18BC70F4B9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{B0CAAD05-E542-4EFA-9ABA-076538C77EBD}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{B6AAF150-41E7-48AF-B420-9683D5F2CC16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C19F8CF3-C004-415F-826E-69F8F65622CF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C61DD69D-65F2-47D2-9827-D55ACAF26F85}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{CA18E64C-90F3-4C7E-9571-4A41DF1B7256}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{CA39D297-ECDB-4A5E-8B88-72F957CDD018}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{CD8F25E0-CA19-436F-BD25-3000470249DB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEF9DE7C-1A7F-4C63-9BBE-561679E6E832}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D823CE81-0F91-4E1A-8C70-AB3DA5A08552}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC137F44-A612-426E-9C65-4A4F625E5A29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0EC801E-60FF-43A1-8A1A-3535296A20B2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{E6BCC1CD-2B8B-4EF7-87EE-2F6969F9F4A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E78500BA-C291-4F71-95B6-74D66D6B3C78}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64.exe |
"{EE3D1C7D-1AAD-4D1D-B537-2EFD5166BEAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFB8B41C-41A9-43F8-964C-A671A02018B9}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{F3473404-8EA3-4A44-ADBA-C94D2EA81E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{F3A3B1DC-4E05-467C-B159-1E78B8DB25C1}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"TCP Query User{01AF5B17-56C1-4569-AC16-44B230336EFB}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"TCP Query User{271BE3FE-D7A2-4573-BD1F-EDDC51E2C96B}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"TCP Query User{3CE12866-29AB-40C2-89A5-66FB111977C6}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe |
"TCP Query User{733797ED-1701-456A-90D7-E46AB369913A}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{9EDA3C3E-E08B-4854-89ED-6AD725DB1256}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"TCP Query User{AFEA7B9D-AFB8-4D64-90AA-C1327653A0F1}C:\users\manuel\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\manuel\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B04B7022-3027-4FE7-9268-CC9966A00C9E}C:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe" = protocol=6 | dir=in | app=c:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe |
"TCP Query User{E3DAB96D-5D5B-4BBB-B70D-E49BF158629E}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{EBBEAD97-7B24-4B61-B66C-C76CC22B6075}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
"UDP Query User{00DE549A-1246-45E7-8DE1-47F59BC4EBB1}C:\users\manuel\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\manuel\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3F6D1D99-80A8-4836-BFE8-41AC5AF63B93}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{430F1DD4-DB23-4871-9400-9B579654AFC3}C:\program files\proewildfire 5.0\bin\proe.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\bin\proe.exe |
"UDP Query User{5D5048CA-8959-4760-A0CA-95144FC873D1}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |
"UDP Query User{6F33542E-E839-428D-8B16-AC554E4DD37B}C:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\xtop.exe |
"UDP Query User{7B96C45C-AA07-45DF-A329-F97747C6089B}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{8740DBA3-908E-4545-987C-8DBDD2DBC4E3}C:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{B8609E85-D02E-4978-94F5-A1EA8D11BCEE}C:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe" = protocol=17 | dir=in | app=c:\program files (x86)\quadriga games\emergency 2012 deluxe\bin.x86\em2012.exe |
"UDP Query User{E134DAE4-B1CA-4BCC-B92B-5970EFC2E996}C:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 5.0\x86e_win64\nms\nmsd.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F30B978-3536-0409-BC9C-0A2FB4C35EFC}" = Autodesk 3ds Max 2013 64-bit
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{23170F69-40C1-2702-0923-010001000000}" = 7-Zip 9.23 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51BC086E-2946-442C-B01D-37587285E833}" = ProductView Express 9.1
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{696BB53C-28E6-1664-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 64-bit
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7EDE5B68-1FB0-405D-88F0-A34236002DA8}" = Autodesk Essential Skills Movies for 3ds Max 2013 64-bit
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D44320DB-2B49-4EF7-BE7E-9EEFAF9CCF7B}" = Pro/ENGINEER Thumbnail Viewer 1.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DD2AFE07-5DA8-41E9-BB2B-FF0A91A4EB76}" = PCTV Package - Windows Media Center
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"Autodesk 3ds Max 2013 64-bit" = Autodesk 3ds Max 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver
"DWG TrueView 2013" = DWG TrueView 2013
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Pro/ENGINEER Release Wildfire 5.0 Datecode M060" = Pro/ENGINEER Release Wildfire 5.0 Datecode M060
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05BBF12D-565E-4212-8BDD-C482C72866DD}" = Vasco da Gama 4 HDPro
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76454862-992F-4A12-9D61-76E52A1C6922}" = Windows Live Messenger
"{76C064E2-BB99-4453-8FDA-42BC01AD0734}" = Control ActiveX del Windows Live Mesh per a connexions remotes
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BA6DF02-B094-45D7-A3C9-BE3684253922}" = Urruneko konexioetarako Windows Live Mesh ActiveX kontrola
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{8F42D65F-B288-401B-BDE3-308AF6B33BF8}" = MAGIX Video deluxe 17 Premium Sonderedition
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACD21A44-4EF9-4461-B1F3-45786E395032}" = Tablet Driver
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E07293A8-9EA5-449C-845A-34567BB13736}" = MAGIX Speed burnR (MSI)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0ED5197-6A2C-47F4-98D5-6D71CAF82063}" = MAGIX Screenshare
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Audacity_is1" = Audacity 1.2.6
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bridge Building Game" = Bridge Building Game
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Emergency 2012" = Emergency 2012 Deluxe
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"Franzis 3D-Eisenbahnplaner 11_is1" = Franzis 3D-Eisenbahnplaner 11
"FreeCommander_is1" = FreeCommander 2009.02b
"Google Chrome" = Google Chrome
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Sonderedition
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Light Rays for Magix" = NewBlue Light Rays for Magix
"NewBlue Lightning for Magix" = NewBlue Lightning for Magix
"NewBlueFX Premium Effects" = NewBlueFX Premium Effects
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"PremElem90" = Adobe Premiere Elements 9
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"Tabellenbuch Metall 7.0" = Tabellenbuch Metall 7.0
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-1be14c51-9fc7-4163-8f1b-c4b2ece7fe2a" = Agatha Christie - 4:50 from Paddington
"WTA-2c99330e-6ed7-4e21-b9a0-c3144b2b2b8b" = Wedding Dash
"WTA-3891b358-b37c-43bc-9d22-5a4355373a36" = Torchlight
"WTA-3976f8bc-44ca-459e-abd2-bf96e6f4ad79" = Chuzzle Deluxe
"WTA-3f66f3de-03be-4226-be2b-3a4770b0c89a" = Plants vs. Zombies - Game of the Year
"WTA-6c1c245d-d645-41f2-93ff-6c3400271ca3" = Bejeweled 2 Deluxe
"WTA-71457699-1acf-44a3-acab-1763264e99f7" = Crazy Chicken Kart 2
"WTA-78cb8ea5-9988-43a4-a0aa-6fd671ab6ee5" = Diner Dash 2 Restaurant Rescue
"WTA-82d31ed8-e7d0-4c99-808c-b5b96849fed4" = John Deere Drive Green
"WTA-8863d549-ac85-43ee-91b6-0827cfcb8e8c" = Penguins!
"WTA-8b3a3785-d240-483e-8936-fa5e653f35cd" = Virtual Villagers - The Secret City
"WTA-8e07d023-e164-4ef3-aa6a-75492da9b8ca" = Mystery P.I. - The London Caper
"WTA-cff9caf4-6ee1-48a0-9a43-0b5fcc401575" = Zuma Deluxe
"WTA-db059865-6ecb-4cd8-9843-fe1f986a7979" = Polar Bowler
"WTA-eabbf749-2e07-4ac1-8527-2d2a77057cdd" = FATE
"XnView_is1" = XnView 1.98.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.09.2012 21:25:37 | Computer Name = M-PC2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 22.09.2012 08:55:09 | Computer Name = M-PC2 | Source = WinMgmt | ID = 10
Description =
 
Error - 22.09.2012 10:33:18 | Computer Name = M-PC2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 22.09.2012 10:33:49 | Computer Name = M-PC2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 23.09.2012 08:28:26 | Computer Name = M-PC2 | Source = WinMgmt | ID = 10
Description =
 
Error - 23.09.2012 11:34:49 | Computer Name = M-PC2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.09.2012 11:35:24 | Computer Name = M-PC2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.09.2012 10:38:08 | Computer Name = M-PC2 | Source = WinMgmt | ID = 10
Description =
 
Error - 25.09.2012 05:11:45 | Computer Name = M-PC2 | Source = WinMgmt | ID = 10
Description =
 
Error - 25.09.2012 05:33:22 | Computer Name = M-PC2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.09.2012 05:33:59 | Computer Name = M-PC2 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\freecommander\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 112 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
 Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 1582 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::searchProcessesForUserToken File:
 .\IPC\WinsecAPI.cpp Line: 1466 Invoked Function: Process32Next Return Code: 18 (0x00000012)
Description:
 Es sind keine weiteren Dateien vorhanden. 
 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
 93 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
 .\IPC\WinsecAPI.cpp Line: 73 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
 Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
 112 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
 Code: -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
 57 Invoked Function: CapiCertUtils Return Code: -32833517 (0xFE0B0013) Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
 39 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32833517 (0xFE0B0013)
Description:
 WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
 
Error - 24.01.2013 14:37:17 | Computer Name = M-PC2 | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
 1612 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
 -32833517 (0xFE0B0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED

 
[ Media Center Events ]
Error - 11.03.2012 11:08:17 | Computer Name = M-PC02 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) PCTV DiBcom
 BDA Digital Tuner (Dev1 Path0)
 
Error - 11.03.2012 11:08:18 | Computer Name = M-PC02 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) PCTV DiBcom
 BDA Digital Tuner (Dev1 Path0)
 
Error - 07.05.2012 10:48:39 | Computer Name = M-PC02 | Source = MCUpdate | ID = 0
Description = 16:48:32 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
 404: Die angeforderte URL ist auf diesem Server nicht vorhanden.  ) 
 
Error - 20.09.2012 05:47:56 | Computer Name = M-PC2 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) PCTV DiBcom
 BDA Digital Tuner (Dev1 Path0)
 
Error - 27.09.2012 09:50:12 | Computer Name = M-PC2 | Source = MCUpdate | ID = 0
Description = 15:50:12 - Fehler beim Herstellen der Internetverbindung.  15:50:12
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.09.2012 09:50:25 | Computer Name = M-PC2 | Source = MCUpdate | ID = 0
Description = 15:50:17 - Fehler beim Herstellen der Internetverbindung.  15:50:17
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.11.2012 15:06:38 | Computer Name = M-PC2 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) PCTV DiBcom
 BDA Digital Tuner (Dev1 Path0)
 
Error - 27.11.2012 15:06:38 | Computer Name = M-PC2 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) PCTV DiBcom
 BDA Digital Tuner (Dev1 Path0)
 
Error - 15.01.2013 15:18:34 | Computer Name = M-PC2 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) PCTV DiBcom
 BDA Digital Tuner (Dev1 Path0)
 
Error - 15.01.2013 15:18:34 | Computer Name = M-PC2 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) PCTV DiBcom
 BDA Digital Tuner (Dev1 Path0)
 
[ System Events ]
Error - 24.01.2013 14:40:57 | Computer Name = M-PC2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.01.2013 14:41:00 | Computer Name = M-PC2 | Source = DCOM | ID = 10005
Description =
 
Error - 24.01.2013 14:41:00 | Computer Name = M-PC2 | Source = DCOM | ID = 10005
Description =
 
Error - 24.01.2013 14:40:59 | Computer Name = M-PC2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.01.2013 14:40:59 | Computer Name = M-PC2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.01.2013 14:40:59 | Computer Name = M-PC2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.01.2013 14:41:00 | Computer Name = M-PC2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.01.2013 14:42:10 | Computer Name = M-PC2 | Source = DCOM | ID = 10005
Description =
 
Error - 24.01.2013 14:42:10 | Computer Name = M-PC2 | Source = DCOM | ID = 10005
Description =
 
Error - 24.01.2013 14:42:33 | Computer Name = M-PC2 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >
Ich konnte keine neue extra finden, deshalb habe ich vorsichtshalber die alte nochmal gepostet

markusg 31.01.2013 21:01
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
 :Files
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

instaliere mal drüber kis für samsun:
Kies Samsung
starte neu, teste ob die Fehlermeldung noch auftritt

Mk91 31.01.2013 21:48
Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote senden\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote senden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Manuel
->Flash cache emptied: 2212 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Manuel
->Temp folder emptied: 25430250 bytes
->Temporary Internet Files folder emptied: 4833843 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 157541097 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 432399234 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 159877572 bytes
 
Total Files Cleaned = 744,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01312013_214206

Files\Folders moved on Reboot...
C:\Users\Manuel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Meldung erscheint nun nicht mehr ... auch sonst fährt er seit die meldung nicht mehr kommt schneller hoch als vorher ...

markusg 02.02.2013 20:35
Hi
fein.
Gibts denn noch was zu beanstanden?

Mk91 02.02.2013 21:48
Hallo Markus,
mien PC läuft wieder einwandfrei und sehr rund.
Ich danke dir vielmals für die schnelle, unkomplizierte und vor allem kompetente Hilfe.
Da ich dich für sehr erfehren und kompetent halte, möchte ich die Gelegeheit nutzen und dich auf ein kleineres anderes Problem meines PCs ansprechen, welches aber schon lange vor dem Virus bestand hatte:
Beim herunterfahren werden täglich 2 Updates installiert und ich habe noch keine möglichkeit gefunden, das abzustellen. Es scheinen immer die gleichen Updates zu sein. (Jeden Tag genau 2).
Ich habe dieses Problem lange ingnoriert aber auf dauer nervt es ein wenig, deshalb dachte ich, wenn ich schonmal an einen Fachmann geraten bin könnte ich diese Frage auch gleich stellen.

Gruß und besten Dank Manuel

markusg 04.02.2013 11:42
hi
start, suchen,
windows update
enter
schau mal in den update verlauf, welche Updates betroffen sind und evtl. Fehlermeldungen posten.
Was du paralel versuchen kannst, update mal Driver für Mainboard, GraKa, netzwerk usw.
häufig hilft das schon.

Mk91 08.02.2013 22:52
Es gibt keine Fehlermeldungen und es wird immer Update KB2600217 und update KB2656351 installiert.....meist sogar mehrmals am tag

sind beides .NET Framework updates ... genauere beschreibung lässt sich ja anhand der nummer heausfinden, sodass ich das jetzt wohl nicht alles abschreiben muss

Kann ich die einfach ausblenden ??

markusg 08.02.2013 23:35
Treiber eeupdated?

Mk91 22.02.2013 19:14
Mitlerweile alles gemacht aber es hat sich nichts veraendert ;-)

markusg 22.02.2013 19:16
kannst du mal unter software alle netframework versionen deinstalieren (vorher versionsnummern wie 1.1 notieren) sie mir posten und dann instalieren wir sie neu.

Mk91 23.02.2013 00:07
Also ich hatte 4 verschiedene .Net Versionen
-Client Profile
-Client Profile DEU Language Pack
-Extended
-Extende DEU Language Pack

Diese habe ich alle deinstalliert und ab da kamen keine Updates mehr...
Dann habe ich mir Version 4.5 geholt, die laut CHIP auch die ganzen oberen Versionen mit einschließt...
Ergebniss: bis jetzt keine Updates mehr ... ich hoffe das bleibt jetzt auch so ...


Ich danke dir hiermit recht herzlich für deine Hilfe bei meinem PC-Problemen

Gruss Manu

markusg 25.02.2013 17:22
Gerne
noch Probleme festzustellen?

Mk91 25.02.2013 20:16
Nein es läuft wieder alles perfekt sowohl der virus ist weg als auch die updates (erscheinen nur noch ca wöchentlich was ja normal ist)
danke nochmals
Viele Grüße Manuel

markusg 25.02.2013 20:17
sehr gut.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19