Trojaner-Board - ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen (https://www.trojaner-board.de/133882-zeus-zbot-trojaner-tun-avira-schon-durchlaufen-lassen.html)

ZeuS/Zbot Trojaner, was tun? Avira schon durchlaufen lassen

Hallo,

ich bin neu hier und relativ ahnungslos im Umgang mit Trojanern.

Wir haben eine Mail von der Deutschen Telekom bekommen, dass über unsere Zugangskennung ein Trojaner bei uns "nistet" (sagt man das so?). Habe es bei der Telekom verifiziert, ist echt.
Greift wohl paypal an, das habe ich gelöst.
Die Deutsche Telekom schickt mit der Mail einen Link zu : https://www.botfrei.de/telekom

Das Programm (Avira) habe ich durchlaufen lassen, 3 Schäden hat er entdeckt und bereinigt.

Scheinbar hat mein Mann den Trojaner eingeschleust, er hat ihn wohl in der Firma über einen Mailanhang bekommen, glaubt er.

Mein Rechner hat windows 8.

Kann ich nochwas tun und wenn ja dann was?

Herzlichen Dank für die Hilfe

Ahnungslos61 aus Mainz

Hallo und :hallo:

Zitat:

Das Programm (Avira) habe ich durchlaufen lassen, 3 Schäden hat er entdeckt und bereinigt.

Schön und wo sind die Logs dazu? :glaskugel:

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Hallo!
Danke für die Rückfrage, aber wo stehen die logfiles?

Gruß Ahnungslos61

Warum liest du den von mir verlinkten Artikel nicht?

Ich hoffe das ist die Richtige :-)

Code:



Avira DE-Cleaner

Erstellungsdatum der Reportdatei: Donnerstag, 18. April 2013  09:25
 

Es wird nach 3841495 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : DE-Cleaner Kit

Seriennummer   : 2223078146-DECLE-0000001

Plattform      : Windows NT

Windowsversion : (plain)  [6.2.9200]

Boot Modus     : Normal gebootet

Benutzername   : Astrid-Coach

Computername   : ASTRID
 

Versionsinformationen:

BUILD.DAT      : 10.0.0.41      12093 Bytes  04.10.2012 10:12:00

AVSCAN.EXE     : 10.0.4.6      514216 Bytes  18.04.2013 07:24:47

AVSCAN.DLL     : 10.0.4.0       56168 Bytes  18.04.2013 07:24:47

LUKE.DLL       : 10.0.4.1      104296 Bytes  18.04.2013 07:24:49

LUKERES.DLL    : Keine Information!

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 07:25:04

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 07:25:12

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:25:20

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 07:25:23

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 07:25:25

VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 07:25:28

VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 07:25:28

VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 07:25:28

VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 07:25:28

VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 07:25:28

VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 07:25:28

VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 07:25:28

VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 07:25:28

VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 07:25:28

VBASE014.VDF   : 7.11.34.201   169472 Bytes  02.07.2012 07:25:28

VBASE015.VDF   : 7.11.35.19    122368 Bytes  04.07.2012 07:25:28

VBASE016.VDF   : 7.11.35.20      2048 Bytes  04.07.2012 07:25:28

VBASE017.VDF   : 7.11.35.21      2048 Bytes  04.07.2012 07:25:28

VBASE018.VDF   : 7.11.35.22      2048 Bytes  04.07.2012 07:25:28

VBASE019.VDF   : 7.11.35.23      2048 Bytes  04.07.2012 07:25:28

VBASE020.VDF   : 7.11.35.24      2048 Bytes  04.07.2012 07:25:28

VBASE021.VDF   : 7.11.35.25      2048 Bytes  04.07.2012 07:25:28

VBASE022.VDF   : 7.11.35.26      2048 Bytes  04.07.2012 07:25:28

VBASE023.VDF   : 7.11.35.27      2048 Bytes  04.07.2012 07:25:28

VBASE024.VDF   : 7.11.35.28      2048 Bytes  04.07.2012 07:25:28

VBASE025.VDF   : 7.11.35.29      2048 Bytes  04.07.2012 07:25:28

VBASE026.VDF   : 7.11.35.30      2048 Bytes  04.07.2012 07:25:29

VBASE027.VDF   : 7.11.35.31      2048 Bytes  04.07.2012 07:25:29

VBASE028.VDF   : 7.11.35.32      2048 Bytes  04.07.2012 07:25:29

VBASE029.VDF   : 7.11.35.33      2048 Bytes  04.07.2012 07:25:29

VBASE030.VDF   : 7.11.35.34      2048 Bytes  04.07.2012 07:25:29

VBASE031.VDF   : 7.11.35.74     98816 Bytes  05.07.2012 07:25:29

Engineversion  : 8.2.10.104

AEVDF.DLL      : 8.1.2.8       106867 Bytes  18.04.2013 07:25:33

AESCRIPT.DLL   : 8.1.4.32      455034 Bytes  18.04.2013 07:25:33

AESCN.DLL      : 8.1.8.2       131444 Bytes  18.04.2013 07:25:33

AESBX.DLL      : 8.2.5.12      606578 Bytes  18.04.2013 07:25:33

AERDL.DLL      : 8.1.9.15      639348 Bytes  18.04.2013 07:25:32

AEPACK.DLL     : 8.2.16.22     807288 Bytes  18.04.2013 07:25:31

AEOFFICE.DLL   : 8.1.2.40      201082 Bytes  18.04.2013 07:25:31

AEHEUR.DLL     : 8.1.4.64     5009782 Bytes  18.04.2013 07:25:31

AEHELP.DLL     : 8.1.23.2      258422 Bytes  18.04.2013 07:25:30

AEGEN.DLL      : 8.1.5.30      422261 Bytes  18.04.2013 07:25:29

AEEXP.DLL      : 8.1.0.60       86388 Bytes  18.04.2013 07:25:33

AEEMU.DLL      : 8.1.3.0       393589 Bytes  18.04.2013 07:25:29

AECORE.DLL     : 8.1.25.10     201080 Bytes  18.04.2013 07:25:29

AEBB.DLL       : 8.1.1.0        53618 Bytes  18.04.2013 07:25:29

AVWINLL.DLL    : 10.0.0.0       19304 Bytes  18.04.2013 07:24:47

AVPREF.DLL     : 10.0.0.0       44904 Bytes  18.04.2013 07:24:47

AVREP.DLL      : 10.0.0.8       63848 Bytes  18.04.2013 07:24:47

AVREG.DLL      : 10.0.3.2       53096 Bytes  18.04.2013 07:24:47

AVSCPLR.DLL    : 10.0.4.1       84840 Bytes  18.04.2013 07:24:47

AVARKT.DLL     : Keine Information!

SQLITE3.DLL    : 3.6.19.0      355688 Bytes  18.04.2013 07:24:53

AVSMTP.DLL     : Keine Information!

NETNT.DLL      : Keine Information!

RCIMAGE.DLL    : 11.0.8.0       96616 Bytes  18.04.2013 07:24:52

RCTEXT.DLL     : 11.0.7.0      403304 Bytes  18.04.2013 07:24:52
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: unknown

Konfigurationsdatei...................: C:\Users\ASTRID~1\AppData\Local\Temp\decleaner\decleaner\setup\sysscan.avp

Protokollierung.......................: niedrig

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: löschen

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, 

Durchsuche aktive Programme...........: ein

Laufende Programme erweitert..........: ein

Durchsuche Registrierung..............: ein

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Zitat:

Zitat von cosinus (Beitrag 1049039)

Warum liest du den von mir verlinkten Artikel nicht?

Habe keine Ahnung wer wo wann ich was schauen soll, bin nicht vom Fach! Arbeite sonst mit
Menschen, da kann man nie nach ablegten Dateien schauen!

Log ist unvollständig. Bitte lies die Anleitung richtig

Zitat:

Habe keine Ahnung wer wo wann ich was schauen soll, bin nicht vom Fach! Arbeite sonst mit
Menschen, da kann man nie nach ablegten Dateien schauen!

Du musst dir hier aber Mühe geben, über ein Forum arbeitet man nunmal in schriftlicher Form und dementsprechend musst du dir Beiträge und verlinkten Artikel auch genau lesen und umsetzen.

Code:



Avira DE-Cleaner

Erstellungsdatum der Reportdatei: Donnerstag, 18. April 2013  09:25
 

Es wird nach 3841495 Virenstämmen gesucht.
 

Das Programm läuft als uneingeschränkte Vollversion.

Online-Dienste stehen zur Verfügung.
 

Lizenznehmer   : DE-Cleaner Kit

Seriennummer   : 2223078146-DECLE-0000001

Plattform      : Windows NT

Windowsversion : (plain)  [6.2.9200]

Boot Modus     : Normal gebootet

Benutzername   : Astrid-Coach

Computername   : ASTRID
 

Versionsinformationen:

BUILD.DAT      : 10.0.0.41      12093 Bytes  04.10.2012 10:12:00

AVSCAN.EXE     : 10.0.4.6      514216 Bytes  18.04.2013 07:24:47

AVSCAN.DLL     : 10.0.4.0       56168 Bytes  18.04.2013 07:24:47

LUKE.DLL       : 10.0.4.1      104296 Bytes  18.04.2013 07:24:49

LUKERES.DLL    : Keine Information!

VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 07:25:04

VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 07:25:12

VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:25:20

VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 07:25:23

VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 07:25:25

VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 07:25:28

VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 07:25:28

VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 07:25:28

VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 07:25:28

VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 07:25:28

VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 07:25:28

VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 07:25:28

VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 07:25:28

VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 07:25:28

VBASE014.VDF   : 7.11.34.201   169472 Bytes  02.07.2012 07:25:28

VBASE015.VDF   : 7.11.35.19    122368 Bytes  04.07.2012 07:25:28

VBASE016.VDF   : 7.11.35.20      2048 Bytes  04.07.2012 07:25:28

VBASE017.VDF   : 7.11.35.21      2048 Bytes  04.07.2012 07:25:28

VBASE018.VDF   : 7.11.35.22      2048 Bytes  04.07.2012 07:25:28

VBASE019.VDF   : 7.11.35.23      2048 Bytes  04.07.2012 07:25:28

VBASE020.VDF   : 7.11.35.24      2048 Bytes  04.07.2012 07:25:28

VBASE021.VDF   : 7.11.35.25      2048 Bytes  04.07.2012 07:25:28

VBASE022.VDF   : 7.11.35.26      2048 Bytes  04.07.2012 07:25:28

VBASE023.VDF   : 7.11.35.27      2048 Bytes  04.07.2012 07:25:28

VBASE024.VDF   : 7.11.35.28      2048 Bytes  04.07.2012 07:25:28

VBASE025.VDF   : 7.11.35.29      2048 Bytes  04.07.2012 07:25:28

VBASE026.VDF   : 7.11.35.30      2048 Bytes  04.07.2012 07:25:29

VBASE027.VDF   : 7.11.35.31      2048 Bytes  04.07.2012 07:25:29

VBASE028.VDF   : 7.11.35.32      2048 Bytes  04.07.2012 07:25:29

VBASE029.VDF   : 7.11.35.33      2048 Bytes  04.07.2012 07:25:29

VBASE030.VDF   : 7.11.35.34      2048 Bytes  04.07.2012 07:25:29

VBASE031.VDF   : 7.11.35.74     98816 Bytes  05.07.2012 07:25:29

Engineversion  : 8.2.10.104

AEVDF.DLL      : 8.1.2.8       106867 Bytes  18.04.2013 07:25:33

AESCRIPT.DLL   : 8.1.4.32      455034 Bytes  18.04.2013 07:25:33

AESCN.DLL      : 8.1.8.2       131444 Bytes  18.04.2013 07:25:33

AESBX.DLL      : 8.2.5.12      606578 Bytes  18.04.2013 07:25:33

AERDL.DLL      : 8.1.9.15      639348 Bytes  18.04.2013 07:25:32

AEPACK.DLL     : 8.2.16.22     807288 Bytes  18.04.2013 07:25:31

AEOFFICE.DLL   : 8.1.2.40      201082 Bytes  18.04.2013 07:25:31

AEHEUR.DLL     : 8.1.4.64     5009782 Bytes  18.04.2013 07:25:31

AEHELP.DLL     : 8.1.23.2      258422 Bytes  18.04.2013 07:25:30

AEGEN.DLL      : 8.1.5.30      422261 Bytes  18.04.2013 07:25:29

AEEXP.DLL      : 8.1.0.60       86388 Bytes  18.04.2013 07:25:33

AEEMU.DLL      : 8.1.3.0       393589 Bytes  18.04.2013 07:25:29

AECORE.DLL     : 8.1.25.10     201080 Bytes  18.04.2013 07:25:29

AEBB.DLL       : 8.1.1.0        53618 Bytes  18.04.2013 07:25:29

AVWINLL.DLL    : 10.0.0.0       19304 Bytes  18.04.2013 07:24:47

AVPREF.DLL     : 10.0.0.0       44904 Bytes  18.04.2013 07:24:47

AVREP.DLL      : 10.0.0.8       63848 Bytes  18.04.2013 07:24:47

AVREG.DLL      : 10.0.3.2       53096 Bytes  18.04.2013 07:24:47

AVSCPLR.DLL    : 10.0.4.1       84840 Bytes  18.04.2013 07:24:47

AVARKT.DLL     : Keine Information!

SQLITE3.DLL    : 3.6.19.0      355688 Bytes  18.04.2013 07:24:53

AVSMTP.DLL     : Keine Information!

NETNT.DLL      : Keine Information!

RCIMAGE.DLL    : 11.0.8.0       96616 Bytes  18.04.2013 07:24:52

RCTEXT.DLL     : 11.0.7.0      403304 Bytes  18.04.2013 07:24:52
 

Konfiguration für den aktuellen Suchlauf:

Job Name..............................: unknown

Konfigurationsdatei...................: C:\Users\ASTRID~1\AppData\Local\Temp\decleaner\decleaner\setup\sysscan.avp

Protokollierung.......................: niedrig

Primäre Aktion........................: interaktiv

Sekundäre Aktion......................: löschen

Durchsuche Masterbootsektoren.........: ein

Durchsuche Bootsektoren...............: ein

Bootsektoren..........................: C:, D:, 

Durchsuche aktive Programme...........: ein

Laufende Programme erweitert..........: ein

Durchsuche Registrierung..............: ein

Integritätsprüfung von Systemdateien..: aus

Datei Suchmodus.......................: Alle Dateien

Durchsuche Archive....................: ein

Rekursionstiefe einschränken..........: 20

Archiv Smart Extensions...............: ein

Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, 

Makrovirenheuristik...................: ein

Dateiheuristik........................: mittel

Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
 

Beginn des Suchlaufs: Donnerstag, 18. April 2013  09:25
 

Der Suchlauf über gestartete Prozesse wird begonnen:

Durchsuche Prozess 'avscan.exe' - '58' Modul(e) wurden durchsucht

Durchsuche Prozess 'deCleaner.exe' - '50' Modul(e) wurden durchsucht

Durchsuche Prozess 'avwebloader.exe' - '62' Modul(e) wurden durchsucht

Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '53' Modul(e) wurden durchsucht

Durchsuche Prozess 'FlashPlayerPlugin_11_6_602_180.exe' - '41' Modul(e) wurden durchsucht

Durchsuche Prozess 'plugin-container.exe' - '76' Modul(e) wurden durchsucht

Durchsuche Prozess 'firefox.exe' - '152' Modul(e) wurden durchsucht

Durchsuche Prozess 'WiseCare365.exe' - '86' Modul(e) wurden durchsucht

Durchsuche Prozess 'AvastUI.exe' - '88' Modul(e) wurden durchsucht

Durchsuche Prozess 'HCSynApi.exe' - '30' Modul(e) wurden durchsucht

Durchsuche Prozess 'GPMTray.exe' - '35' Modul(e) wurden durchsucht

Durchsuche Prozess 'POSD.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'MsgTranAgt.exe' - '18' Modul(e) wurden durchsucht

Durchsuche Prozess 'PHotkey.exe' - '58' Modul(e) wurden durchsucht

Durchsuche Prozess 'AvastSvc.exe' - '113' Modul(e) wurden durchsucht

Durchsuche Prozess 'UNS.exe' - '63' Modul(e) wurden durchsucht

Durchsuche Prozess 'daemonu.exe' - '64' Modul(e) wurden durchsucht

Durchsuche Prozess 'LMS.exe' - '25' Modul(e) wurden durchsucht

Durchsuche Prozess 'GoogleCrashHandler.exe' - '29' Modul(e) wurden durchsucht

Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '92' Modul(e) wurden durchsucht

Durchsuche Prozess 'obexsrv.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'devmonsrv.exe' - '36' Modul(e) wurden durchsucht

Durchsuche Prozess 'rndlresolversvc.exe' - '21' Modul(e) wurden durchsucht

Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'jhi_service.exe' - '27' Modul(e) wurden durchsucht

Durchsuche Prozess 'CLMSServer.exe' - '40' Modul(e) wurden durchsucht

Durchsuche Prozess 'CLMSMonitorService.exe' - '18' Modul(e) wurden durchsucht

Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht

Durchsuche Prozess 'ASLDRSrv.exe' - '17' Modul(e) wurden durchsucht

Durchsuche Prozess 'Decor8Srv.exe' - '11' Modul(e) wurden durchsucht
 

Der Suchlauf über die Masterbootsektoren wird begonnen:

Masterbootsektor HD0

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf über die Bootsektoren wird begonnen:

Bootsektor 'C:\'

    [INFO]      Es wurde kein Virus gefunden!

Bootsektor 'D:\'

    [INFO]      Es wurde kein Virus gefunden!
 

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:

Die Registry wurde durchsucht ( '172' Dateien ).
 
 

Der Suchlauf über die ausgewählten Dateien wird begonnen:
 

Beginne mit der Suche in 'C:\' <Boot>

C:\swapfile.sys

  [WARNUNG]   Die Datei konnte nicht geöffnet werden!

C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\klavasyswatch.dll

  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2

C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\klavasyswatch.dll.2365c553620cdfe937303722826af8b9

  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2

C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\klavasyswatch.dll

  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2

Beginne mit der Suche in 'D:\' <Recover>
 

Beginne mit der Desinfektion:

Der Systemwiederherstellungspunkt wurde erfolgreich angelegt.

C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\klavasyswatch.dll

  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2

  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 55f674e0.qua erstellt ( QUARANTÄNE )

  [HINWEIS]   Die Datei wurde gelöscht.

C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\Cache\klavasyswatch.dll.2365c553620cdfe937303722826af8b9

  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2

  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 4d615b47.qua erstellt ( QUARANTÄNE )

  [HINWEIS]   Die Datei wurde gelöscht.

C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\klavasyswatch.dll

  [FUND]      Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2

  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 1f3e01a0.qua erstellt ( QUARANTÄNE )

  [HINWEIS]   Die Datei wurde gelöscht.
 
 

Ende des Suchlaufs: Donnerstag, 18. April 2013  12:50

Benötigte Zeit:  1:24:19 Stunde(n)
 

Der Suchlauf wurde vollständig durchgeführt.
 

  50676 Verzeichnisse wurden überprüft

 1140539 Dateien wurden geprüft

      3 Viren bzw. unerwünschte Programme wurden gefunden

      0 Dateien wurden als verdächtig eingestuft

      3 Dateien wurden gelöscht

      0 Viren bzw. unerwünschte Programme wurden repariert

      3 Dateien wurden in die Quarantäne verschoben

      0 Dateien wurden umbenannt

      1 Dateien konnten nicht durchsucht werden

 1140535 Dateien ohne Befall

   8043 Archive wurden durchsucht

      1 Warnungen

      3 Hinweise

Ich hoffe er ist jetzt vollständig! Gibt es noch einen anderen logfile?

Danke Ahnungslos61

Zitat:

C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\bases_csd\klavasyswatch.dll

ZoneAlarm ist Unsinn, bitte umgehend deinstallieren und die Windows-Firewall einschalten.
Melde dich wenn das erledigt ist.

Zonealarm über die Systemsteuerung deinstalliert.
WindowsFirewall ist aktiv

Danke + Gruß von Ahnungslos61

Schick! :daumenhoc

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Guten Morgen!
Hier kommt der file von OTL. Die "Extra-Datei" kommt als zweites.
Bin gespannt wie es weitergeht, bin aber zwischendurch unterwegs.
Mein Mann hat gestern abend "malware" drüberlaufen lassen (ohne dass ich es wusste) das
Protokoll kommt nach OTL, als "Drittes".
Danke für die Hilfe!
Ahnungslos61

"Erstes"

Code:

OTL Extras logfile created on: 19.04.2013 08:04:29 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,89 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,71% Memory free

9,07 Gb Paging File | 6,18 Gb Available in Paging File | 68,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 869,80 Gb Total Space | 800,30 Gb Free Space | 92,01% Space Free | Partition Type: NTFS

Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS

 

Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1212CC03-871F-4276-A446-8D26C81BC6FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{16343735-E6BC-4BF6-AB82-B585588DF1A4}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1EC42E47-9194-4F02-B2DA-98DC73E06634}" = rport=138 | protocol=17 | dir=out | app=system | 

"{202B5A30-F5B0-4D6B-B36D-3FCEE6BEBB76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{2A3FB734-6A05-48FC-9774-C32698627DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2A7BA9D9-4977-4665-8DD0-E6014303AA72}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{419BC377-5D0F-4C69-A4AE-33D2E7F42CB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{55E96179-8C41-4C22-BE95-77CA36762D58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{5FBDD534-3EBB-479A-B649-AFE033CD1FAB}" = rport=137 | protocol=17 | dir=out | app=system | 

"{89075959-3BDA-4689-A8CC-FA91AFC7AC58}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{89ED1B9A-6D90-438C-AC44-267956878D10}" = lport=445 | protocol=6 | dir=in | app=system | 

"{8CAD0ED7-7FAE-4BDF-B7F6-B6AD64B20713}" = rport=445 | protocol=6 | dir=out | app=system | 

"{A2C96B23-7BFC-4521-A7A7-0F1EB3CFF8B0}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{ADFF30D8-2932-4850-B1C9-5D1739E1C30A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B18286CA-57CF-4EB2-A4ED-192F702A7833}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B52DB6FB-9BD0-4FCF-97DB-34D933B1464C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B729D9E4-052E-4A53-B391-331DD080613A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{BE34FC85-DF1C-4171-A739-743C1B8E6419}" = lport=138 | protocol=17 | dir=in | app=system | 

"{CD4342CD-16C2-4129-9228-7EFB05504CBC}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D61DE085-B5D0-4C60-AFBD-C62898F4B833}" = lport=137 | protocol=17 | dir=in | app=system | 

"{D8F7672F-14C6-4F17-9058-61D04236F5AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DD411DF8-5638-4E1B-955B-A143E18D1E75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{E5927AC1-9F11-402F-8D8D-15DC242D4743}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{EEB76AC2-8660-454F-9D3D-0D01A02C499A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{EFA69EAC-2C86-4F01-A310-10BB981E712E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07874BCD-A3F4-4375-B1EC-D6DF0C821078}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{0844533D-E375-44ED-B3B9-E115CC8C03A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0B84B913-97C0-427A-A231-DDD71D1BCEBE}" = dir=in | name=ebay | 

"{0BA9DD78-639F-4783-B4B4-441492DCF4E9}" = dir=in | name=music maker jam | 

"{10F51AF5-FA5D-4FC6-92B6-E2DA8AD9AC0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 

"{1562D40E-79DD-4845-9336-0750EBAAB43A}" = dir=out | name=ebay | 

"{194182FE-F8A5-415D-A55B-756DAA7F0BB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F14DCA6-7485-4E51-8803-B1765244A5F5}" = dir=out | name=windows_ie_ac_001 | 

"{1FCD6BF7-18DC-4AD2-B26B-FE9AE490F46F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{202C76FD-D565-4361-8874-876122CCABC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{2353E3BE-6CB6-4838-9EE3-6A680B9C994D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{244648D2-91C9-4495-850C-2CEF4F7D3C34}" = dir=out | name=music maker jam | 

"{266070C5-41E9-4C3A-8805-59D5C870EF06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{26EFED50-1282-46CA-A87F-CF537F4F2FA3}" = dir=out | name=accuweather for windows 8 | 

"{2A2A5324-68D3-4EFB-91A1-8E78BCBCA3DA}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 

"{2AB1687F-F66D-4C24-B498-117CEEA8510E}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe | 

"{2C1C0863-ACB0-4EA4-A3D3-55CC616461E1}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{2C77F7AB-D0DD-4756-85DA-ED78F8945CA5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{31A8C68C-0E2A-44F4-B506-688317F6B7DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3225A2B2-1C0B-45BF-BF37-90B9BF48D56F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 

"{33DCB526-E5EA-4148-A84B-0CD1394E7283}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{38D5E3FD-CE65-4A28-9286-239039BAB6B9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 

"{39F645D0-65A0-4D94-883E-3EB3F8BBE81F}" = dir=out | name=microsoft solitaire collection | 

"{3AB6E771-8EC6-4370-8D50-FBF88AF5FE3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{3AE3C468-CC90-477D-B065-FBF286B65DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{401B25C7-71A3-4EC8-BA0A-A3D230D600DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{41596E60-3955-4F2B-80B7-905921F50243}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 

"{438E2051-5224-4F27-99DB-67EEEDAA1937}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

"{444B5DB3-FC44-45F6-AF9F-4012B025986A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{57F1E900-6AF5-463E-B387-64022B7041EA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 

"{5A89A9C2-5F6C-4F8E-B38E-8F65EB0E1912}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5C889934-4625-4655-AC86-136B03B4966A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{5F633249-5A99-446D-B457-8CC89EA630D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{611158C1-3B4F-4BE9-9AED-6DF977601802}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{624E8D26-5F44-48D5-8C2C-981EA2CCB4E7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{6DEC399E-0853-4577-B536-AAC11CDF8C71}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 

"{6EFEDA2C-2F1C-4E44-8997-0488850DDA90}" = dir=out | name=adera | 

"{7532DC3A-CB57-4D38-A94A-39CF9B8EAF66}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 

"{775D916E-C2F9-442F-B668-BF5556F683BB}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 

"{7B8883AE-AE1E-4B31-9BC3-52B305706A23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7BCD8BF1-F07A-4BE8-B674-F500AD46750A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{7DCFB2DE-B478-4009-8457-AF40D39D6BE7}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{7F1CCCEC-172B-4303-8397-C7247DA0F01D}" = dir=out | name=pinball fx2 | 

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{817625FD-175D-4D37-93D5-A3BE191C32DF}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 

"{86039665-D3ED-4584-896E-E347897E04E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe | 

"{869E3A75-1936-4059-A462-EABFC6E11A18}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 

"{8902D3F5-047D-4B1C-8F61-E816EA5F5665}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 

"{8951D21A-D679-490F-B099-0A850CD0ABA3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{8BF08C86-81C2-48C3-A3C3-F1F63F62469D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 

"{92A82894-784B-41F6-AD19-413D73758B2C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{94A3041B-663C-468A-ACA3-BB68068B32D7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{9C5D82EE-A858-41FE-8DDD-73DC820B03B2}" = dir=out | name=fresh paint | 

"{A66A3477-B187-4F98-9E6B-D092C80131BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{ABC74D6E-9A2C-4E8D-8603-5D98BEEC40D2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 

"{AD5DB2C2-E6CF-4D5E-8F5F-44E618EB7EFD}" = dir=out | name=powerdvd for medion | 

"{AEB1F279-484C-4599-B9E4-6CD4F0643027}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{B06D776F-4DF8-491A-8E61-3690F6922E12}" = dir=out | name=wordament | 

"{B3001210-AE7C-4490-9633-DA96835C2204}" = protocol=58 | dir=in | app=system | 

"{B8392CC2-AA50-4AAC-BA7E-995FD51B4B73}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 

"{BC432C60-4C49-428A-AF60-80DF139C894A}" = dir=in | name=pinball fx2 | 

"{BD6CA211-7EFC-4C72-ADAC-A206B51FC453}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 

"{BD75C830-F41F-4AB9-A5F9-D3E920378663}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 

"{C18A70DD-534A-4C32-95DC-96DCBAAB8361}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 

"{C18D1F24-3C12-467C-BC95-1FF7786E3A43}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{C2172024-DBC6-49E1-9EF5-0B5E9E8CE31E}" = dir=out | name=taptiles | 

"{C37ED2E0-1436-4F48-9A2B-FA9AA34AD809}" = dir=out | name=youcam for medion | 

"{C3878C94-23F1-4313-893C-F46DF1A9EF30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C7354364-37CB-45E6-B0CD-F6BB4A949CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{C7AFA6F8-E1A3-42D7-8555-DB3A3121FB4C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{CB1FD4B3-8FCE-44D8-B5E5-5061B6D93FBD}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 

"{D15A7A66-6132-4FFA-8C1B-67E0C75BFE7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D58EBA08-D403-45A4-9232-520EEB05E672}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe | 

"{DCFE1708-4456-4303-84BB-FCA22567A1DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{DDB726E6-3742-4C85-8470-2D9975BF88B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E04E09B1-AE32-4701-B5AD-4E198460375C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{E7E9A7D0-1B2B-4085-86DA-F45AB299316B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 

"{E9C89A9E-817C-4DA4-836A-D88535331089}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{EA3B6C51-76A4-411F-890D-44B1759F4EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{EB46D28F-DCDE-453F-8B22-9BC9B04291AC}" = dir=out | name=microsoft mahjong | 

"{EC5B1A4C-54B9-4742-A1DF-EACB0DF40398}" = dir=out | name=microsoft minesweeper | 

"{F282DBE2-6276-4005-B447-E4D67D4A7A01}" = protocol=6 | dir=out | app=system | 

"{F61CD37A-5817-4E16-BA26-77A7C4E05815}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 

"{FB653721-54E8-4D60-B757-3C49E0406571}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FF16AB0E-38F9-4978-BAED-827F7DC506E5}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology

"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"CCleaner" = CCleaner

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5

"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker

"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform

"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common

"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common

"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack

"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker

"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10

"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery

"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3

"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack

"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie

"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common

"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack

"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common

"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform

"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials

"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform

"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials

"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials

"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common

"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker

"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack

"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common

"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions

"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker

"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}" = ArcSoft TV 5.0

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker

"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker

"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC2C8B53-E04D-4A84-B791-1741493D25DF}" = PCmover Home

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch

"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack

"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials

"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5

"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common

"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common

"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack

"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery

"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5

"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey

"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár

"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.25

"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker

"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack

"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common

"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package

"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE

"7-Zip" = 

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Ashampoo AppLauncher (Medion)_is1" = Ashampoo AppLauncher (Medion) v.1.0.0

"avast" = avast! Free Antivirus

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"bi_uninstaller" = 7-Zip Uninstaller

"Decor8" = Decor8

"FilesFrog Update Checker" = FilesFrog Update Checker

"Google Chrome" = Google Chrome

"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3

"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"RealPlayer 16.0" = RealPlayer

"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series

"WinLiveSuite" = Windows Live Essentials

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Ignoring response received before we even

 began probing:    4 Astrid.local. Addr 192.168.2.51

 

Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Ignoring response received before we even

 began probing:   16 Astrid.local. AAAA FDF3:9B76:C7CC:0001:B5D0:A530:06C5:2555

 

Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Ignoring response received before we even

 began probing:   16 Astrid.local. AAAA FDF3:9B76:C7CC:0001:39BD:CACC:8BBC:0C1A

 

Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Ignoring response received before we even

 began probing:   16 Astrid.local. AAAA FE80:0000:0000:0000:B5D0:A530:06C5:2555

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.2.53:5353   16 Astrid.local.

 AAAA FE80:0000:0000:0000:3ED0:F8FF:FE4F:B6BE

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Resetting to Probing:   16 Astrid.local. 

AAAA FE80:0000:0000:0000:B5D0:A530:06C5:2555

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.2.53:5353   16 Astrid.local.

 AAAA FE80:0000:0000:0000:3ED0:F8FF:FE4F:B6BE

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Astrid.local.

 Addr 192.168.2.51

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = Local Hostname Astrid.local already in use; will try Astrid-2.local

 instead

 

Error - 08.04.2013 12:26:21 | Computer Name = Astrid | Source = Application Hang | ID = 1002

Description = Programm soffice.bin, Version 3.4.9593.500 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1544    Startzeit:

 01ce3474c30ae222    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\OpenOffice.org

 3\program\soffice.bin    Berichts-ID: e2f5b770-a068-11e2-be9d-84a6c8351802    Vollständiger

 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket

 ist:   

 

[ System Events ]

Error - 02.04.2013 11:13:38 | Computer Name = Astrid | Source = NetBT | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 02.04.2013 15:23:40 | Computer Name = Astrid | Source = bowser | ID = 8003

Description = 

 

Error - 03.04.2013 11:15:28 | Computer Name = Astrid | Source = bowser | ID = 8003

Description = 

 

Error - 03.04.2013 13:46:28 | Computer Name = Astrid | Source = NetBT | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 03.04.2013 14:09:12 | Computer Name = Astrid | Source = NetBT | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 08.04.2013 13:14:27 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 08.04.2013 13:14:37 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 08.04.2013 13:16:54 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 08.04.2013 13:16:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 09.04.2013 01:47:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7031

Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits

 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:

 Neustart des Diensts.

 

 

< End of report >

"Zweites"

Code:

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,89 Gb Total Physical Memory | 5,26 Gb Available Physical Memory | 66,71% Memory free

9,07 Gb Paging File | 6,18 Gb Available in Paging File | 68,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 869,80 Gb Total Space | 800,30 Gb Free Space | 92,01% Space Free | Partition Type: NTFS

Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS

 

Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1212CC03-871F-4276-A446-8D26C81BC6FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{16343735-E6BC-4BF6-AB82-B585588DF1A4}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1EC42E47-9194-4F02-B2DA-98DC73E06634}" = rport=138 | protocol=17 | dir=out | app=system | 

"{202B5A30-F5B0-4D6B-B36D-3FCEE6BEBB76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{2A3FB734-6A05-48FC-9774-C32698627DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2A7BA9D9-4977-4665-8DD0-E6014303AA72}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{419BC377-5D0F-4C69-A4AE-33D2E7F42CB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{55E96179-8C41-4C22-BE95-77CA36762D58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{5FBDD534-3EBB-479A-B649-AFE033CD1FAB}" = rport=137 | protocol=17 | dir=out | app=system | 

"{89075959-3BDA-4689-A8CC-FA91AFC7AC58}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{89ED1B9A-6D90-438C-AC44-267956878D10}" = lport=445 | protocol=6 | dir=in | app=system | 

"{8CAD0ED7-7FAE-4BDF-B7F6-B6AD64B20713}" = rport=445 | protocol=6 | dir=out | app=system | 

"{A2C96B23-7BFC-4521-A7A7-0F1EB3CFF8B0}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{ADFF30D8-2932-4850-B1C9-5D1739E1C30A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B18286CA-57CF-4EB2-A4ED-192F702A7833}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B52DB6FB-9BD0-4FCF-97DB-34D933B1464C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B729D9E4-052E-4A53-B391-331DD080613A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{BE34FC85-DF1C-4171-A739-743C1B8E6419}" = lport=138 | protocol=17 | dir=in | app=system | 

"{CD4342CD-16C2-4129-9228-7EFB05504CBC}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D61DE085-B5D0-4C60-AFBD-C62898F4B833}" = lport=137 | protocol=17 | dir=in | app=system | 

"{D8F7672F-14C6-4F17-9058-61D04236F5AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DD411DF8-5638-4E1B-955B-A143E18D1E75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{E5927AC1-9F11-402F-8D8D-15DC242D4743}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{EEB76AC2-8660-454F-9D3D-0D01A02C499A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{EFA69EAC-2C86-4F01-A310-10BB981E712E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07874BCD-A3F4-4375-B1EC-D6DF0C821078}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{0844533D-E375-44ED-B3B9-E115CC8C03A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0B84B913-97C0-427A-A231-DDD71D1BCEBE}" = dir=in | name=ebay | 

"{0BA9DD78-639F-4783-B4B4-441492DCF4E9}" = dir=in | name=music maker jam | 

"{10F51AF5-FA5D-4FC6-92B6-E2DA8AD9AC0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 

"{1562D40E-79DD-4845-9336-0750EBAAB43A}" = dir=out | name=ebay | 

"{194182FE-F8A5-415D-A55B-756DAA7F0BB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F14DCA6-7485-4E51-8803-B1765244A5F5}" = dir=out | name=windows_ie_ac_001 | 

"{1FCD6BF7-18DC-4AD2-B26B-FE9AE490F46F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{202C76FD-D565-4361-8874-876122CCABC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{2353E3BE-6CB6-4838-9EE3-6A680B9C994D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{244648D2-91C9-4495-850C-2CEF4F7D3C34}" = dir=out | name=music maker jam | 

"{266070C5-41E9-4C3A-8805-59D5C870EF06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{26EFED50-1282-46CA-A87F-CF537F4F2FA3}" = dir=out | name=accuweather for windows 8 | 

"{2A2A5324-68D3-4EFB-91A1-8E78BCBCA3DA}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 

"{2AB1687F-F66D-4C24-B498-117CEEA8510E}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe | 

"{2C1C0863-ACB0-4EA4-A3D3-55CC616461E1}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{2C77F7AB-D0DD-4756-85DA-ED78F8945CA5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{31A8C68C-0E2A-44F4-B506-688317F6B7DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3225A2B2-1C0B-45BF-BF37-90B9BF48D56F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 

"{33DCB526-E5EA-4148-A84B-0CD1394E7283}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{38D5E3FD-CE65-4A28-9286-239039BAB6B9}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 

"{39F645D0-65A0-4D94-883E-3EB3F8BBE81F}" = dir=out | name=microsoft solitaire collection | 

"{3AB6E771-8EC6-4370-8D50-FBF88AF5FE3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{3AE3C468-CC90-477D-B065-FBF286B65DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{401B25C7-71A3-4EC8-BA0A-A3D230D600DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{41596E60-3955-4F2B-80B7-905921F50243}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 

"{438E2051-5224-4F27-99DB-67EEEDAA1937}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

"{444B5DB3-FC44-45F6-AF9F-4012B025986A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{57F1E900-6AF5-463E-B387-64022B7041EA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 

"{5A89A9C2-5F6C-4F8E-B38E-8F65EB0E1912}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5C889934-4625-4655-AC86-136B03B4966A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{5F633249-5A99-446D-B457-8CC89EA630D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{611158C1-3B4F-4BE9-9AED-6DF977601802}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{624E8D26-5F44-48D5-8C2C-981EA2CCB4E7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{6DEC399E-0853-4577-B536-AAC11CDF8C71}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 

"{6EFEDA2C-2F1C-4E44-8997-0488850DDA90}" = dir=out | name=adera | 

"{7532DC3A-CB57-4D38-A94A-39CF9B8EAF66}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 

"{775D916E-C2F9-442F-B668-BF5556F683BB}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 

"{7B8883AE-AE1E-4B31-9BC3-52B305706A23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7BCD8BF1-F07A-4BE8-B674-F500AD46750A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{7DCFB2DE-B478-4009-8457-AF40D39D6BE7}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{7F1CCCEC-172B-4303-8397-C7247DA0F01D}" = dir=out | name=pinball fx2 | 

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{817625FD-175D-4D37-93D5-A3BE191C32DF}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 

"{86039665-D3ED-4584-896E-E347897E04E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe | 

"{869E3A75-1936-4059-A462-EABFC6E11A18}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 

"{8902D3F5-047D-4B1C-8F61-E816EA5F5665}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 

"{8951D21A-D679-490F-B099-0A850CD0ABA3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{8BF08C86-81C2-48C3-A3C3-F1F63F62469D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 

"{92A82894-784B-41F6-AD19-413D73758B2C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{94A3041B-663C-468A-ACA3-BB68068B32D7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{9C5D82EE-A858-41FE-8DDD-73DC820B03B2}" = dir=out | name=fresh paint | 

"{A66A3477-B187-4F98-9E6B-D092C80131BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{ABC74D6E-9A2C-4E8D-8603-5D98BEEC40D2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 

"{AD5DB2C2-E6CF-4D5E-8F5F-44E618EB7EFD}" = dir=out | name=powerdvd for medion | 

"{AEB1F279-484C-4599-B9E4-6CD4F0643027}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{B06D776F-4DF8-491A-8E61-3690F6922E12}" = dir=out | name=wordament | 

"{B3001210-AE7C-4490-9633-DA96835C2204}" = protocol=58 | dir=in | app=system | 

"{B8392CC2-AA50-4AAC-BA7E-995FD51B4B73}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 

"{BC432C60-4C49-428A-AF60-80DF139C894A}" = dir=in | name=pinball fx2 | 

"{BD6CA211-7EFC-4C72-ADAC-A206B51FC453}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 

"{BD75C830-F41F-4AB9-A5F9-D3E920378663}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 

"{C18A70DD-534A-4C32-95DC-96DCBAAB8361}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 

"{C18D1F24-3C12-467C-BC95-1FF7786E3A43}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{C2172024-DBC6-49E1-9EF5-0B5E9E8CE31E}" = dir=out | name=taptiles | 

"{C37ED2E0-1436-4F48-9A2B-FA9AA34AD809}" = dir=out | name=youcam for medion | 

"{C3878C94-23F1-4313-893C-F46DF1A9EF30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C7354364-37CB-45E6-B0CD-F6BB4A949CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{C7AFA6F8-E1A3-42D7-8555-DB3A3121FB4C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{CB1FD4B3-8FCE-44D8-B5E5-5061B6D93FBD}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 

"{D15A7A66-6132-4FFA-8C1B-67E0C75BFE7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D58EBA08-D403-45A4-9232-520EEB05E672}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe | 

"{DCFE1708-4456-4303-84BB-FCA22567A1DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{DDB726E6-3742-4C85-8470-2D9975BF88B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E04E09B1-AE32-4701-B5AD-4E198460375C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{E7E9A7D0-1B2B-4085-86DA-F45AB299316B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 

"{E9C89A9E-817C-4DA4-836A-D88535331089}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{EA3B6C51-76A4-411F-890D-44B1759F4EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{EB46D28F-DCDE-453F-8B22-9BC9B04291AC}" = dir=out | name=microsoft mahjong | 

"{EC5B1A4C-54B9-4742-A1DF-EACB0DF40398}" = dir=out | name=microsoft minesweeper | 

"{F282DBE2-6276-4005-B447-E4D67D4A7A01}" = protocol=6 | dir=out | app=system | 

"{F61CD37A-5817-4E16-BA26-77A7C4E05815}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 

"{FB653721-54E8-4D60-B757-3C49E0406571}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FF16AB0E-38F9-4978-BAED-827F7DC506E5}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology

"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"CCleaner" = CCleaner

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5

"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker

"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform

"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common

"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common

"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack

"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker

"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10

"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery

"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3

"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack

"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie

"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common

"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack

"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common

"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform

"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials

"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform

"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials

"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials

"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common

"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker

"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack

"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common

"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions

"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker

"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}" = ArcSoft TV 5.0

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker

"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker

"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC2C8B53-E04D-4A84-B791-1741493D25DF}" = PCmover Home

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch

"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack

"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials

"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5

"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common

"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common

"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack

"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery

"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5

"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey

"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár

"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.25

"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker

"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack

"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common

"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package

"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE

"7-Zip" = 

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Ashampoo AppLauncher (Medion)_is1" = Ashampoo AppLauncher (Medion) v.1.0.0

"avast" = avast! Free Antivirus

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"bi_uninstaller" = 7-Zip Uninstaller

"Decor8" = Decor8

"FilesFrog Update Checker" = FilesFrog Update Checker

"Google Chrome" = Google Chrome

"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3

"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"RealPlayer 16.0" = RealPlayer

"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series

"WinLiveSuite" = Windows Live Essentials

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Ignoring response received before we even

 began probing:    4 Astrid.local. Addr 192.168.2.51

 

Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Ignoring response received before we even

 began probing:   16 Astrid.local. AAAA FDF3:9B76:C7CC:0001:B5D0:A530:06C5:2555

 

Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Ignoring response received before we even

 began probing:   16 Astrid.local. AAAA FDF3:9B76:C7CC:0001:39BD:CACC:8BBC:0C1A

 

Error - 08.04.2013 12:24:50 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Ignoring response received before we even

 began probing:   16 Astrid.local. AAAA FE80:0000:0000:0000:B5D0:A530:06C5:2555

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.2.53:5353   16 Astrid.local.

 AAAA FE80:0000:0000:0000:3ED0:F8FF:FE4F:B6BE

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Resetting to Probing:   16 Astrid.local. 

AAAA FE80:0000:0000:0000:B5D0:A530:06C5:2555

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.2.53:5353   16 Astrid.local.

 AAAA FE80:0000:0000:0000:3ED0:F8FF:FE4F:B6BE

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Astrid.local.

 Addr 192.168.2.51

 

Error - 08.04.2013 12:24:51 | Computer Name = Astrid | Source = Bonjour Service | ID = 100

Description = Local Hostname Astrid.local already in use; will try Astrid-2.local

 instead

 

Error - 08.04.2013 12:26:21 | Computer Name = Astrid | Source = Application Hang | ID = 1002

Description = Programm soffice.bin, Version 3.4.9593.500 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1544    Startzeit:

 01ce3474c30ae222    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\OpenOffice.org

 3\program\soffice.bin    Berichts-ID: e2f5b770-a068-11e2-be9d-84a6c8351802    Vollständiger

 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket

 ist:   

 

[ System Events ]

Error - 02.04.2013 11:13:38 | Computer Name = Astrid | Source = NetBT | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 02.04.2013 15:23:40 | Computer Name = Astrid | Source = bowser | ID = 8003

Description = 

 

Error - 03.04.2013 11:15:28 | Computer Name = Astrid | Source = bowser | ID = 8003

Description = 

 

Error - 03.04.2013 13:46:28 | Computer Name = Astrid | Source = NetBT | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 03.04.2013 14:09:12 | Computer Name = Astrid | Source = NetBT | ID = 4321

Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit

 IP-Adresse 192.168.2.51  registriert werden. Der Computer mit IP-Adresse 192.168.2.54

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 08.04.2013 13:14:27 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 08.04.2013 13:14:37 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 08.04.2013 13:16:54 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 08.04.2013 13:16:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 09.04.2013 01:47:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7031

Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits

 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:

 Neustart des Diensts.

 

 

< End of report >

"Drittes" malware

Code:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.04.18.07
 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

Astrid-Coach :: ASTRID [Administrator]
 

18.04.2013 19:05:17

mbam-log-2013-04-18 (19-05-17).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 482490

Laufzeit: 52 Minute(n), 22 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Bitte das andere Log von OTL nachreichen, du hast 2x die extras gepostet

Hier kommt der andere file. Hoffe auf rasche PC-Genesung!

Herzliche Grüße + vielen Dank!
Ahnungslos61

Code:

OTL logfile created on: 19.04.2013 08:12:55 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,89 Gb Total Physical Memory | 5,02 Gb Available Physical Memory | 63,64% Memory free

9,07 Gb Paging File | 6,04 Gb Available in Paging File | 66,52% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 869,80 Gb Total Space | 800,28 Gb Free Space | 92,01% Space Free | Partition Type: NTFS

Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS

 

Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Astrid-Coach\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()

PRC - C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe (Stardock Software, Inc)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)

PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)

PRC - C:\Program Files (x86)\PHotkey\PHotkey.exe ()

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\PHotkey\GPMTray.exe ()

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)

PRC - C:\Program Files (x86)\PHotkey\POSD.exe ()

PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink)

PRC - C:\Program Files (x86)\PHotkey\MsgTranAgt.exe ()

PRC - C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()

PRC - C:\Program Files (x86)\PHotkey\HCSynApi.exe (TODO: <Company name>)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)

SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)

SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)

SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)

SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)

SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()

SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)

SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)

SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)

SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)

SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)

SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)

SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)

SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)

SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)

SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)

SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)

SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)

SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)

SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)

SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)

SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)

SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()

SRV - (Decor8) -- C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe (Stardock Software, Inc)

SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.)

SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)

SRV - (WiseBootAssistant) -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe (WiseCleaner.com)

SRV - (GFNEXSrv) -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe ()

SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink)

SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink)

SRV - (ASLDRService) -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\Drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\Drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)

DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)

DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)

DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)

DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)

DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)

DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)

DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)

DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)

DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\Drivers\IT9135BDA.sys (ITE                      )

DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)

DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)

DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)

DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation)

DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation)

DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation)

DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Motorola Solutions, Inc.)

DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Motorola Solutions, Inc.)

DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)

DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation)

DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)

DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)

DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)

DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)

DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)

DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)

DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)

DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)

DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)

DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)

DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)

DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)

DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)

DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)

DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)

DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)

DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)

DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)

DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)

DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)

DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)

DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)

DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)

DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)

DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)

DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)

DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)

DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (PEGAGFN) -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys (PEGATRON)

DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)

 

 
 ========== Standard Registry (All) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\SearchScopes,DefaultScope = {56D1DADF-968A-4B01-A7F0-09EE49E5E603}

IE - HKCU\..\SearchScopes\{04CC1057-5307-4B89-A019-4CE3DDBAB50E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9CE66B73-C973-4686-9537-361285C2CADE&apn_sauid=E05CCC3B-7D55-424B-91EA-EA286D117D30

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{56D1DADF-968A-4B01-A7F0-09EE49E5E603}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116429986201162-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=3c22733a00000000000084a6c83517ff&q={searchTerms}&r=125

IE - HKCU\..\SearchScopes\{5C367D16-3786-445C-A43C-520CD1358762}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68

FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.10

FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3

FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1

FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:9.0

FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.17 17:22:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.06 18:27:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.01.17 17:22:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 11:36:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 11:36:37 | 000,000,000 | ---D | M]

 

[2013.02.23 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Extensions

[2013.04.19 07:24:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Firefox\Profiles\l05874jm.default\extensions

[2013.04.19 07:24:17 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Firefox\Profiles\l05874jm.default\extensions\firefox@ghostery.com

[2013.02.23 17:22:02 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\gmailnoads@mywebber.com.xpi

[2013.02.23 17:22:02 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\lazarus@interclue.com.xpi

[2013.02.26 21:15:13 | 000,091,139 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\printedit@DW-dev.xpi

[2013.02.23 17:22:02 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\text2voice@vik.josh.xpi

[2013.04.18 13:51:01 | 000,530,724 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi

[2013.02.23 17:22:01 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

[2013.03.22 14:22:00 | 000,001,050 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\11-suche.xml

[2013.03.22 14:22:00 | 000,002,418 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\englische-ergebnisse.xml

[2013.03.22 14:22:00 | 000,010,701 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\gmx-suche.xml

[2013.03.22 14:22:00 | 000,002,432 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\lastminute.xml

[2013.03.22 14:22:00 | 000,005,682 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\webde-suche.xml

[2013.04.14 11:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.04.14 11:36:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013.04.14 11:36:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2013.02.16 06:15:47 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://search.conduit.com/?CUI=UN93048529532590317&ctid=CT3241949&SearchSource=48

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Intel\\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: YouTube = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google-Suche = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: avast! WebRep = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: Google Mail = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" File not found

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found

O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93110B3-007B-4A4A-8BAC-33DF59D2732D}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) -  File not found

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.19 08:01:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Astrid-Coach\Desktop\OTL.exe

[2013.04.18 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Roaming\Malwarebytes

[2013.04.18 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.04.18 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.04.18 18:52:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.04.18 18:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.04.18 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Programs

[2013.04.18 16:14:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013.04.14 11:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.04.13 09:57:34 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll

[2013.04.13 09:57:31 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013.04.13 09:57:30 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll

[2013.04.13 09:57:29 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll

[2013.04.13 09:57:27 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll

[2013.04.13 09:57:26 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013.04.13 09:57:26 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll

[2013.04.13 09:57:26 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll

[2013.04.13 09:57:25 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2013.04.13 09:57:25 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll

[2013.04.13 09:57:25 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys

[2013.04.13 09:57:24 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll

[2013.04.13 09:57:24 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll

[2013.04.13 09:57:24 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll

[2013.04.13 09:57:23 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013.04.13 09:57:23 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2013.04.13 09:57:23 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll

[2013.04.13 09:57:23 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll

[2013.04.13 09:57:23 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll

[2013.04.13 09:57:22 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013.04.13 09:57:22 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll

[2013.04.13 09:57:22 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll

[2013.04.13 09:57:21 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll

[2013.04.13 09:57:21 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll

[2013.04.13 09:57:21 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2013.04.13 09:57:21 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2013.04.13 09:57:20 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll

[2013.04.13 09:57:20 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll

[2013.04.13 09:57:20 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll

[2013.04.13 09:57:20 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll

[2013.04.13 09:57:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll

[2013.04.13 09:57:19 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll

[2013.04.13 09:57:19 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013.04.13 09:57:19 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll

[2013.04.13 09:57:19 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll

[2013.04.13 09:57:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll

[2013.04.13 09:57:18 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll

[2013.04.13 09:57:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2013.04.13 09:57:17 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2013.04.13 09:57:17 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS

[2013.04.13 09:57:17 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys

[2013.04.13 09:57:17 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

[2013.04.13 09:57:16 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys

[2013.04.13 09:57:16 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys

[2013.04.13 09:57:16 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys

[2013.04.13 09:57:16 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll

[2013.04.13 09:57:16 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys

[2013.04.13 09:57:16 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys

[2013.04.13 09:57:16 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2013.04.13 09:57:15 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll

[2013.04.13 09:57:15 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe

[2013.04.13 09:57:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl

[2013.04.13 09:57:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl

[2013.04.13 09:57:15 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe

[2013.04.13 09:57:15 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL

[2013.04.13 09:57:14 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll

[2013.04.13 09:57:14 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2013.04.13 09:57:14 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll

[2013.04.13 09:57:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll

[2013.04.13 09:57:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll

[2013.04.13 09:57:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll

[2013.04.13 09:57:14 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll

[2013.04.13 09:57:13 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2013.04.13 09:57:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2013.04.13 09:57:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

[2013.04.13 09:57:12 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll

[2013.04.10 06:54:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.04.10 06:54:30 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2013.04.10 06:54:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.04.10 06:54:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.04.10 06:54:27 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.04.10 06:54:26 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013.04.10 06:54:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013.04.10 06:54:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013.04.10 06:54:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013.04.10 06:54:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013.04.10 06:54:17 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013.04.10 06:54:15 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll

[2013.04.10 06:54:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll

[2013.04.09 07:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2013.04.08 16:11:12 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Roaming\Apple Computer

[2013.04.08 16:11:12 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Apple Computer

[2013.04.08 16:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013.04.08 16:11:06 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2013.04.08 16:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013.04.08 16:09:44 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Apple

[2013.04.08 16:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2013.04.08 16:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2013.04.08 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2013.04.08 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2013.04.08 16:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2013.04.08 16:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2013.04.06 18:27:40 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013.04.06 18:27:40 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013.04.06 18:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013.04.06 18:27:38 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013.04.06 18:27:38 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013.04.06 18:27:22 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013.04.06 18:27:20 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013.04.06 18:27:19 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013.04.06 18:26:57 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013.04.06 18:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013.04.06 18:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013.04.04 13:46:57 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Documents\CyberLink

[2013.03.27 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Bilder Abschlußbuch Holger

[2013.03.26 11:39:42 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys

[2013.03.26 11:39:42 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys

[2013.03.25 11:22:44 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Documents\OneNote-Notizbücher

[2013.03.24 12:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2013.03.24 12:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2013.03.24 12:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013.03.24 12:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2013.03.24 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Microsoft Help

[2013.03.24 12:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2013.03.24 12:12:31 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2013.03.21 21:07:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.19 08:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.04.19 08:02:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.04.19 08:01:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Astrid-Coach\Desktop\OTL.exe

[2013.04.19 07:59:42 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat

[2013.04.19 07:25:29 | 002,789,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.04.19 07:25:29 | 001,284,868 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.04.19 07:25:29 | 000,765,294 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.04.19 07:25:29 | 000,681,968 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.04.19 07:25:29 | 000,005,640 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.04.18 18:52:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.18 17:55:59 | 000,009,755 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\Kläranlage.odt

[2013.04.18 17:54:42 | 000,000,162 | -H-- | M] () -- C:\Users\Astrid-Coach\Documents\~$äranlage.odt

[2013.04.18 17:22:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013.04.18 17:21:59 | 2478,751,743 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.18 16:11:25 | 000,002,312 | ---- | M] () -- C:\Users\Astrid-Coach\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk

[2013.04.18 09:24:43 | 000,002,075 | ---- | M] () -- C:\Users\Astrid-Coach\Desktop\Entfernen des Avira DE-Cleaners.lnk

[2013.04.18 09:24:43 | 000,002,004 | ---- | M] () -- C:\Users\Astrid-Coach\Desktop\Avira DE-Cleaner.lnk

[2013.04.18 08:42:55 | 000,002,674 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130418_084244.reg

[2013.04.13 13:02:55 | 000,406,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.12 09:02:42 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.04.08 19:17:00 | 000,000,276 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url

[2013.04.08 16:11:09 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013.04.06 18:30:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013.04.06 18:27:40 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.04.03 09:42:34 | 000,002,300 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130403_094225.reg

[2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.03.31 00:14:50 | 000,003,864 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130330_231442.reg

[2013.03.25 11:22:14 | 000,004,349 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\Dok1.odt

 
 ========== Files Created - No Company Name ==========

 

[2013.04.18 18:52:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.18 17:54:42 | 000,000,162 | -H-- | C] () -- C:\Users\Astrid-Coach\Documents\~$äranlage.odt

[2013.04.18 17:54:38 | 000,009,755 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\Kläranlage.odt

[2013.04.18 16:11:25 | 000,002,312 | ---- | C] () -- C:\Users\Astrid-Coach\Desktop\ZoneAlarm Security-Installation fortsetzen.lnk

[2013.04.18 09:24:43 | 000,002,075 | ---- | C] () -- C:\Users\Astrid-Coach\Desktop\Entfernen des Avira DE-Cleaners.lnk

[2013.04.18 09:24:43 | 000,002,004 | ---- | C] () -- C:\Users\Astrid-Coach\Desktop\Avira DE-Cleaner.lnk

[2013.04.18 08:42:46 | 000,002,674 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130418_084244.reg

[2013.04.13 13:02:42 | 000,406,336 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.13 09:57:12 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml

[2013.04.08 16:11:09 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013.04.08 16:09:43 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2013.04.06 18:27:40 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013.04.06 18:27:22 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013.04.06 18:27:22 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013.04.06 18:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2013.04.03 09:42:28 | 000,002,300 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130403_094225.reg

[2013.03.31 00:14:47 | 000,003,864 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130330_231442.reg

[2013.03.25 11:22:09 | 000,004,349 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\Dok1.odt

[2013.03.21 10:27:56 | 001,337,898 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\untitled_1.odp

[2013.02.11 11:38:51 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe

[2013.02.02 12:39:52 | 000,007,605 | ---- | C] () -- C:\Users\Astrid-Coach\AppData\Local\Resmon.ResmonCfg

[2013.01.18 09:23:06 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe

[2013.01.17 10:05:21 | 000,016,809 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat

[2012.11.14 10:31:46 | 007,024,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.14 10:19:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2012.11.14 10:03:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

[2012.11.14 10:03:50 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012.11.14 10:03:49 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin

[2012.11.14 08:55:38 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat

[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

 
 ========== ZeroAccess Check ==========

 

[2012.11.14 10:30:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 

< End of report >

Rootkitscan mit GMER

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Würde gerne die files zusenden, aber sie sind zu groß um sie hier zu posten und
ein zip programm kriieg ich nicht installiert :-( bin zu doof dazu!

Was soll ich tun?
Danke + Gruß
Ahnungslos61

Hallo
habe jetzt eine zip-Datei angehängt mit 2 Ergebnisdatein von gmer und malware.

Bin gespannt wie es weitergeht.

Danke und Grüße
Ahnungslos61

Das ist das falsche Log von MBAR, bitte die Anleitungen genauer lesen und umsetzen

Ist das der Richtige?

Danke und schönen Samstag und Sonntag

Gruß Ahnungslos61

Code:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org
 

Database version: v2013.04.20.08
 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

Astrid-Coach :: ASTRID [administrator]
 

20.04.2013 20:41:02

mbar-log-2013-04-20 (20-41-02).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 8654

Time elapsed: 9 minute(s), 30 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hier kommen die Ergebnisse:

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software

Run date: 2013-04-21 10:23:22

-----------------------------

10:23:22.478    OS Version: Windows x64 6.2.9200 

10:23:22.478    Number of processors: 4 586 0x3A09

10:23:22.478    ComputerName: ASTRID  UserName: 

10:23:22.603    Initialze error 1 

10:23:23.276    AVAST engine defs: 13042000

10:24:13.265    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003e

10:24:13.265    Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR10001 Size: 953869MB BusType: 11

10:24:13.281    Disk 0 MBR read successfully

10:24:13.281    Disk 0 MBR scan

10:24:13.281    Disk 0 unknown MBR code

10:24:13.281    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1

10:24:13.281    Disk 0 scanning C:\Windows\system32\drivers

10:24:13.281    Service scanning

10:24:13.984    Modules scanning

10:24:13.984    Disk 0 trace - called modules:

10:24:13.984    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 

10:24:14.000    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008f59060]

10:24:14.000    3 CLASSPNP.SYS[fffff880011a1fea] -> nt!IofCallDriver -> [0xfffffa80076cccb0]

10:24:14.015    5 ACPI.sys[fffff88001001a91] -> nt!IofCallDriver -> \Device\0000003e[0xfffffa80076cc060]

10:24:14.015    AVAST engine scan C:\Windows

10:24:14.031    AVAST engine scan C:\Windows\system32

10:24:14.031    AVAST engine scan C:\Windows\system32\drivers

10:24:14.031    AVAST engine scan C:\Users\Astrid-Coach

10:24:14.031    AVAST engine scan C:\ProgramData

10:24:14.047    Scan finished successfully

10:24:39.301    Disk 0 MBR has been saved successfully to "C:\Users\Astrid-Coach\Desktop\MBR.dat"

10:24:39.301    The log file has been saved successfully to "C:\Users\Astrid-Coach\Desktop\aswMBR.txt"

den tdss killer hänge ich an :-)

Danke und Grüße aus Gonsenheim
Ahnunglos61

... oder ist das die richtige Datei?

Im Anhang!

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Hier kommen die files:

Code:

OTL Extras logfile created on: 22.04.2013 08:31:33 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,89 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 77,25% Memory free

15,89 Gb Paging File | 14,02 Gb Available in Paging File | 88,25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 869,80 Gb Total Space | 798,76 Gb Free Space | 91,83% Space Free | Partition Type: NTFS

Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS

 

Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1435033098-840508067-3058036539-1002\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1212CC03-871F-4276-A446-8D26C81BC6FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{16343735-E6BC-4BF6-AB82-B585588DF1A4}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1EC42E47-9194-4F02-B2DA-98DC73E06634}" = rport=138 | protocol=17 | dir=out | app=system | 

"{202B5A30-F5B0-4D6B-B36D-3FCEE6BEBB76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{2A3FB734-6A05-48FC-9774-C32698627DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2A7BA9D9-4977-4665-8DD0-E6014303AA72}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{419BC377-5D0F-4C69-A4AE-33D2E7F42CB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{55E96179-8C41-4C22-BE95-77CA36762D58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{5FBDD534-3EBB-479A-B649-AFE033CD1FAB}" = rport=137 | protocol=17 | dir=out | app=system | 

"{89075959-3BDA-4689-A8CC-FA91AFC7AC58}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{89ED1B9A-6D90-438C-AC44-267956878D10}" = lport=445 | protocol=6 | dir=in | app=system | 

"{8CAD0ED7-7FAE-4BDF-B7F6-B6AD64B20713}" = rport=445 | protocol=6 | dir=out | app=system | 

"{A2C96B23-7BFC-4521-A7A7-0F1EB3CFF8B0}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{ADFF30D8-2932-4850-B1C9-5D1739E1C30A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B18286CA-57CF-4EB2-A4ED-192F702A7833}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B52DB6FB-9BD0-4FCF-97DB-34D933B1464C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B729D9E4-052E-4A53-B391-331DD080613A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{BE34FC85-DF1C-4171-A739-743C1B8E6419}" = lport=138 | protocol=17 | dir=in | app=system | 

"{CD4342CD-16C2-4129-9228-7EFB05504CBC}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D61DE085-B5D0-4C60-AFBD-C62898F4B833}" = lport=137 | protocol=17 | dir=in | app=system | 

"{D8F7672F-14C6-4F17-9058-61D04236F5AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DD411DF8-5638-4E1B-955B-A143E18D1E75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{E5927AC1-9F11-402F-8D8D-15DC242D4743}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{EEB76AC2-8660-454F-9D3D-0D01A02C499A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{EFA69EAC-2C86-4F01-A310-10BB981E712E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07874BCD-A3F4-4375-B1EC-D6DF0C821078}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{0844533D-E375-44ED-B3B9-E115CC8C03A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0B84B913-97C0-427A-A231-DDD71D1BCEBE}" = dir=in | name=ebay | 

"{0BA9DD78-639F-4783-B4B4-441492DCF4E9}" = dir=in | name=music maker jam | 

"{10F51AF5-FA5D-4FC6-92B6-E2DA8AD9AC0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 

"{1562D40E-79DD-4845-9336-0750EBAAB43A}" = dir=out | name=ebay | 

"{194182FE-F8A5-415D-A55B-756DAA7F0BB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F14DCA6-7485-4E51-8803-B1765244A5F5}" = dir=out | name=windows_ie_ac_001 | 

"{1FCD6BF7-18DC-4AD2-B26B-FE9AE490F46F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{202C76FD-D565-4361-8874-876122CCABC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{2353E3BE-6CB6-4838-9EE3-6A680B9C994D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{244648D2-91C9-4495-850C-2CEF4F7D3C34}" = dir=out | name=music maker jam | 

"{266070C5-41E9-4C3A-8805-59D5C870EF06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{26EFED50-1282-46CA-A87F-CF537F4F2FA3}" = dir=out | name=accuweather for windows 8 | 

"{2A2A5324-68D3-4EFB-91A1-8E78BCBCA3DA}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 

"{2AB1687F-F66D-4C24-B498-117CEEA8510E}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe | 

"{2C1C0863-ACB0-4EA4-A3D3-55CC616461E1}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{2C77F7AB-D0DD-4756-85DA-ED78F8945CA5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{2EE3001D-5A5D-498B-961B-DC46A9B8C7D9}" = protocol=58 | dir=in | app=system | 

"{31A8C68C-0E2A-44F4-B506-688317F6B7DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3225A2B2-1C0B-45BF-BF37-90B9BF48D56F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 

"{33DCB526-E5EA-4148-A84B-0CD1394E7283}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{37A39DC7-1003-4603-B5AD-800C643FFDAA}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 

"{39F645D0-65A0-4D94-883E-3EB3F8BBE81F}" = dir=out | name=microsoft solitaire collection | 

"{3AB6E771-8EC6-4370-8D50-FBF88AF5FE3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{3AE3C468-CC90-477D-B065-FBF286B65DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{401B25C7-71A3-4EC8-BA0A-A3D230D600DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{41596E60-3955-4F2B-80B7-905921F50243}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 

"{438E2051-5224-4F27-99DB-67EEEDAA1937}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

"{444B5DB3-FC44-45F6-AF9F-4012B025986A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{57F1E900-6AF5-463E-B387-64022B7041EA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 

"{5A89A9C2-5F6C-4F8E-B38E-8F65EB0E1912}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5C889934-4625-4655-AC86-136B03B4966A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{5F633249-5A99-446D-B457-8CC89EA630D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{611158C1-3B4F-4BE9-9AED-6DF977601802}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{624E8D26-5F44-48D5-8C2C-981EA2CCB4E7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{6DEC399E-0853-4577-B536-AAC11CDF8C71}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 

"{6EFEDA2C-2F1C-4E44-8997-0488850DDA90}" = dir=out | name=adera | 

"{7532DC3A-CB57-4D38-A94A-39CF9B8EAF66}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 

"{775D916E-C2F9-442F-B668-BF5556F683BB}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 

"{7B8883AE-AE1E-4B31-9BC3-52B305706A23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7BCD8BF1-F07A-4BE8-B674-F500AD46750A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{7DCFB2DE-B478-4009-8457-AF40D39D6BE7}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{7F1CCCEC-172B-4303-8397-C7247DA0F01D}" = dir=out | name=pinball fx2 | 

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{817625FD-175D-4D37-93D5-A3BE191C32DF}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 

"{86039665-D3ED-4584-896E-E347897E04E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe | 

"{869E3A75-1936-4059-A462-EABFC6E11A18}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 

"{8902D3F5-047D-4B1C-8F61-E816EA5F5665}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 

"{8951D21A-D679-490F-B099-0A850CD0ABA3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{8BF08C86-81C2-48C3-A3C3-F1F63F62469D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 

"{92A82894-784B-41F6-AD19-413D73758B2C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{94A3041B-663C-468A-ACA3-BB68068B32D7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{9C5D82EE-A858-41FE-8DDD-73DC820B03B2}" = dir=out | name=fresh paint | 

"{A66A3477-B187-4F98-9E6B-D092C80131BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{ABC74D6E-9A2C-4E8D-8603-5D98BEEC40D2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 

"{AD5DB2C2-E6CF-4D5E-8F5F-44E618EB7EFD}" = dir=out | name=powerdvd for medion | 

"{AEB1F279-484C-4599-B9E4-6CD4F0643027}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{B06D776F-4DF8-491A-8E61-3690F6922E12}" = dir=out | name=wordament | 

"{B8392CC2-AA50-4AAC-BA7E-995FD51B4B73}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 

"{BC432C60-4C49-428A-AF60-80DF139C894A}" = dir=in | name=pinball fx2 | 

"{BD6CA211-7EFC-4C72-ADAC-A206B51FC453}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 

"{BD75C830-F41F-4AB9-A5F9-D3E920378663}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 

"{C18A70DD-534A-4C32-95DC-96DCBAAB8361}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 

"{C18D1F24-3C12-467C-BC95-1FF7786E3A43}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{C2172024-DBC6-49E1-9EF5-0B5E9E8CE31E}" = dir=out | name=taptiles | 

"{C37ED2E0-1436-4F48-9A2B-FA9AA34AD809}" = dir=out | name=youcam for medion | 

"{C3878C94-23F1-4313-893C-F46DF1A9EF30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C7354364-37CB-45E6-B0CD-F6BB4A949CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{C7AFA6F8-E1A3-42D7-8555-DB3A3121FB4C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{CB1FD4B3-8FCE-44D8-B5E5-5061B6D93FBD}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 

"{D15A7A66-6132-4FFA-8C1B-67E0C75BFE7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D58EBA08-D403-45A4-9232-520EEB05E672}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe | 

"{DCFE1708-4456-4303-84BB-FCA22567A1DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{DDB726E6-3742-4C85-8470-2D9975BF88B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E04E09B1-AE32-4701-B5AD-4E198460375C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{E7E9A7D0-1B2B-4085-86DA-F45AB299316B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 

"{E9C89A9E-817C-4DA4-836A-D88535331089}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{EA3B6C51-76A4-411F-890D-44B1759F4EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{EB46D28F-DCDE-453F-8B22-9BC9B04291AC}" = dir=out | name=microsoft mahjong | 

"{EC5B1A4C-54B9-4742-A1DF-EACB0DF40398}" = dir=out | name=microsoft minesweeper | 

"{F282DBE2-6276-4005-B447-E4D67D4A7A01}" = protocol=6 | dir=out | app=system | 

"{F61CD37A-5817-4E16-BA26-77A7C4E05815}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 

"{FB653721-54E8-4D60-B757-3C49E0406571}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FF16AB0E-38F9-4978-BAED-827F7DC506E5}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology

"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"CCleaner" = CCleaner

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5

"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker

"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform

"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common

"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common

"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack

"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker

"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10

"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery

"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3

"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack

"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie

"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common

"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials

"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack

"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common

"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform

"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials

"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform

"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials

"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials

"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common

"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker

"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack

"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common

"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions

"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker

"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack

"{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}" = ArcSoft TV 5.0

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker

"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker

"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC2C8B53-E04D-4A84-B791-1741493D25DF}" = PCmover Home

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch

"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack

"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials

"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5

"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common

"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common

"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack

"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery

"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5

"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey

"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár

"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.31

"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker

"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack

"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common

"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package

"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Ashampoo AppLauncher (Medion)_is1" = Ashampoo AppLauncher (Medion) v.1.0.0

"avast" = avast! Internet Security

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"Decor8" = Decor8

"Google Chrome" = Google Chrome

"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3

"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"lrcspal@xinghao.net" = LyricsPal

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"RealPlayer 16.0" = RealPlayer

"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series

"WinLiveSuite" = Windows Live Essentials

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 22.04.2013 01:35:54 | Computer Name = Astrid | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".

Die

 abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

[ System Events ]

Error - 22.04.2013 01:50:25 | Computer Name = Astrid | Source = Microsoft-Windows-Kernel-General | ID = 6

Description = 

 

Error - 22.04.2013 01:50:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 22.04.2013 01:51:00 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 22.04.2013 01:56:29 | Computer Name = Astrid | Source = Microsoft-Windows-Kernel-General | ID = 6

Description = 

 

Error - 22.04.2013 01:56:58 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 22.04.2013 01:57:14 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

 

< End of report >

Die anderen hänge ich in die folgende Antwort, denn hier gibt es keine Heftklammer.

Hier kommen die files:

Code:

OTL Extras logfile created on: 22.04.2013 08:31:33 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,89 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 77,25% Memory free

15,89 Gb Paging File | 14,02 Gb Available in Paging File | 88,25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 869,80 Gb Total Space | 798,76 Gb Free Space | 91,83% Space Free | Partition Type: NTFS

Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS

 

Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1435033098-840508067-3058036539-1002\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1212CC03-871F-4276-A446-8D26C81BC6FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{16343735-E6BC-4BF6-AB82-B585588DF1A4}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1EC42E47-9194-4F02-B2DA-98DC73E06634}" = rport=138 | protocol=17 | dir=out | app=system | 

"{202B5A30-F5B0-4D6B-B36D-3FCEE6BEBB76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{2A3FB734-6A05-48FC-9774-C32698627DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{2A7BA9D9-4977-4665-8DD0-E6014303AA72}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{419BC377-5D0F-4C69-A4AE-33D2E7F42CB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{55E96179-8C41-4C22-BE95-77CA36762D58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{5FBDD534-3EBB-479A-B649-AFE033CD1FAB}" = rport=137 | protocol=17 | dir=out | app=system | 

"{89075959-3BDA-4689-A8CC-FA91AFC7AC58}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{89ED1B9A-6D90-438C-AC44-267956878D10}" = lport=445 | protocol=6 | dir=in | app=system | 

"{8CAD0ED7-7FAE-4BDF-B7F6-B6AD64B20713}" = rport=445 | protocol=6 | dir=out | app=system | 

"{A2C96B23-7BFC-4521-A7A7-0F1EB3CFF8B0}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{ADFF30D8-2932-4850-B1C9-5D1739E1C30A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B18286CA-57CF-4EB2-A4ED-192F702A7833}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B52DB6FB-9BD0-4FCF-97DB-34D933B1464C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B729D9E4-052E-4A53-B391-331DD080613A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{BE34FC85-DF1C-4171-A739-743C1B8E6419}" = lport=138 | protocol=17 | dir=in | app=system | 

"{CD4342CD-16C2-4129-9228-7EFB05504CBC}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D61DE085-B5D0-4C60-AFBD-C62898F4B833}" = lport=137 | protocol=17 | dir=in | app=system | 

"{D8F7672F-14C6-4F17-9058-61D04236F5AF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DD411DF8-5638-4E1B-955B-A143E18D1E75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{E5927AC1-9F11-402F-8D8D-15DC242D4743}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{EEB76AC2-8660-454F-9D3D-0D01A02C499A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{EFA69EAC-2C86-4F01-A310-10BB981E712E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07874BCD-A3F4-4375-B1EC-D6DF0C821078}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{0844533D-E375-44ED-B3B9-E115CC8C03A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{0B84B913-97C0-427A-A231-DDD71D1BCEBE}" = dir=in | name=ebay | 

"{0BA9DD78-639F-4783-B4B4-441492DCF4E9}" = dir=in | name=music maker jam | 

"{10F51AF5-FA5D-4FC6-92B6-E2DA8AD9AC0A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 

"{1562D40E-79DD-4845-9336-0750EBAAB43A}" = dir=out | name=ebay | 

"{194182FE-F8A5-415D-A55B-756DAA7F0BB5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F14DCA6-7485-4E51-8803-B1765244A5F5}" = dir=out | name=windows_ie_ac_001 | 

"{1FCD6BF7-18DC-4AD2-B26B-FE9AE490F46F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{202C76FD-D565-4361-8874-876122CCABC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{2353E3BE-6CB6-4838-9EE3-6A680B9C994D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{244648D2-91C9-4495-850C-2CEF4F7D3C34}" = dir=out | name=music maker jam | 

"{266070C5-41E9-4C3A-8805-59D5C870EF06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{26EFED50-1282-46CA-A87F-CF537F4F2FA3}" = dir=out | name=accuweather for windows 8 | 

"{2A2A5324-68D3-4EFB-91A1-8E78BCBCA3DA}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 

"{2AB1687F-F66D-4C24-B498-117CEEA8510E}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe | 

"{2C1C0863-ACB0-4EA4-A3D3-55CC616461E1}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{2C77F7AB-D0DD-4756-85DA-ED78F8945CA5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{2EE3001D-5A5D-498B-961B-DC46A9B8C7D9}" = protocol=58 | dir=in | app=system | 

"{31A8C68C-0E2A-44F4-B506-688317F6B7DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{3225A2B2-1C0B-45BF-BF37-90B9BF48D56F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 

"{33DCB526-E5EA-4148-A84B-0CD1394E7283}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 

"{37A39DC7-1003-4603-B5AD-800C643FFDAA}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 

"{39F645D0-65A0-4D94-883E-3EB3F8BBE81F}" = dir=out | name=microsoft solitaire collection | 

"{3AB6E771-8EC6-4370-8D50-FBF88AF5FE3C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{3AE3C468-CC90-477D-B065-FBF286B65DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{401B25C7-71A3-4EC8-BA0A-A3D230D600DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{41596E60-3955-4F2B-80B7-905921F50243}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 

"{438E2051-5224-4F27-99DB-67EEEDAA1937}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

"{444B5DB3-FC44-45F6-AF9F-4012B025986A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{57F1E900-6AF5-463E-B387-64022B7041EA}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 

"{5A89A9C2-5F6C-4F8E-B38E-8F65EB0E1912}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5C889934-4625-4655-AC86-136B03B4966A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{5F633249-5A99-446D-B457-8CC89EA630D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{611158C1-3B4F-4BE9-9AED-6DF977601802}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{624E8D26-5F44-48D5-8C2C-981EA2CCB4E7}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{6DEC399E-0853-4577-B536-AAC11CDF8C71}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 

"{6EFEDA2C-2F1C-4E44-8997-0488850DDA90}" = dir=out | name=adera | 

"{7532DC3A-CB57-4D38-A94A-39CF9B8EAF66}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 

"{775D916E-C2F9-442F-B668-BF5556F683BB}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe | 

"{7B8883AE-AE1E-4B31-9BC3-52B305706A23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7BCD8BF1-F07A-4BE8-B674-F500AD46750A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{7DCFB2DE-B478-4009-8457-AF40D39D6BE7}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 

"{7F1CCCEC-172B-4303-8397-C7247DA0F01D}" = dir=out | name=pinball fx2 | 

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{817625FD-175D-4D37-93D5-A3BE191C32DF}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 

"{86039665-D3ED-4584-896E-E347897E04E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe | 

"{869E3A75-1936-4059-A462-EABFC6E11A18}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | 

"{8902D3F5-047D-4B1C-8F61-E816EA5F5665}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 

"{8951D21A-D679-490F-B099-0A850CD0ABA3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{8BF08C86-81C2-48C3-A3C3-F1F63F62469D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 

"{92A82894-784B-41F6-AD19-413D73758B2C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 

"{94A3041B-663C-468A-ACA3-BB68068B32D7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{9C5D82EE-A858-41FE-8DDD-73DC820B03B2}" = dir=out | name=fresh paint | 

"{A66A3477-B187-4F98-9E6B-D092C80131BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{ABC74D6E-9A2C-4E8D-8603-5D98BEEC40D2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 

"{AD5DB2C2-E6CF-4D5E-8F5F-44E618EB7EFD}" = dir=out | name=powerdvd for medion | 

"{AEB1F279-484C-4599-B9E4-6CD4F0643027}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{B06D776F-4DF8-491A-8E61-3690F6922E12}" = dir=out | name=wordament | 

"{B8392CC2-AA50-4AAC-BA7E-995FD51B4B73}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 

"{BC432C60-4C49-428A-AF60-80DF139C894A}" = dir=in | name=pinball fx2 | 

"{BD6CA211-7EFC-4C72-ADAC-A206B51FC453}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 

"{BD75C830-F41F-4AB9-A5F9-D3E920378663}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 

"{C18A70DD-534A-4C32-95DC-96DCBAAB8361}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 

"{C18D1F24-3C12-467C-BC95-1FF7786E3A43}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{C2172024-DBC6-49E1-9EF5-0B5E9E8CE31E}" = dir=out | name=taptiles | 

"{C37ED2E0-1436-4F48-9A2B-FA9AA34AD809}" = dir=out | name=youcam for medion | 

"{C3878C94-23F1-4313-893C-F46DF1A9EF30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C7354364-37CB-45E6-B0CD-F6BB4A949CC8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{C7AFA6F8-E1A3-42D7-8555-DB3A3121FB4C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{CB1FD4B3-8FCE-44D8-B5E5-5061B6D93FBD}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe | 

"{D15A7A66-6132-4FFA-8C1B-67E0C75BFE7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D58EBA08-D403-45A4-9232-520EEB05E672}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe | 

"{DCFE1708-4456-4303-84BB-FCA22567A1DD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{DDB726E6-3742-4C85-8470-2D9975BF88B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E04E09B1-AE32-4701-B5AD-4E198460375C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 

"{E7E9A7D0-1B2B-4085-86DA-F45AB299316B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 

"{E9C89A9E-817C-4DA4-836A-D88535331089}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{EA3B6C51-76A4-411F-890D-44B1759F4EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 

"{EB46D28F-DCDE-453F-8B22-9BC9B04291AC}" = dir=out | name=microsoft mahjong | 

"{EC5B1A4C-54B9-4742-A1DF-EACB0DF40398}" = dir=out | name=microsoft minesweeper | 

"{F282DBE2-6276-4005-B447-E4D67D4A7A01}" = protocol=6 | dir=out | app=system | 

"{F61CD37A-5817-4E16-BA26-77A7C4E05815}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 

"{FB653721-54E8-4D60-B757-3C49E0406571}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{FF16AB0E-38F9-4978-BAED-827F7DC506E5}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi Software

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6097158B-0184-4140-BEC3-7885794D2571}" = Intel(R) WiDi

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud

"{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology

"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"CCleaner" = CCleaner

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5

"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker

"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform

"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common

"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common

"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack

"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker

"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10

"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery

"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3

"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack

"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie

"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common

"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials

"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack

"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common

"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform

"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials

"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform

"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials

"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials

"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common

"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker

"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack

"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common

"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions

"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker

"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack

"{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}" = ArcSoft TV 5.0

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker

"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker

"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC2C8B53-E04D-4A84-B791-1741493D25DF}" = PCmover Home

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch

"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker

"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader

"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials

"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack

"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials

"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5

"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common

"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common

"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack

"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery

"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5

"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey

"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár

"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.31

"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker

"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack

"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common

"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package

"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Ashampoo AppLauncher (Medion)_is1" = Ashampoo AppLauncher (Medion) v.1.0.0

"avast" = avast! Internet Security

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"Decor8" = Decor8

"Google Chrome" = Google Chrome

"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3

"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"lrcspal@xinghao.net" = LyricsPal

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"RealPlayer 16.0" = RealPlayer

"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series

"WinLiveSuite" = Windows Live Essentials

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 22.04.2013 01:35:54 | Computer Name = Astrid | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".

Die

 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

[ System Events ]

Error - 22.04.2013 01:50:25 | Computer Name = Astrid | Source = Microsoft-Windows-Kernel-General | ID = 6

Description = 

 

Error - 22.04.2013 01:50:55 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 22.04.2013 01:51:00 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 22.04.2013 01:56:29 | Computer Name = Astrid | Source = Microsoft-Windows-Kernel-General | ID = 6

Description = 

 

Error - 22.04.2013 01:56:58 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 22.04.2013 01:57:14 | Computer Name = Astrid | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

 

< End of report >

Die anderen hänge ich in die folgende Antwort, denn hier gibt es keine Heftklammer.

hier sind die anderen beiden als zip dateien.

Gruß und DANKE!

Ahnungslos61

Log vom adwCleaner fehelt, bitte nachreichen, in CODE-Tags posten

..hier kommt adwcleaner:

DANKE + Gruß

Code:

# AdwCleaner v2.201 - Datei am 22/04/2013 um 07:49:10 erstellt

# Aktualisiert am 21/04/2013 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzer : Astrid-Coach - ASTRID

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Astrid-Coach\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

Datei Gelöscht : C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

Datei Gelöscht : C:\Users\Astrid-Coach\AppData\Roaming\Mozilla\Firefox\Profiles\l05874jm.default\searchplugins\11-suche.xml

Datei Gelöscht : C:\Users\Astrid-Coach\Desktop\Check for Updates.lnk

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\BI

Schlüssel Gelöscht : HKCU\Software\DataMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\Delta

Schlüssel Gelöscht : HKCU\Software\delta LTD

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKCU\Software\5855dcdbb33fef10

Schlüssel Gelöscht : HKLM\Software\AVG Secure Search

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\Software\Delta

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5855dcdbb33fef10

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16537
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v20.0.1 (de)
 

Datei : C:\Users\Astrid-Coach\AppData\Roaming\Mozilla\Firefox\Profiles\l05874jm.default\prefs.js
 

[OK] Die Datei ist sauber.
 

-\\ Google Chrome v26.0.1410.64
 

Datei : C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Gelöscht [l.2395] : homepage = "hxxp://www1.delta-search.com/?affID=119816&tt=180413_new&babsrc=HP_ss&mntrId=3C2284A[...]

Gelöscht [l.2732] : urls_to_restore_on_startup ="session": {"restore_on_startup": 4,  [ "hxxp://www1.delta-search.co[...]
 

*************************
 

AdwCleaner[S1].txt - [5305 octets] - [22/04/2013 07:49:10]
 

########## EOF - C:\AdwCleaner[S1].txt - [5365 octets] ##########

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Erst lief malwarebytes, das kam raus.

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.04.22.04
 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

Astrid-Coach :: ASTRID [Administrator]
 

Schutz: Aktiviert
 

22.04.2013 15:13:40

mbam-log-2013-04-22 (15-13-40).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 234420

Laufzeit: 3 Minute(n), 36 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

dann lief Eset und es kam ein Fehler raus, NICHT REMOVED!!!!! Wss jetzt????

Gruß und Gute Nacht!
Ahnungslos61

Code:

C:\Program Files (x86)\XingHaoLyrics\XingHaoUpdater.exe a variant of Win32/Adware.AddLyrics.B application

Aja der logfile von ESET fehlt noch!

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=0dc7dea754147f4c90ee5fb038f5d598

# engine=13671

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-04-22 07:11:21

# local_time=2013-04-22 09:11:21 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode=772 16777213 83 94 47689 143371353 0 0

# compatibility_mode=5893 16776574 100 94 2290390 15385197 0 0

# scanned=247762

# found=1

# cleaned=0

# scan_time=11273

sh=9383ABC24228D36FBBDD41786D3766DE732AAB85 ft=1 fh=98f533f53e657a33 vn="a variant of Win32/Adware.AddLyrics.B application" ac=I fn="C:\Program Files (x86)\XingHaoLyrics\XingHaoUpdater.exe"

Zitat:

C:\Program Files (x86)\XingHaoLyrics\XingHaoUpdater.exe

Das Programm kenn ich nicht, du solltest es kennen

Ich bin bei XIng angemeldet (Social Network).
Ist es das? Ein "Programm" dazu kenne ich nicht. Es ist wie facebook.

Soll ich es mal anstarten? Oder löschen und gucken was passiert?

DANKE und Gruß aus Gonsenheim.
Ahnungslos61

Nee lass mal, das Teil scheint wirklich Adware sein, also Werbemüll

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:Files

C:\Program Files (x86)\XingHaoLyrics

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Hier kommt wieder OTL

Code:

OTL logfile created on: 23.04.2013 12:55:38 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Astrid-Coach\Desktop

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,89 Gb Total Physical Memory | 5,20 Gb Available Physical Memory | 65,99% Memory free

15,89 Gb Paging File | 13,21 Gb Available in Paging File | 83,17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 869,80 Gb Total Space | 797,54 Gb Free Space | 91,69% Space Free | Partition Type: NTFS

Drive D: | 60,00 Gb Total Space | 40,90 Gb Free Space | 68,16% Space Free | Partition Type: NTFS

 

Computer Name: ASTRID | User Name: Astrid-Coach | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.22 08:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Astrid-Coach\Desktop\OTL.exe

PRC - [2013.04.14 11:36:37 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013.03.12 21:06:19 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

PRC - [2013.03.07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013.03.07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2013.02.06 18:57:17 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

PRC - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2012.11.19 19:51:48 | 000,074,416 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe

PRC - [2012.10.11 21:41:20 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.09.30 14:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2012.09.30 14:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2012.09.14 15:17:48 | 000,844,288 | ---- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe

PRC - [2012.09.01 20:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012.08.08 20:10:10 | 007,536,128 | ---- | M] () -- C:\Program Files (x86)\PHotkey\GPMTray.exe

PRC - [2012.07.17 18:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2012.07.17 18:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2012.07.17 18:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

PRC - [2012.03.27 22:48:36 | 003,471,872 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POSD.exe

PRC - [2011.08.24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2011.04.13 17:37:06 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

PRC - [2011.04.13 17:37:04 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

PRC - [2010.01.12 19:36:00 | 000,117,256 | ---- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

PRC - [2009.12.18 17:40:48 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe

PRC - [2009.12.18 17:38:18 | 000,345,608 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.04.14 11:36:37 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013.03.12 21:06:19 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2013.03.07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013.03.07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2012.10.19 13:27:10 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)

SRV:64bit: - [2012.09.24 18:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV:64bit: - [2012.09.24 18:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2012.09.24 18:02:42 | 000,617,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2012.09.24 18:02:16 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2012.09.13 06:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2012.08.15 19:08:14 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)

SRV - [2013.04.14 11:36:37 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013.03.12 21:06:20 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)

SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2012.11.19 19:51:48 | 000,074,416 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe -- (Decor8)

SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012.10.22 19:40:30 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012.10.11 21:41:20 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.09.30 14:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2012.09.30 14:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2012.09.01 20:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012.07.17 18:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012.07.17 18:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012.07.17 18:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2012.07.17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)

SRV - [2011.10.13 16:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)

SRV - [2011.08.24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2011.04.13 17:37:06 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service)

SRV - [2011.04.13 17:37:04 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service)

SRV - [2009.12.18 17:40:48 | 000,104,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013.03.07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013.03.07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013.03.07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013.03.07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013.03.07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013.03.07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013.03.07 00:33:20 | 000,269,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswNdisFlt.sys -- (aswNdisFlt)

DRV:64bit: - [2013.03.07 00:33:20 | 000,127,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswFW.sys -- (aswFW)

DRV:64bit: - [2013.03.07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013.03.07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013.03.07 00:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013.03.02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012.11.14 10:19:48 | 000,165,504 | ---- | M] (ITE                      ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\IT9135BDA.sys -- (IT9135BDA)

DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012.10.22 19:40:12 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012.10.11 21:41:20 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2012.10.10 13:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)

DRV:64bit: - [2012.10.09 20:48:50 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2012.10.09 20:48:50 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2012.10.09 20:48:48 | 000,188,896 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)

DRV:64bit: - [2012.10.09 20:48:48 | 000,047,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)

DRV:64bit: - [2012.10.01 16:41:40 | 001,337,216 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2012.10.01 16:41:38 | 000,132,480 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012.09.13 06:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)

DRV:64bit: - [2012.09.13 06:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2012.09.05 04:54:26 | 000,454,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012.09.01 20:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.08.06 13:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)

DRV:64bit: - [2012.07.31 01:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)

DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012.07.02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012.06.25 12:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)

DRV:64bit: - [2012.06.19 09:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2012.06.13 19:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009.09.11 16:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)

DRV - [2009.09.10 09:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1001\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\..\SearchScopes\{56D1DADF-968A-4B01-A7F0-09EE49E5E603}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN116429986201162-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=3c22733a00000000000084a6c83517ff&q={searchTerms}&r=125

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\..\SearchScopes\{5C367D16-3786-445C-A43C-520CD1358762}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "https://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68

FF - prefs.js..extensions.enabledAddons: text2voice%40vik.josh:1.10

FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3

FF - prefs.js..extensions.enabledAddons: gmailnoads%40mywebber.com:3.9.1

FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:9.0

FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4

FF - prefs.js..extensions.enabledAddons: lrcspal%40xinghao.net:1.110

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.17 17:22:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.06 18:27:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.01.17 17:22:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 11:36:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcspal@xinghao.net: C:\Program Files (x86)\XingHaoLyrics\FF\ [2013.04.19 19:03:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 11:36:37 | 000,000,000 | ---D | M]

 

[2013.02.23 14:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Extensions

[2013.04.22 07:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Firefox\Profiles\l05874jm.default\extensions

[2013.04.19 07:24:17 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\Firefox\Profiles\l05874jm.default\extensions\firefox@ghostery.com

[2013.02.23 17:22:02 | 000,021,861 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\gmailnoads@mywebber.com.xpi

[2013.02.23 17:22:02 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\lazarus@interclue.com.xpi

[2013.02.26 21:15:13 | 000,091,139 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\printedit@DW-dev.xpi

[2013.02.23 17:22:02 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\text2voice@vik.josh.xpi

[2013.04.18 13:51:01 | 000,530,724 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi

[2013.02.23 17:22:01 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

[2013.03.22 14:22:00 | 000,002,418 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\englische-ergebnisse.xml

[2013.03.22 14:22:00 | 000,010,701 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\gmx-suche.xml

[2013.03.22 14:22:00 | 000,002,432 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\lastminute.xml

[2013.03.22 14:22:00 | 000,005,682 | ---- | M] () -- C:\Users\Astrid-Coach\AppData\Roaming\mozilla\firefox\profiles\l05874jm.default\searchplugins\webde-suche.xml

[2013.04.14 11:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.04.19 19:03:37 | 000,000,000 | ---D | M] ("LyricsPal") -- C:\PROGRAM FILES (X86)\XINGHAOLYRICS\FF

[2013.04.14 11:36:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Intel\\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google-Suche = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: avast! WebRep = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: Google Mail = C:\Users\Astrid-Coach\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (LyricsPal) - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - C:\Program Files (x86)\XingHaoLyrics\lrcspal.dll (XingHao Software)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKU\S-1-5-21-1435033098-840508067-3058036539-1001..\Run: [AppLauncher] C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe (Ashampoo)

O4 - HKU\S-1-5-21-1435033098-840508067-3058036539-1001..\Run: [Power2GoExpress8] NA File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-1435033098-840508067-3058036539-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221

O7 - HKU\S-1-5-21-1435033098-840508067-3058036539-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found

O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93110B3-007B-4A4A-8BAC-33DF59D2732D}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.22 18:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013.04.22 18:01:37 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Astrid-Coach\Desktop\esetsmartinstaller_enu.exe

[2013.04.22 15:12:11 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Astrid-Coach\Desktop\mbam-setup-1.75.0.1300(1).exe

[2013.04.22 08:29:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Astrid-Coach\Desktop\OTL.exe

[2013.04.22 07:56:00 | 000,127,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys

[2013.04.22 07:55:50 | 000,269,800 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys

[2013.04.22 07:55:50 | 000,022,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys

[2013.04.22 07:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security

[2013.04.22 07:26:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.04.22 07:26:26 | 000,000,000 | ---D | C] -- C:\JRT

[2013.04.22 07:19:11 | 000,535,747 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Astrid-Coach\Desktop\JRT.exe

[2013.04.21 10:28:57 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Astrid-Coach\Desktop\tdsskiller.exe

[2013.04.21 10:21:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Astrid-Coach\Desktop\aswMBR(1).exe

[2013.04.19 20:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2013.04.19 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2013.04.19 19:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XingHaoLyrics

[2013.04.19 16:51:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013.04.19 16:09:10 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Desktop\Logfiles

[2013.04.18 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Roaming\Malwarebytes

[2013.04.18 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.04.18 18:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.04.18 18:52:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.04.18 18:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.04.18 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Programs

[2013.04.14 11:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.04.13 09:57:34 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll

[2013.04.13 09:57:31 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013.04.13 09:57:30 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll

[2013.04.13 09:57:29 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll

[2013.04.13 09:57:27 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll

[2013.04.13 09:57:26 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013.04.13 09:57:26 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll

[2013.04.13 09:57:26 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll

[2013.04.13 09:57:25 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2013.04.13 09:57:25 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll

[2013.04.13 09:57:25 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys

[2013.04.13 09:57:24 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll

[2013.04.13 09:57:24 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll

[2013.04.13 09:57:24 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll

[2013.04.13 09:57:23 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013.04.13 09:57:23 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2013.04.13 09:57:23 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll

[2013.04.13 09:57:23 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll

[2013.04.13 09:57:23 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll

[2013.04.13 09:57:22 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013.04.13 09:57:22 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll

[2013.04.13 09:57:22 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll

[2013.04.13 09:57:21 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll

[2013.04.13 09:57:21 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll

[2013.04.13 09:57:21 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2013.04.13 09:57:21 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2013.04.13 09:57:20 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll

[2013.04.13 09:57:20 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll

[2013.04.13 09:57:20 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll

[2013.04.13 09:57:20 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll

[2013.04.13 09:57:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll

[2013.04.13 09:57:19 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll

[2013.04.13 09:57:19 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013.04.13 09:57:19 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll

[2013.04.13 09:57:19 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll

[2013.04.13 09:57:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll

[2013.04.13 09:57:18 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll

[2013.04.13 09:57:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2013.04.13 09:57:17 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2013.04.13 09:57:17 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS

[2013.04.13 09:57:17 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys

[2013.04.13 09:57:17 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

[2013.04.13 09:57:16 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys

[2013.04.13 09:57:16 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys

[2013.04.13 09:57:16 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys

[2013.04.13 09:57:16 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll

[2013.04.13 09:57:16 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys

[2013.04.13 09:57:16 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys

[2013.04.13 09:57:16 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2013.04.13 09:57:15 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll

[2013.04.13 09:57:15 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe

[2013.04.13 09:57:15 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl

[2013.04.13 09:57:15 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl

[2013.04.13 09:57:15 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe

[2013.04.13 09:57:15 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL

[2013.04.13 09:57:14 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll

[2013.04.13 09:57:14 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2013.04.13 09:57:14 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll

[2013.04.13 09:57:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll

[2013.04.13 09:57:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll

[2013.04.13 09:57:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll

[2013.04.13 09:57:14 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll

[2013.04.13 09:57:13 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2013.04.13 09:57:13 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2013.04.13 09:57:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

[2013.04.13 09:57:12 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll

[2013.04.10 06:54:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.04.10 06:54:30 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2013.04.10 06:54:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.04.10 06:54:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.04.10 06:54:27 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.04.10 06:54:26 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013.04.10 06:54:24 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013.04.10 06:54:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013.04.10 06:54:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013.04.10 06:54:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013.04.10 06:54:17 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013.04.10 06:54:15 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll

[2013.04.10 06:54:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll

[2013.04.09 07:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2013.04.08 16:11:12 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Roaming\Apple Computer

[2013.04.08 16:11:12 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Apple Computer

[2013.04.08 16:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013.04.08 16:11:06 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2013.04.08 16:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2013.04.08 16:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013.04.08 16:09:44 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\AppData\Local\Apple

[2013.04.08 16:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2013.04.08 16:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2013.04.08 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2013.04.08 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2013.04.08 16:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2013.04.08 16:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2013.04.06 18:27:40 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013.04.06 18:27:40 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013.04.06 18:27:38 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013.04.06 18:27:38 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013.04.06 18:27:22 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013.04.06 18:27:20 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013.04.06 18:27:19 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013.04.06 18:26:57 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013.04.06 18:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013.04.06 18:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013.04.04 13:46:57 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Documents\CyberLink

[2013.03.27 16:17:18 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Bilder Abschlußbuch Holger

[2013.03.26 11:39:42 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys

[2013.03.26 11:39:42 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys

[2013.03.25 11:22:44 | 000,000,000 | ---D | C] -- C:\Users\Astrid-Coach\Documents\OneNote-Notizbücher

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.23 12:18:48 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat

[2013.04.23 11:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.04.23 11:02:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.04.22 18:01:37 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Astrid-Coach\Desktop\esetsmartinstaller_enu.exe

[2013.04.22 15:12:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.22 15:12:15 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Astrid-Coach\Desktop\mbam-setup-1.75.0.1300(1).exe

[2013.04.22 12:26:59 | 002,995,192 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.04.22 12:26:59 | 001,342,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.04.22 12:26:59 | 000,826,862 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.04.22 12:26:59 | 000,737,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.04.22 12:26:59 | 000,005,640 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.04.22 08:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Astrid-Coach\Desktop\OTL.exe

[2013.04.22 07:56:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013.04.22 07:56:34 | 2478,751,743 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.22 07:55:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013.04.22 07:55:07 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2013.04.22 07:48:04 | 000,615,935 | ---- | M] () -- C:\Users\Astrid-Coach\Desktop\adwcleaner.exe

[2013.04.22 07:19:13 | 000,535,747 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Astrid-Coach\Desktop\JRT.exe

[2013.04.21 10:28:57 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Astrid-Coach\Desktop\tdsskiller.exe

[2013.04.21 10:22:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Astrid-Coach\Desktop\aswMBR(1).exe

[2013.04.19 21:10:25 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk

[2013.04.19 16:41:31 | 000,377,856 | ---- | M] () -- C:\Users\Astrid-Coach\Desktop\gmer_2.1.19163.exe

[2013.04.18 17:55:59 | 000,009,755 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\Kläranlage.odt

[2013.04.18 08:42:55 | 000,002,674 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130418_084244.reg

[2013.04.13 13:02:55 | 000,406,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.12 09:02:42 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013.04.08 19:17:00 | 000,000,276 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url

[2013.04.08 16:11:09 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.04.03 09:42:34 | 000,002,300 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130403_094225.reg

[2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.03.31 00:14:50 | 000,003,864 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\cc_20130330_231442.reg

[2013.03.25 11:22:14 | 000,004,349 | ---- | M] () -- C:\Users\Astrid-Coach\Documents\Dok1.odt

 
 ========== Files Created - No Company Name ==========

 

[2013.04.22 07:55:07 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2013.04.22 07:48:03 | 000,615,935 | ---- | C] () -- C:\Users\Astrid-Coach\Desktop\adwcleaner.exe

[2013.04.21 10:34:15 | 000,114,176 | ---- | C] () -- C:\Users\Astrid-Coach\AppData\Roaming\BabMaint.exe

[2013.04.19 16:41:31 | 000,377,856 | ---- | C] () -- C:\Users\Astrid-Coach\Desktop\gmer_2.1.19163.exe

[2013.04.18 18:52:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.18 17:54:38 | 000,009,755 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\Kläranlage.odt

[2013.04.18 08:42:46 | 000,002,674 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130418_084244.reg

[2013.04.13 13:02:42 | 000,406,336 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.13 09:57:12 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml

[2013.04.08 16:11:09 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013.04.08 16:09:43 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2013.04.06 18:27:22 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013.04.06 18:27:22 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013.04.06 18:27:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2013.04.03 09:42:28 | 000,002,300 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130403_094225.reg

[2013.03.31 00:14:47 | 000,003,864 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\cc_20130330_231442.reg

[2013.03.25 11:22:09 | 000,004,349 | ---- | C] () -- C:\Users\Astrid-Coach\Documents\Dok1.odt

[2013.02.11 11:38:51 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe

[2013.02.02 12:39:52 | 000,007,605 | ---- | C] () -- C:\Users\Astrid-Coach\AppData\Local\Resmon.ResmonCfg

[2013.01.18 09:23:06 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe

[2013.01.17 10:05:21 | 000,016,809 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat

[2012.11.14 10:31:46 | 007,024,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.14 10:19:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

[2012.11.14 10:03:57 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

[2012.11.14 10:03:50 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012.11.14 10:03:49 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin

[2012.11.14 08:55:38 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012.07.26 09:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat

[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

 
 ========== ZeroAccess Check ==========

 

[2012.11.14 10:30:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.02.03 12:48:07 | 000,000,000 | ---D | M] -- C:\Users\Astrid-Coach\AppData\Roaming\.minecraft

[2013.01.17 09:40:39 | 000,000,000 | ---D | M] -- C:\Users\Astrid-Coach\AppData\Roaming\CheckPoint

[2013.01.31 21:21:59 | 000,000,000 | ---D | M] -- C:\Users\Astrid-Coach\AppData\Roaming\DynaGeo

[2013.01.17 10:52:12 | 000,000,000 | ---D | M] -- C:\Users\Astrid-Coach\AppData\Roaming\Lenovo

[2013.01.17 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Astrid-Coach\AppData\Roaming\OpenOffice.org

[2013.01.25 23:05:10 | 000,000,000 | ---D | M] -- C:\Users\Astrid-Coach\AppData\Roaming\TuneUp Software

[2013.04.22 08:04:18 | 000,000,000 | ---D | M] -- C:\Users\Astrid-Coach\AppData\Roaming\Wise Care 365

[2013.02.01 09:37:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2013.02.01 09:37:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

 
 ========== Purity Check ==========

 

 
 

< End of report >

Hier kommt die spezielle OTI Datei!
Danke nach Mainz
Ahnungslos61

Code:

All processes killed

========== FILES ==========

C:\Program Files (x86)\XingHaoLyrics\FF\chrome\content folder moved successfully.

C:\Program Files (x86)\XingHaoLyrics\FF\chrome folder moved successfully.

C:\Program Files (x86)\XingHaoLyrics\FF folder moved successfully.

C:\Program Files (x86)\XingHaoLyrics folder moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Astrid-Coach\Desktop\cmd.bat deleted successfully.

C:\Users\Astrid-Coach\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Astrid-Coach

->Temp folder emptied: 981636 bytes

->Temporary Internet Files folder emptied: 272408 bytes

->Java cache emptied: 13129449 bytes

->FireFox cache emptied: 246447633 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 776 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 824 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 94680 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 917048 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 250,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 04232013_194630
 

Files\Folders moved on Reboot...

C:\Users\Astrid-Coach\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Ok. Mach bitte mal mit aktualisiertem Malwarebytes einen Vollscan.

Guten Morgen,

Hier kommt der Vollscan von Malwarebytes.
Noch ne Frage: Ich habe noch 2 Rechner (meiner Söhne 12 und 14) die sind bestimmt auch
infiziert. Ist da jeder Rechner ein eigener Threat oder soll ich hier weitermachen??
Gruß und Dickes Danke von
Ahnungslos61

Code:

Malwarebytes Anti-Malware (Test) 1.75.0.1300

www.malwarebytes.org
 

Datenbank Version: v2013.04.24.01
 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

Astrid-Coach :: ASTRID [Administrator]
 

Schutz: Aktiviert
 

24.04.2013 07:19:37

mbam-log-2013-04-24 (07-19-37).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 471704

Laufzeit: 56 Minute(n), 21 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Ich habe noch 2 Rechner von meinen Jungs die muss ich auch überprüfen.
Soll ich ein neues Thema eröffnen oder hier weitermachen??
100000000 mal Danke!!!!
Ahnungslos61

Ja bitte, für jeden Rechnern einen eigenen Strang machen, sonst weiß keiner welches Log und welcher Fix sich auf welchen Rechner bezieht! Das führt zwangsläufig zu Problemen und Misserfolg!

Dann wären wir durch! :daumenhoc

Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.